Security News

A financially motivated threat actor exploited a zero-day bug in SonicWall SMA 100 Series VPN appliances to deploy new ransomware known as FiveHands on the networks of North American and European targets. The group, tracked by Mandiant threat analysts as UNC2447, exploited the CVE-2021-20016 SonicWall vulnerability to breach networks and deploy FiveHands ransomware payloads before patches were released in late February 2021.

Attackers that seem to have "Intimate knowledge" of the SonicWall Email Security product have been discovered leveraging three zero-day vulnerabilities in the popular enterprise solution. Exploited in conjunction, the flaws allowed the attacker to obtain administrative access and code execution on a SonicWall ES device, then install a backdoor, access files and emails, and move laterally into the victim organization's network.

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security product that are being actively exploited in the wild. "The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files, and emails, and move laterally into the victim organization's network."

SonicWall's Email Security product is affected by three vulnerabilities that have been exploited in attacks. FireEye, whose incident response unit Mandiant spotted the vulnerabilities and their active exploitation in March, warned on Tuesday that a threat actor had been observed exploiting the SonicWall Email Security flaws to install backdoors, access emails and files, and move laterally in the victim's network.

Security hardware manufacturer SonicWall is urging customers to patch a set of three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. "In at least one known case, these vulnerabilities have been observed to be exploited 'in the wild,'" SonicWall said in a security advisory published earlier today.

SonicWall announced the expansion of its threat protection offerings with the NSa 3700, a multi-gigabit security appliance designed to thwart attacks targeting government agencies, retail, K-12, higher education and enterprises. Powered by SonicOS 7.0, the new SonicWall NSa 3700 firewall delivers a modern UX/UI, advanced security controls, plus critical networking and management capabilities to increase visibility and help defend against today's increasingly targeted attacks.

A new Mirai variant is targeting known flaws in D-Link, Netgear and SonicWall devices, as well as newly-discovered flaws in unknown IoT devices. A new variant of the Mirai botnet has been discovered targeting a slew of vulnerabilities in unpatched D-Link, Netgear and SonicWall devices - as well as never-before-seen flaws in unknown internet-of-things gadgets.

SonicWall has released a second firmware update for an SMA-100 zero-day vulnerability known to be used in attacks and is warning to install it immediately. Yesterday, SonicWall announced new firmware updates for SMA-100 series devices that provide additional safeguards discovered since their last update.

The more complex a system and the more predictable the response in general the more fragile it is to unintended input or exceptions at it's outputs. The undeniable issue is humans realy "Learn by doing" or more politely "Experience".

SonicWall on Wednesday announced that it released firmware updates for its Secure Mobile Access 100 series appliances to patch an actively exploited zero-day vulnerability. Which specializes in firewalls and other cybersecurity solutions, previously told SecurityWeek that a few thousand devices are exposed to attacks due to the vulnerability.