InfoSecBulletin Cybersecurity for mankind
After its investigation in collaboration with leading IR Firm, Mandiant into the scope of a recent cloud backup security incident, SonicWall confirm that an unauthorized party accessed firewall configuration backup files for all customers who have used SonicWall’s cloud backup service.
The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks. We are working to notify all impacted partners and customers and have released tools to assist with device assessment and remediation. Updated and comprehensive final lists of impacted devices are now available in the MySonicWall portal (Navigate to the Product Management > Issue List).
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Critical Cisco ISE Vulnerability Enables Remote Code Execution
F5 Patches NGINX Flaw for Code Execution and DoS Attacks
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
New Rokarolla Android malware hits 217 banking and crypto apps
Phishing Campaign Exploits Legitimate Microsoft Login Flow
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion
To help prioritize remediation efforts, the lists include a field that identifies each device as either
“Active – High Priority” (devices with internet-facing services enabled);
“Active – Lower Priority” (devices without internet-facing services); or
“Inactive” (devices that have not pinged home for 90 days).
SonicWall urge all partners and customers to log in and check for their devices. SonicWall has implemented additional security hardening measures and is working closely with Mandiant to further enhance its cloud infrastructure and monitoring systems.
To aid in this process, SonicWall has published a detailed “Remediation Playbook” and a “SonicWall Online Tool” designed to analyze firewall configurations and identify all services that require credential updates.
The company suggests focusing on high-priority devices first. Customers can get help from a dedicated support team via the MySonicWall portal for necessary changes and security.
