Ransomware attackers are leveraging old SonicWall SRA flaw (CVE-2019-7481)

Help Net Security

Zeljka Zorz

Since the beginning of the year, various cyber attackers leveraged a slew of zero-day vulnerabilities to compromise different SonicWall solutions. Crowdstrike now warns that a cyber-criminal group is exploiting CVE-2019-7481 – an older SQL injection vulnerability affecting SonicWall Secure Remote Access (SRA) 4600 devices running firmware versions 8.x and 9.x – to penetrate organizations’ networks.

“In some recent investigations, CrowdStrike’s Incident Response team has had correlative evidence indicating a root cause via VPN access without brute forcing. These investigations have a common denominator: All organizations used SonicWall SRA VPN appliances running 9.0.0.5 firmware,” the company noted.

Why is this happening?
VPN devices have become a...

Get the Morning Update

Thanks for subscribing!