• Home
  • Blog
  • Android
  • Cars
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • Sci-Fi
Tech News, Magazine & Review WordPress Theme 2017
  • Home
  • Blog
  • Android
  • Cars
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • Sci-Fi
No Result
View All Result
  • Home
  • Blog
  • Android
  • Cars
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • Sci-Fi
No Result
View All Result
Blog - Creative Collaboration
No Result
View All Result
Home Internet

Hackers are exploiting a critical zeroday in firewalls from SonicWall

February 2, 2021
Share on FacebookShare on Twitter

Network security provider SonicWall said on Monday that hackers are exploiting a critical zeroday vulnerability in one of the firewalls it sells.

The security flaw resides in the Secure Mobile Access 100 series, SonicWall said in an advisory updated on Monday. The vulnerability, which affects SMA 100 firmware versions 10.x, isn’t slated to receive a fix until the end of Tuesday.

Monday’s update came a day after security firm NCC Group said on Twitter that it had detected “indiscriminate use of an exploit in the wild.” The NCC tweet referred to an earlier version of the SonicWall advisory that said its researchers had “identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”

Per the @SonicWall advisory – https://t.co/teeOvpwFMD – we’ve identified and demonstrated exploitability of a possible candidate for the vulnerability described and sent details to SonicWall – we’ve also seen indication of indiscriminate use of an exploit in the wild – check logs

— NCC Group Research & Technology (@NCCGroupInfosec) January 31, 2021

In an email, an NCC Group spokeswoman wrote: “Our team has observed signs of an attempted exploitation of a vulnerability that affects the SonicWall SMA 100 series devices. We are working closely with SonicWall to investigate this in more depth.”

In Monday’s update, SonicWall representatives said the company’s engineering team confirmed the submission by NCC Group included a “critical zero-day” in the SMA 100 series 10.x code. SonicWall is tracking it as SNWLID-2021-0001.

Advertisement

The disclosure makes SonicWall at least the fifth large company to report in recent weeks that it was targeted by sophisticated hackers. Other companies include network management tool provider SolarWinds, Microsoft, FireEye, and Malwarebytes. CrowdStrike also reported being targeted but said the attack wasn’t successful.

Neither SonicWall nor NCC Group said that the hack involving the SonicWall zeroday was linked to the larger SolarWinds hack campaign. Based on the timing of the disclosure and some of the details in it, however, there is widespread speculation that the two are connected.

NCC Group has declined to provide additional details before the zeroday is fixed to prevent the flaw from being exploited further.

People who use SonicWall’s SMA 100 series should read the company’s advisory carefully and follow stopgap instructions for securing products before a fix is released. Chief among them:

  1. If you must continue operation of the SMA 100 Series appliance until a patch is available
    • Enable MFA.  This is a *CRITICAL* step until the patch is available.
    • Reset user passwords for accounts that utilized the SMA 100 series with 10.X firmware
  2. If the SMA 100 series (10.x) is behind a firewall, block all access to the SMA 100 on the firewall;
  3. Shut down the SMA 100 series device (10.x) until a patch is available; or
  4. Load firmware version 9.x after a factory default settings reboot. *Please back up your 10.x settings*
    • Important Note: Direct downgrade of Firmware 10.x to 9.x with settings intact is not supported.  You must first reboot the device with factory defaults and then either load a backed up 9.x configuration or reconfigure the SMA 100 from scratch.
    • Ensure that you follow multifactor authentication (MFA) best practice security guidance if you choose to install 9.x.
      SonicWall firewalls and SMA 1000 series appliances, as well as all respective VPN clients, are unaffected and remain safe to use.

Next Post

MediaTek announces Helio M80: Its first mmWave modem

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

No Result
View All Result

Recent Posts

  • The Pixel Watch 5 could come with an unwelcome surprise for buyers
  • Transfer files of any size for life for a one-time $80 through July 19
  • How to watch ‘Obsession’ at home: When is the indie horror movie streaming?
  • Quordle hints and answers for Thursday, July 9 (game #1627)
  • Criterion says Burnout isn’t forgotten… but that’s exactly what worries me

Recent Comments

    No Result
    View All Result

    Categories

    • Android
    • Cars
    • Gadgets
    • Gaming
    • Internet
    • Mobile
    • Sci-Fi
    • Home
    • Shop
    • Privacy Policy
    • Terms and Conditions

    © CC Startup, Powered by Creative Collaboration. © 2020 Creative Collaboration, LLC. All Rights Reserved.

    No Result
    View All Result
    • Home
    • Blog
    • Android
    • Cars
    • Gadgets
    • Gaming
    • Internet
    • Mobile
    • Sci-Fi

    © CC Startup, Powered by Creative Collaboration. © 2020 Creative Collaboration, LLC. All Rights Reserved.

    Get more stuff like this
    in your inbox

    Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

    Thank you for subscribing.

    Something went wrong.

    We respect your privacy and take protecting it seriously