Security News > 2021 > January > SonicWall Breach Stems from ‘Probable’ Zero-Days

UPDATE. SonicWall said a zero-day in its SMA 100 series 10.x code was targeted by "Highly-sophisticated" attackers.

"On Sunday, January 31, 2021, the NCC Group alerted the SonicWall Product Security Incident Response Team about a potential zero-day vulnerability in the SMA 100 series. Our engineering team confirmed their submission as a critical zero-day in the SMA 100 series 10.x code," said SonicWall in an updated statement.

"Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products," according to SonicWall, which first alerted the public of the attack on Friday evening.

Initially, in its Friday disclosure SonicWall had identified the NetExtender 10.X VPN client as potentially being targeted by attackers - however, the company said that has now been ruled out.

" may be used with all SonicWall products," according to the company.

In October 2020, SonicWall disclosed a critical security bug in its SonicWall VPN portal that can be used to crash the device and prevent users from connecting to corporate resources.

News URL

https://threatpost.com/sonicwall-breach-zero-days-in-remote-access/163290/