Written by
Liam Tung, Contributor
Liam Tung
Contributor
Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney’s Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia.
Full Bio
on December 9, 2021
| Topic: Security
Cybercrime college: Dark web courses teach wannabe hackers how to build botnets
Watch Now
SonicWall is warning customers to apply firmware updates to its SMA 100 Series appliances for remote access from mobile devices, in order to patch vulnerabilities of critical and medium severity.
SonicWall says in an advisory that it “strongly urges” customers to apply new fixes to address eight flaws that the US Cybersecurity and Infrastructure Agency (CISA) warns would allow a remote attacker to take control of an affected system. CISA recommends customers apply the necessary firmware updates “as soon as possible”, in part because they’ve historically been popular targets for attackers.
The eight bugs range from critical to medium severity and affect a sensitive piece of the network since they provide employees with remote access to internal resources.
SEE: A winning strategy for cybersecurity (ZDNet special report)
The eight bugs were discovered by researchers at Rapid7 and NCC Group. The most dangerous of them has a severity rate of 9.8 out of a possible 10.
SonicWall’s Secure Mobile Access (SMA) SMA 100 Series appliances for small and medium businesses enable secure remote access from mobile devices anywhere via its NetExtender and Mobile Connect VPNs.
Affected SMA 100 series appliances include SMA 200, 210, 400, 410 and 500v products. SonicWall notes its SMA 100 series appliances with WAF enabled are also impacted by the majority of the vulnerabilities.
“There are no temporary mitigations. SonicWall urges impacted customers to implement applicable patches as soon as possible,” SonicWall notes.
It adds that there was no evidence of these vulnerabilities being exploited in the wild. However, now that the bugs have been publicly disclosed, attackers may soon develop exploits for them, especially since bugs in SMA 100 appliances have been exploited quickly in the past.
Rapid7 says it “will release the technical details and proof-of-concept code in January 2022 as part of our coordinated vulnerability disclosure process.”
CISA emphasizes that it warned in July that attackers were actively targeting a previously patched vulnerability in SonicWall SMA 100 series appliances.
FireEye’s incident response group Mandiant in May reported that threat actors linked to the notorious Darkside ransomware-as-a-service were exploiting the flaw (CVE-2021-20016) in SMA 100 seres appliances. Highlighting the speed with which attackers exploit new flaws in key equipment, SonicWall had released firmware to address the issues in late April. DarkSide was network responsible for the Colonial Pipeline ransomware attack that downed its US east cost fuel distribution network for nearly a week in May.
Security
Hackers are using new malware which hides between blocks of junk code
Crooks are selling access to hacked networks. Ransomware gangs are their biggest customers
Here’s the perfect gift to protect anyone with a computer
These researchers wanted to test cloud security. They were shocked by what they found
Hackers are turning to this simple technique to install their malware on PCs
Hit by ransomware? Don’t make this first obvious mistake
Security TV
|
Data Management
|
CXO
|
Data Centers