Search Results: SonicWall

SonicWall has confirmed that every customer using its cloud backup service had firewall configuration files stolen in a September breach. The exposed .EXP files contain encrypted credentials that could significantly ease firewall exploitation by threat actors. Administrators must immediately follow critical credential reset procedures to secure their networks.

SonicWall has warned customers to immediately reset credentials after attackers accessed firewall configuration backups containing critical network secrets. The exposed data could enable threat actors to easily compromise entire networks, escalating risks for organizations worldwide. This breach follows confirmed exploitation of a critical SonicWall vulnerability by ransomware gangs.

SonicWall's investigation reveals recent Akira ransomware attacks exploit an older SSLVPN vulnerability (CVE-2024-40766) rather than a new zero-day. The breach vector stems from customers failing to reset local passwords during Gen 6 to Gen 7 firewall migrations. Despite the vendor's assurances, administrators report contradictory evidence, fueling industry skepticism.

SonicWall has issued an emergency advisory urging organizations to disable SSLVPN services on Gen 7 firewalls amid suspected zero-day exploitation by ransomware gangs. Multiple cybersecurity firms have observed attackers bypassing MFA and compromising networks within hours, prompting urgent mitigations while investigations continue.

SonicWall firewall devices are facing an escalating wave of Akira ransomware attacks, potentially leveraging an unpatched vulnerability in SSL VPN services. With threat actors rapidly encrypting networks after initial access and over $42 million in confirmed ransom payments, Arctic Wolf warns administrators to disable vulnerable services immediately.

SonicWall warns of a severe arbitrary file upload vulnerability (CVE-2025-40599) in SMA 100 series appliances, enabling authenticated attackers to execute remote code. With threat actors like UNC6148 actively targeting these devices to deploy rootkit malware and ransomware, administrators must patch immediately and scrutinize systems for signs of compromise.