Skip to content
  • Categories
Collapse
Brand Logo

Talks
  1. Home
  2. English
  3. Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks

Scheduled Pinned Locked Moved English
1 Posts 1 Posters 2 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S Offline
    S Offline
    SrGuard
    wrote on last edited by
    #1

    Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access.

    CVE-2024-40766 is an Improper Access Control Vulnerability impacting SonicWall SonicOS, the company addressed it in August 2024.

    “An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash.” reads the SonicWall’s advisory.

    “This issue affects SonicWall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions. This vulnerability is potentially being exploited in the wild. Please apply the patch as soon as possible for affected products. The latest patch builds are available for download on mysonicwall.com“

    In September, SonicWall warned that the flaw CVE-2024-40766 in SonicOS is now potentially exploited in attacks.

    “This vulnerability is potentially being exploited in the wild. Please apply the patch as soon as possible for affected products. The latest patch builds are available for download on mysonicwall.com,” warns the updated SonicWall advisory.

    Threat actors can exploit the vulnerability to gain unauthorized resource access and crash the impacted firewalls.

    “An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash.” reads the advisory.

    The company urges customers to apply patches as soon as possible. The vendor also provided a workaround to minimize potential risks, they recommended to restrict firewall management to trusted sources or disable firewall WAN management from Internet access. Similarly, for SSLVPN, ensure that access is limited to trusted sources or disable SSLVPN access from the Internet.

    Arctic Wolf researchers detected over 30 Akira and Fog ransomware intrusions since August, all leveraging unpatched SonicWall SSL VPNs (CVE-2024-40766). The experts noticed shared IP infrastructure behind the attacks.

    “In early August, Arctic Wolf Labs began observing a marked increase in Fog and Akira ransomware intrusions where initial access to victim environments involved the use of SonicWall SSL VPN accounts.” reads the advisory. “Based on victimology data showing a variety of targeted industries and organization sizes, we assess that the intrusions are likely opportunistic, and the threat actors are not targeting a specific set of industries.”

    See. more at:
    https://securityaffairs.com/170359/cyber-crime/fog-akira-ransomware-sonicwall-vpn-flaw.html

    1 Reply Last reply
    0

    • Login
    • Don't have an account? Register
    Powered by NodeBB Contributors
    • First post
      Last post
    0
    • Categories