Search cyberveille.decio.ch

Found 13 bookmarks

Custom sorting

Security Advisory SNWLID-2025-0002

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. IMPORTANT: SonicWall PSIRT has been notified of possible active exploitation of the referenced vulnerability by threat actors. We strongly advises users of the SMA1000 product to upgrade to the hotfix release version to address the vulnerability. Please note that SonicWall Firewall and SMA 100 series products are not affected by this vulnerability.

#SonicWall #EN #2025 #CVE-2025-23006 #advisory

·psirt.global.sonicwall.com·Jan 24, 2025

Security Advisory SNWLID-2025-0002

SonicWall urges admins to patch exploitable SSLVPN bug immediately

SonicWall is emailing customers urging them to upgrade their firewall's SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is

#bleepingcomputer #EN #2024 #Authentication-Bypass #Firewall #Security-Advisory #SonicWall #Vulnerability

·bleepingcomputer.com·Jan 9, 2025

SonicWall urges admins to patch exploitable SSLVPN bug immediately

State of SonicWall Exposure: Firmware Decryption Unlocks…

Discover Bishop Fox's survey on the current state of SonicWall appliances on the public internet.

#Bishop-Fox #bishopfox #EN #2024 #SonicWall #Exposure #analysis

·bishopfox.com·Dec 16, 2024

State of SonicWall Exposure: Firmware Decryption Unlocks…

Fog ransomware targets SonicWall VPNs to breach corporate networks

Fog and Akira ransomware operators have increased their exploitation efforts of CVE-2024-40766, a critical access control flaw that allows unauthorized access to resources on the SSL VPN feature of SonicWall SonicOS firewalls.

#bleepingcomputer #EN #2024 #Akira #CVE-2024-40766 #Firewall #Fog-Ransomware #SonicWall #SSL-VPN

·bleepingcomputer.com·Oct 27, 2024

Fog ransomware targets SonicWall VPNs to breach corporate networks

Arctic Wolf Observes Akira Ransomware Campaign Targeting SonicWall SSLVPN Accounts

In recent threat activity observed by Arctic Wolf, Akira ransomware affiliates carried out ransomware attacks with an initial access vector involving the compromise of SSLVPN user accounts on SonicWall devices.

#arcticwolf #EN #2024 #SonicWall #Akira #SSLVPN #ransomware #CVE-2024-40766

·arcticwolf.com·Sep 10, 2024

Arctic Wolf Observes Akira Ransomware Campaign Targeting SonicWall SSLVPN Accounts

Critical SonicWall SSLVPN bug exploited in ransomware attacks

Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims' networks.

#bleepingcomputer #EN #2024 #SonicWall #SSLVPN #bug #CVE-2024-40766

·bleepingcomputer.com·Sep 10, 2024

Critical SonicWall SSLVPN bug exploited in ransomware attacks

Security Advisory CVE-2024-40766

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

#sonicwall #EN #2024 #Advisory #CVE-2024-40766

·psirt.global.sonicwall.com·Aug 22, 2024

Security Advisory CVE-2024-40766

Critical Vulnerability in Apache OFBiz Requires Immediate Patching - Infosecurity Magazine

SonicWall discovered the Apache OFBiz flaw, identifying it as a critical issue enabling unauthenticated remote code execution

#infosecurity-magazine.#EN #2024 #SonicWall #Apache #OFBiz #flaw #critical #CVE-2024-38856

·infosecurity-magazine.com·Aug 7, 2024

Critical Vulnerability in Apache OFBiz Requires Immediate Patching - Infosecurity Magazine

Lighter Ransomware Locks Users Out of System

Overview This week, the Sonicwall Capture Labs threat research team analyzed a ransomware calling itself Lighter Ransomware. Upon execution, it opens up a window with a countdown timer instructing the victim to reach out immediately […]

#SonicWall #EN #2024 #Ransomware #Locks #lighter-ransomware

·blog.sonicwall.com·Mar 28, 2024

Lighter Ransomware Locks Users Out of System

Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild

Overview The SonicWall Capture Labs threat research team recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file […]

#SonicWall #EN #2024 #StopCrypt #ransomware #analysis

·blog.sonicwall.com·Mar 19, 2024

Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild

178,000 SonicWall firewalls are vulnerable to old DoS bugs

Majority of public-facing devices still unpatched against critical vulns from as far back as 2022

#theregister #EN #2024 #2022 #CVE-2022-22274 #CVE-2023-0656 #SonicWall #DoS

·theregister.com·Jan 22, 2024

178,000 SonicWall firewalls are vulnerable to old DoS bugs

Technical Advisory – SonicWall Global Management System (GMS) & Analytics – Multiple Critical Vulnerabilities

Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass – CVE-2023-34133 Title: Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass Risk: 9.8 (Critic…

#nccgroup #EN #SonicWall #GMS #CVE-2023-34133 #CVE-2023-34124

·research.nccgroup.com·Aug 25, 2023

Technical Advisory – SonicWall Global Management System (GMS) & Analytics – Multiple Critical Vulnerabilities

CVE-2023-34127

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authe…

#attackerkb #EN #2023 #rapid7 #SonicWall #CVE-2023-34127 #vulnerability #PoC

·attackerkb.com·Aug 21, 2023

CVE-2023-34127