Recent SonicWall Akira ransomware attacks exploit known vulnerabilities in Gen 7 firewallsβ SSLVPN feature, specifically CVE-2024-40766. SonicWall confirms these are not zero-day exploits but target misconfigured systems, emphasizing the importance of applying patches and following security guidelines. #CVE202440766 #AkiraRansomware
Keypoints
- The recent attacks exploit an older SSLVPN vulnerability, CVE-2024-40766, in SonicWall Gen 7 firewalls.
- SonicWall states that these attacks are not linked to a zero-day vulnerability but to misconfigurations during migration.
- Attacks targeted endpoints where passwords were not reset following migration from Gen 6 to Gen 7.
- Users are advised to update firmware to version 7.3.0 or later and reset all local user passwords.
- Some customers report breaches despite following recommended mitigation steps, adding uncertainty to the threat landscape.