Devices and applications used to provide remote access are juicy targets. I've already been involved in many ransomware cases and most of the time, the open door was an unpatched VPN device/remote access solution or weak credentials. A good example, the recent attack against the Colonial Pipeline that started with a legacy VPN profile[1]. A group of attackers is targeting Sonicwall devices through the vulnerability described in CVE-2019-7481. Yes, a vulnerability from 2019! It affects Sonicwall SRA ("Secure Remote Access") 4600 devices running firmware versions 8.x and 9.x. Crowdstrike published a nice blog post about this vulnerability[2]. If you run a Sonicwall device affected by this vulnerability, please review your current firmware and patch! [1] https://www.hsgac.senate.gov/imo/media/doc/Testimony-Blount-2021-06-08.pdf Xavier Mertens (@xme) |
Xme 697 Posts ISC Handler Jun 11th 2021 |
Thread locked Subscribe |
Jun 11th 2021 1 year ago |
Sign Up for Free or Log In to start participating in the conversation!