SonicWall has urged customers to reset credentials following a security breach involving the exposure of firewall configuration backup files in the cloud. The incident involved brute-force attacks targeting MySonicWall accounts and highlighted ongoing threats from groups like Akira exploiting unpatched vulnerabilities. #MySonicWall #AkiraRansomware
Keypoints
- SonicWall detected suspicious activity targeting its cloud backup service for firewalls.
- Less than 5% of customersβ backup files were accessed by unknown threat actors.
- Customers are advised to verify backup settings, reset passwords, and review logs for unusual activity.
- Affected preferences files include randomized passwords, reset TOTP, and new VPN keys.
- Threat actors from the Akira group exploited a vulnerability (CVE-2024-40766) to target SonicWall devices with ransomware and bypass security controls.
Read More: https://thehackernews.com/2025/09/sonicwall-urges-password-resets-after.html