惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

GbyAI
GbyAI
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
N
Netflix TechBlog - Medium
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
F
Full Disclosure
V
Visual Studio Blog
aimingoo的专栏
aimingoo的专栏
NISL@THU
NISL@THU
S
Schneier on Security
T
The Exploit Database - CXSecurity.com
P
Privacy International News Feed
Latest news
Latest news
C
CERT Recently Published Vulnerability Notes
P
Privacy & Cybersecurity Law Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
C
CXSECURITY Database RSS Feed - CXSecurity.com
AWS News Blog
AWS News Blog
C
Cybersecurity and Infrastructure Security Agency CISA
L
Lohrmann on Cybersecurity
Apple Machine Learning Research
Apple Machine Learning Research
The GitHub Blog
The GitHub Blog
T
Tor Project blog
A
About on SuperTechFans
博客园 - 司徒正美
P
Proofpoint News Feed
T
Threat Research - Cisco Blogs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Jina AI
Jina AI
Microsoft Security Blog
Microsoft Security Blog
Blog — PlanetScale
Blog — PlanetScale
罗磊的独立博客
Security Latest
Security Latest
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Hugging Face - Blog
Hugging Face - Blog
云风的 BLOG
云风的 BLOG
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
L
LINUX DO - 热门话题
Know Your Adversary
Know Your Adversary
T
Tenable Blog
K
Kaspersky official blog
Simon Willison's Weblog
Simon Willison's Weblog
宝玉的分享
宝玉的分享
有赞技术团队
有赞技术团队
Cisco Talos Blog
Cisco Talos Blog
U
Unit 42
T
The Blog of Author Tim Ferriss
T
Threatpost
D
DataBreaches.Net
Engineering at Meta
Engineering at Meta
P
Palo Alto Networks Blog

Vulnerabilities – ThreatDown by Malwarebytes

June 2025 Microsoft Patch Tuesday fixes two zero-days April 2025 Patch Tuesday includes one zero-day March 2025 Patch Tuesday, severity over quantity What is Cross-Site Scripting (XSS)? - ThreatDown by Malwarebytes Why ransomware gangs want you to keep using that GPON router - ThreatDown by Malwarebytes Hybrid cloud environments are not safe from ransomware Windows MSHTML vulnerability actively exploited - ThreatDown by Malwarebytes Update now! Critical CVSS 10 vulnerability in Ivanti EPM - ThreatDown by Malwarebytes Update now! Four zero-days fixed in September Patch Tuesday - ThreatDown by Malwarebytes
Ransomware gangs target SonicWall vulnerability
Mark Stockley · 2024-09-10 · via Vulnerabilities – ThreatDown by Malwarebytes
Sonicwall

SonicWall is urging customers affected by CVE-2024-40766 to “please apply the patch as soon as possible.”

A vulnerability in SonicWall firewalls first reported in late August is now under active exploitation by ransomware gangs.

SonicWall is urging users to “please apply the patch as soon as possible.”

The USA’s Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 to its catalog of known exploited vulnerabilities, a signal that cybercriminals are actively exploiting the flaw. This follows reports that affiliates of the Akira ransomware gang have been using vulnerable SonicWall devices to gain initial access to targets’ networks.

CVE-2024-40766 is an improper access control vulnerability (CWE-284) with a CVSS v3 score of 9.3 that can lead to “unauthorized resource access,” or be used to crash a firewall. SonicWall’s advisory warns that the vulnerability affects version 5.9.2.14-12o and older of its Gen 5 devices, version 6.5.4.14-109n and older of its Gen 6 devices, and SonicOS build version 7.0.1-5035 and older of its Gen 7 devices.

In addition to patching, SonicWall is advising customers to reset the passwords on any locally-managed SSLVPN accounts on its Gen 5 and Gen 6 firewalls, and to enable multi-factor authentication (MFA) for all users.

Akira is an active and sophisticated ransomware group. Over the last 18 months, it has been the fifth most active ransomware gang globally, and has released information about 343 known victims. CISA estimates that as of January 1, 2024, the group had extorted $42 million in ransom payments.

Known ransomware attacks by group, April 2023 - August 2024

The vulnerability was first disclosed on August 22, 2024, and the advisory was updated just over two weeks later to indicate that it was already under active exploitation. The short time between the bug’s disclosure and its use in the wild is a stark illustration of just how quickly cybercriminals can reverse engineer a promising patch, create an exploit for it, and then use it.

The bug’s addition to CISA’s catalog means that Federal Civilian Executive Branch (FCEB) agencies now have until September 30 to remediate the vulnerability. By most standards, CISA’s timelines are brutally short, and it’s likely many organisations not bound by CISA’s directives will take longer to act, giving ransomware gangs plenty of time to make use of this new weapon.

To combat the threat of attacks like these, organisations need to ensure they have a plan in place for patching vulnerabilities quickly and efficiently, and have sufficient defence in depth to identify and stop an active attacker as quickly as possible.

ThreatDown’s Vulnerability Assessment and Patch Management solutions make it easy for you to find and fix software vulnerabilities on your endpoints, giving you more time to spend on things like potentially disruptive firewall updates. And our Managed Detection and Response (MDR) service provides round-the-clock monitoring, investigation, and remediation by expert analysts.

To learn more about dealing with Akira ransomware attacks and the work of our MDR analysts, read our guide to Akira ransomware and our anatomy of an Akira ransomware attack.