7 matches found
SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day
SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and password reuse. "We now have high confidence that the recent SSL VPN activity is not connected to a zero-day vulnerability," the compan...
Akira ransomware continues to evolve
Akira continues to cement its position as one of the most prevalent ransomware operations in the threat landscape, according to Cisco Talos' findings and analysis. Their success is partly due to the fact that they are constantly evolving. For example, after Akira already developed a new version o...
CVE-2024-40766: Critical Improper Access Control Vulnerability Affecting SonicWall Devices
On August 22, 2024, security firm SonicWall published an advisory on CVE-2024-40766, a critical improper access control vulnerability affecting SonicOS, the operating system that runs on the company’s physical and virtual firewalls. While CVE-2024-40766 was not known to be exploited in the wild a...
SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access
SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 CVSS score: 9.3, has been described as an improper access contr...
CVE-2024-40766
CVE-2024-40766 affects SonicWall SonicOS on Gen5/Gen6 and Gen7 (SonicOS ≤ 7.0.1-5035) with improper access control in management access and SSLVPN, enabling unauthorized resource access and, in some cases, a firewall crash. Public sources confirm exploitation activity in the wild (CISA KEV catalo...
CVE-2024-40766
creationtimestamp| type| source ---|---|--- 2024-08-23 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1358 2024-08-23 09:36:13+00:00| seen| https://t.me/cvedetector/3978 2024-08-24 09:50:28+00:00| seen| https://t.me/HackingInsights/11135 2024-08-26 17:55:36+00:00| seen|...
SonicOS Improper Access Control Vulnerability
An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Gen 5 and Gen 6 devices, as well as Gen 7...