SonicWall urges admins to disable SSLVPN amid rising attacks www.bleepingcomputer.com/news/secu…

SonicWall has warned customers to disable SSLVPN services due to ransomware gangs potentially exploiting an unknown security vulnerability in SonicWall Gen 7 firewalls to breach networks over the past few weeks. The warning comes after Arctic Wolf Labs reported on Friday that it had observed multiple Akira ransomware attacks, likely using a SonicWall zero-day vulnerability, since July 15th.

“The initial access methods have not yet been confirmed in this campaign,” the Arctic Wolf Labs researchers said. “While the existence of a zero-day vulnerability is highly plausible, credential access through brute force, dictionary attacks, and credential stuffing have not yet been definitively ruled out in all cases.”

Arctic Wolf also advised SonicWall administrators on Friday to temporarily disable SonicWall SSL VPN services due to the strong possibility that a SonicWall zero-day vulnerability was being exploited in these attacks. Cybersecurity company Huntress has also confirmed Arctic Wolf’s findings on Monday and published a report providing indicators of compromise (IOCs) collected while investigating this campaign.