Tuesday, December 3, 2024
HomeCyber AttackSonicwall Hacked with Highly Sophisticated Hackers By Exploiting Zero-Day Vulnerabilities

Sonicwall Hacked with Highly Sophisticated Hackers By Exploiting Zero-Day Vulnerabilities

Published on

SIEM as a Service

Recently, the cybersecurity researchers reported that SonicWall, the popular internet security provider of firewall and VPN products, on late Friday has become victim to a coordinated attack on its internal systems.

The San Jose-based company affirmed that “highly complex threat actors” attacked its internal systems by exploiting likely zero-day vulnerabilities on specific SonicWall protected remote access products.

However, the threat actors have attacked the secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access (SMA). All these products are used to accommodate users with remote access to their internal resources. 

- Advertisement - SIEM as a Service

Affected products

The experts have mentioned all the affected products and we have mentioned them below:-

NetExtender VPN client version 10.x (released in 2020) utilized to connect to SMA 100 series devices and SonicWall firewalls.

Secure Mobile Access (SMA) version 10.x operating on SMA 200, SMA 210, SMA 400, SMA 410 physical devices, and the SMA 500v virtual device

Recommendations for SMA 100 series

The NetExtender VPN client and SMB-oriented SMA 100 series are utilized for accommodating employees/users with remote access to internal resources. That’s why, the SMA 1000 series is not sensitive to this vulnerability and employs clients that are different from NetExtender.

  • Utilize a firewall only to allow SSL-VPN connections to the SMA appliance from known/whitelisted IPs.
  • Configure the whitelist access on the SMA directly itself.

Recommendations for firewalls with SSL-VPN access via NetExtender VPN client version 10.x

  • Disable NetExtender access to the firewall or restrict access to users and admins via an allow-list/whitelist for their public IPs.

Moreover, the SonicWall has announced an Urgent Security Notice for NetExtender VPN Client 10.X, SMA 100 Series vulnerability that involves a series of customer instructions.

Along with several cybersecurity vendors like FireEye, Microsoft, Crowdstrike, and Malwarebytes converting the targets of cyberattacks in the track of SolarWinds supply chain hack, the most advanced breach of SonicWall grows significant interests.

Not only this, but SonicWall also supports multi-factor authentication on all SONICWALL SMA, Firewall & MYSONICWALL accounts.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

Salesforce Applications Vulnerability Could Allow Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications that could potentially allow a...

TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands

A significant vulnerability has been identified in TP-Link's HomeShield function, affecting a range of...

ElizaRAT Exploits Google, Telegram, & Slack Services For C2 Communications

APT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

UK Healthcare Provider Hit by Cyberattack, Services Affected

Wirral University Teaching Hospital in the UK has been hit by a targeted cyberattack,...

SMOKEDHAM Backdoor Mimic As Legitimate Tools Leveraging Google Drive & Dropbox

UNC2465, a financially motivated threat actor, leverages the SMOKEDHAM backdoor to gain initial access...

APT-C-60 Attacking HR Department With Weaponized Resumes

APT-C-60 launched a phishing attack in August 2024, targeting domestic organizations with malicious emails...