[SANS ISC] Sonicwall SRA 4600 Targeted By an Old Vulnerability, (Fri, Jun 11th)

Devices and applications used to provide remote access are juicy targets. I’ve already been involved in many ransomware cases and most of the time, the open door was an unpatched VPN device/remote access solution or weak credentials. A good example, the recent attack against the Colonial Pipeline that started with a legacy VPN profile[1].

A group of attackers is targeting Sonicwall devices through the vulnerability described in %%cve:2019-7481%%. Yes, a vulnerability from 2019! It affects Sonicwall SRA (“Secure Remote Access”) 4600 devices running firmware versions 8.x and 9.x. Crowdstrike published a nice blog post about this vulnerability[2].

If you run a Sonicwall device affected by this vulnerability, please review your current firmware and patch!

[1] https://www.hsgac.senate.gov/imo/media/doc/Testimony-Blount-2021-06-08.pdf
[2] https://www.crowdstrike.com/blog/how-ecrime-groups-leverage-sonicwall-vulnerability-cve-2019-7481/

Xavier Mertens (@xme)
Senior ISC Handler – Freelance Cyber Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[HackerNews] Beware! New Android Malware Hacks Thousands of Facebook Accounts

All posts, HackerNews

A new Android trojan has been found to compromise Facebook accounts of over 10,000 users in at least 144 countries since March 2021 via fraudulent apps distributed through Google Play Store and other third-party app marketplaces. Dubbed “FlyTrap,” the previously undocumented malware is believed to be part of a family of trojans that employ social […]

Read More

[BleepingComputer] McDonald’s discloses data breach after theft of customer, employee info

McDonald’s, the largest fast-food chain globally, has disclosed a data breach after hackers breached its systems and stole information belonging to customers and employees from the US, South Korea, and Taiwan. […] Source: Read More (BleepingComputer)

Read More

[ThreatPost] Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk

All posts, ThreatPost

Dubbed OMIGOD, a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux demonstrate hidden security threats, researchers said. Source: Read More (Threatpost)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.