Ransomware affiliates are actively exploiting a critical vulnerability in SonicWall SonicOS firewall devices, tracked as CVE-2024-40766, to breach corporate networks. This access control vulnerability affects firewalls across Gen 5, Gen 6, and Gen 7 models. While SonicWall patched the vulnerability on August 22, initially stating it only impacted the management access interface, the company revealed on Friday that the flaw also affects the SSLVPN feature and is now being exploited in attacks. Security researchers at Arctic Wolf traced the attacks to affiliates of the Akira ransomware group, who exploited the vulnerability to obtain initaial access to their victims' networks. According to Arctic Wolf, the compromised accounts were local to the SonicWall devices and did not use centralized authentication systems like Microsoft Active Directory. Additionally, MFA was disabled on all compromised accounts. Rapid7 has also detected ransomware groups targeting SonicWall SSLVPN accounts but noted that the connection to CVE-2024-40766 is still circumstantial. Both Arctic Wolf and Rapid7 have urged administrators to apply the latest SonicOS firmware updates immediately. In response, the Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities catalog, mandating that federal agencies secure vulnerable firewalls by September 30. SonicWall recommends restricting management and SSLVPN access to trusted sources, disabling internet access when possible, and enabling MFA for all SSLVPN users. With over 500,000 business customers worldwide, SonicWall urges users to patch affected devices promptly.
Avnet, a major electronic components distributor, has confirmed a data breach involving an external cloud database supporting an internal sales tool used in the EMEA (Europe, Middl...
The developers of SillyTavern, a widely used locally hosted interface for large language models (LLMs) and other AI tools, have issued a warning regarding a serious vulnerability i...
CISA has issued an alert regarding the active exploitation of a critical privilege escalation vulnerability in Microsoft Windows, tracked as CVE-2021-43226. The flaw exists in the ...