Search for sonicwall on Sholdan.io

SonicWall warns of imminent ransomware campaign on VPN hardware

This is one of those “we told you to patch, why haven’t you” moments…:

Cyber security company SonicWall has urged customers to patch its enterprise secure VPN hardware to thwart an “imminent ransomware campaign using stolen credentials.”

This week, the company issued a notice saying customers who do not take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products could be at risk of an attack.

The products in question are those running unpatched and end-of-life (EOL) 8.x firmware. SonicWall said researchers at security firm Mandiant informed SonicWall that threat actors were actively targeting models that are no longer supported.

“SonicWall PSIRT strongly suggests that organizations still using 8.x firmware review the information below and take immediate action,” said the company.

Since at least June, the attacks have been happening when cyber security firm Crowdstrike had warned that attacks against devices were ongoing.

[…]

Original article