Ransomware attackers are leveraging old SonicWall SRA flaw (CVE-2019-7481)
Help Net Security
Since the beginning of the year, various cyber attackers leveraged a slew of zero-day vulnerabilities to compromise different SonicWall solutions. Crowdstrike now warns that a cyber-criminal group is exploiting CVE-2019-7481 – an older SQL injection vulnerability affecting SonicWall Secure Remote Access (SRA) 4600 devices running firmware versions 8.x and 9.x – to penetrate organizations’ networks.
“In some recent investigations, CrowdStrike’s Incident Response team has had correlative evidence indicating a root cause via VPN access without brute forcing. These investigations have a common denominator: All organizations used SonicWall SRA VPN appliances running 126.96.36.199 firmware,” the company noted.
Why is this happening?
VPN devices have become a...