SonicWall Patches 6 Vulnerabilities in Secure Access Gateway

December 6, 2024 at 07:30AM SonicWall released urgent patches for multiple high-severity vulnerabilities in the SMA100 SSL-VPN gateway, including buffer overflow flaws (CVE-2024-45318, CVE-2024-53703) allowing remote code execution, a path traversal issue (CVE-2024-38475), and an authentication bypass (CVE-2024-45319). Users must update to firmware version 10.2.1.14-75sv. ### Meeting Takeaways: SonicWall Security Vulnerabilities Update 1. **Vulnerability Announcement**: … Read more

Hackers exploit critical bug in Array Networks SSL VPN products

November 26, 2024 at 08:27AM America’s Cyber Defense Agency has identified hackers exploiting a remote code execution vulnerability in SSL VPN products from Array Networks AG and vxAG ArrayOS. **Meeting Takeaways:** 1. **Subject Matter:** America’s Cyber Defense Agency (ACDA) is addressing a significant security threat. 2. **Vulnerability Identified:** There is a remote code execution vulnerability … Read more

Chinese Hackers Exploiting Critical Vulnerability in Array Networks Gateways

November 26, 2024 at 07:22AM CISA has warned about a critical vulnerability (CVE-2023-28461) in Array Networks’ secure access gateways that allows remote code execution without authentication. Exploited by the group Earth Kasha, patching is crucial; federal agencies must address it by December 16. Organizations should review CISA’s KEV list and apply fixes promptly. ### Meeting … Read more

Critical SonicWall SSLVPN bug exploited in ransomware attacks

September 9, 2024 at 05:52PM Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims’ networks, impacting Gen 5, Gen 6, and Gen 7 firewalls. The vulnerability initially affected the firewalls’ management access interface, but was later found to also impact the SSLVPN feature and exploited in attacks. Mitigation measures … Read more

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

September 6, 2024 at 01:27PM SonicWall disclosed an actively exploited security flaw in SonicOS, urging immediate patching. The vulnerability (CVE-2024-40766) affects management access and SSLVPN, with potential unauthorized access and firewall crashes. Temporary solutions include restricting firewall management and implementing multi-factor authentication. The flaw’s exploitation in the wild has led to urgent patch recommendations for … Read more

Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild

September 6, 2024 at 09:18AM SonicWall warns customers of a potential exploit in a recently patched SonicOS vulnerability (CVE-2024-40766). The vulnerability impacts Gen 5, Gen 6, and Gen 7 firewalls, allowing unauthorized access and possible crashes. They advise immediate patching and password updates to mitigate risks. There are no reports of exploitation yet. Based on … Read more

New Ransomware Group Exploiting Veeam Backup Software Vulnerability

July 10, 2024 at 10:33AM Veeam Backup & Replication software contains a patched security flaw being exploited by the ransomware group EstateRansomware. The threat actors used a dormant account to gain initial access, pivoting laterally through the SSL VPN service. They deployed a persistent backdoor to evade detection and carried out attacks, including disabling Windows … Read more

Norway recommends replacing SSL VPN to prevent breaches

May 16, 2024 at 03:08PM The Norwegian NCSC advises replacing SSLVPN/WebVPN with more secure options due to repeated vulnerabilities exploitation in network devices. The transition deadline is 2025, with critical infrastructure entities expected to switch by the end of 2024. The recommended alternative is IPsec with IKEv2, aiming to decrease the attack surface for secure … Read more

Critical Fortinet flaw may impact 150,000 exposed devices

March 8, 2024 at 03:42PM Around 150,000 Fortinet FortiOS and FortiProxy systems worldwide are vulnerable to CVE-2024-21762, enabling code execution without authentication. The Cyber Defense Agency confirmed active exploitation of the flaw, with the majority of vulnerable devices in the United States. Fortunately, a simple Python script is available to check for vulnerability. It looks … Read more

CISA Urges Patching of Cisco ASA Flaw Exploited in Ransomware Attacks

February 16, 2024 at 06:57AM The US security agency CISA has added CVE-2020-3259, a vulnerability affecting Cisco ASA and FTD products, to its Known Exploited Vulnerabilities catalog. It allows remote attackers to access sensitive information. CISA urges organizations to address it promptly after evidence suggesting exploitation by the Akira ransomware group emerged. Cisco is advised … Read more