SonicWall
SonicWall releases SMA100 firmware update to wipe rootkit malware
SonicWall has released a firmware update that can help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices. “SonicWall SMA 100 10.2.2.2-92sv build has been released with additional file checking, providing the capability to remove known rootkit malware present on the SMA devices,” the company said in a Monday advisory. “SonicWall strongly recommends […]
SonicWall warns customers to reset credentials after breach
SonicWall warned customers today to reset credentials after their firewall configuration backup files were exposed in a security breach that impacted MySonicWall accounts. After detecting the incident, SonicWall has cut off the attackers’ access to its systems and has been collaborating with cybersecurity and law enforcement agencies to investigate the attack’s impact. “As part of […]
Akira ransomware exploiting critical SonicWall SSLVPN bug again
The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to gain unauthorized access to SonicWall devices. The hackers are leverging the security issue to gain access to target networks via unpatched SonicWall SSL VPN endpoints. SonicWall released a patch for CVE-2024-40766 last year in August, marking it as actively exploited. The flaw allows unauthorized resource […]
SonicWall finds no SSLVPN zero-day, links ransomware attacks to 2024 flaw
SonicWall says that recent Akira ransomware attacks exploiting Gen 7 firewalls with SSLVPN enabled are exploiting an older vulnerability rather than a zero-day flaw. The company says that the attackers are targeting CVE-2024-40766, an unauthorized access flaw fixed in August 2024. “We now have high confidence that the recent SSLVPN activity is not connected to […]
Akira ransomware abuses CPU tuning tool to disable Microsoft Defender
Akira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target machines. The abused driver is ‘rwdrv.sys’ (used by ThrottleStop), which the threat actors register as a service to gain kernel-level access. This driver is likely used to load a second driver, […]
SonicWall urges admins to disable SSLVPN amid rising attacks
SonicWall has warned customers to disable SSLVPN services due to ransomware gangs potentially exploiting an unknown security vulnerability in SonicWall Gen 7 firewalls to breach networks over the past few weeks. The warning comes after Arctic Wolf Labs reported on Friday that it had observed multiple Akira ransomware attacks, likely using a SonicWall zero-day vulnerability, since July 15th. “The […]
SonicWall firewall devices hit in surge of Akira ransomware attacks
SonicWall firewall devices have been increasingly targeted since late July in a surge of Akira ransomware attacks, potentially exploiting a previously unknown security vulnerability, according to cybersecurity company Arctic Wolf. Akira emerged in March 2023 and quickly claimed many victims worldwide across various industries. Over the last two years, Akira has added over 300 organizations to its […]
SonicWall urges admins to patch critical RCE flaw in SMA 100 devices
SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution. The security flaw (tracked as CVE-2025-40599) is caused by an unrestricted file upload weakness in the devices’ web management interfaces, which can allow remote threat actors with administrative privileges to […]
SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware
A threat actor has been deploying a previously unseen malware called OVERSTEP that modifies the boot process of fully-patched but no longer supported SonicWall Secure Mobile Access appliances. The backdoor is a user-mode rootkit that allows hackers to hide malicious components, maintain persistent access on the device, and steal sensitive credentials. Researchers at Google Threat […]
SonicWall warns of trojanized NetExtender stealing VPN logins
SonicWall is warning customers that threat actors are distributing a trojanized version of its NetExtender SSL VPN client used to steal VPN credentials. The fake software, which was discovered by SonicWall’s and Microsoft Threat Intelligence (MSTIC) researchers, mimics the legitimate NetExtender v10.3.2.27, the latest available version. The malicious installer file is hosted on a spoofed website […]