Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

At Starbase, SpaceX is doing its own firefighting.

Chinese hackers have been exploiting ArcGIS Server as a backdoor for over a year

FleetWorks raises $17 million to match truck drivers with freight faster

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Experts warn of widespread SonicWall VPN breach affecting over 100 accounts
Identity

Experts warn of widespread SonicWall VPN breach affecting over 100 accounts

userBy userOctober 11, 2025No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

October 11, 2025Ravi LakshmananCloud security / network security

Cybersecurity firm Huntress on Friday warned of a “widespread compromise” of SonicWall SSL VPN devices used to access multiple customer environments.

“Threat actors are rapidly authenticating multiple accounts across compromised devices,” the report said. “The speed and scale of these attacks suggests that the attackers appear to have control over valid credentials rather than brute force attacks.”

The bulk of the activity is said to have started on October 4, 2025, and affected more than 100 SonicWall SSL VPN accounts across 16 customer accounts. In the case Huntress investigated, the SonicWall device was authenticating from IP address 202.155.8.[.]73.

The company noted that in some cases, the attackers did not perform any further hostilities within the network and severed the connection after a short period of time. However, in other cases, attackers have been found conducting network scanning activities and attempting to access numerous local Windows accounts.

DFIR retainer service

This disclosure comes shortly after SonicWall admitted that a security incident resulted in the unauthorized disclosure of firewall configuration backup files stored in MySonicWall accounts. According to the latest update, this breach affects all customers who used SonicWall’s cloud backup service.

“Firewall configuration files store sensitive information that can be exploited by threat actors to exploit or gain access to an organization’s network,” said Arctic Wolf. “These files can provide an attacker with sensitive information such as user, group, and domain settings, DNS and logging settings, and certificates.”

However, Huntress noted that at this stage there is no evidence linking this breach to the recent spike in breaches.

Considering that sensitive credentials are stored within firewall configurations, organizations using the MySonicWall cloud configuration backup service are recommended to reset credentials on live firewall devices to avoid unauthorized access.

We also recommend restricting WAN management and remote access when possible, revoking external API keys that touch firewalls and management systems, monitoring logins for signs of suspicious activity, and enforcing multi-factor authentication (MFA) for all administrator and remote accounts.

This disclosure comes amid an increase in ransomware activity targeting SonicWall firewall devices for initial access, with the attack leveraging a known security flaw (CVE-2024-40766) to infiltrate target networks deploying Akira ransomware.

CIS build kit

In a report released this week, Darktrace said it detected an intrusion targeting an anonymous U.S. customer in late August 2025 that included network scanning, reconnaissance, lateral movement, privilege escalation using techniques such as UnPAC hashing, and data theft.

“One of the compromised devices was later determined to be a SonicWall virtual private network (VPN) server, suggesting this incident was part of a broader Akira ransomware campaign targeting SonicWall technology,” the report said.

“This campaign by the Akira ransomware attackers highlights the critical importance of maintaining up-to-date patching methods. Threat actors continue to exploit previously disclosed vulnerabilities, not just zero-days, highlighting the need for continued vigilance even after patches are released.”


Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleHackers turn Velociraptor DFIR tool into a weapon in LockBit ransomware attack
Next Article It’s never too late for Apple to get AI right
user
  • Website

Related Posts

Chinese hackers have been exploiting ArcGIS Server as a backdoor for over a year

October 14, 2025

How Threat Hunting Builds Readiness

October 14, 2025

A single 8-byte write shatters AMD’s SEV-SNP Confidential Computing security

October 14, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

At Starbase, SpaceX is doing its own firefighting.

Chinese hackers have been exploiting ArcGIS Server as a backdoor for over a year

FleetWorks raises $17 million to match truck drivers with freight faster

Aquawise unveils AI-powered water quality technology at TechCrunch Disrupt 2025

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

Revolutionize Your Workflow: TwinH Automates Tasks Without Your Presence

FySelf’s TwinH Unlocks 6 Vertical Ecosystems: Your Smart Digital Double for Every Aspect of Life

Beyond the Algorithm: How FySelf’s TwinH and Reinforcement Learning are Reshaping Future Education

Meet Your Digital Double: FySelf Unveils TwinH, the Future of Personalized Online Identity

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.