Recent cybersecurity alerts indicate a surge in ransomware attacks exploiting a potential zero-day vulnerability in SonicWall firewalls, employing a new rootkit called Overstep. Security firms and SonicWall are actively investigating whether these attacks relate to known or new vulnerabilities. #SonicWall #Overstep
Keypoints
- Attackers are exploiting a suspected zero-day vulnerability in SonicWall firewalls to gain initial access.
- The threat actors are deploying a new backdoor rootkit named Overstep for persistence and data theft.
- Despite MFA being enabled, some fully patched devices were compromised, indicating a sophisticated attack method.
- Validated targeting includes Gen 7 SonicWall firewalls with SSLVPN enabled, particularly firmware versions 7.2.0-7015 and earlier.
- SonicWall recommends disabling SSLVPN, limiting connections, enforcing MFA, and updating passwords to mitigate risks.
Read More: https://www.securityweek.com/sonicwall-hunts-for-zero-day-amid-surge-in-firewall-exploitation/