"As a result of the incident, the company is urging customers to follow the steps below - Login to MySonicWall.com and verify if cloud backups are enabled Verify if affected serial numbers have been flagged in the accounts Initiate containment and remediation procedures by limiting access to services from WAN, turning off access to HTTP/HTTPS/SSH Management, disabling access to SSL VPN and IPSec VPN, reset passwords and TOTPs saved on the firewall, and review logs and recent configuration changes for unusual activity"
"The company said it recently detected suspicious activity targeting the cloud backup service for firewalls, and that unknown threat actors accessed backup firewall preference files stored in the cloud for less than 5% of its customers. "While credentials within the files were encrypted, the files also included information that could make it easier for attackers to potentially exploit the related firewall," the company said."
SonicWall detected suspicious activity targeting its cloud backup service and determined unknown threat actors accessed backup firewall preference files stored in the cloud for less than 5% of customers. Credentials within the files were encrypted but the files contained information that could make it easier for attackers to exploit related firewalls. The incident was not a ransomware attack; rather it involved brute-force attempts to access preference files. Customers are urged to verify cloud backups and flagged serial numbers, limit WAN access, disable management and VPN services, reset passwords and TOTPs, review logs and configuration changes, and import fresh randomized preference files. The responsible actors remain unknown.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]