Since the beginning of the year, various cyber attackers leveraged a slew of zero-day vulnerabilities to compromise different SonicWall solutions. Crowdstrike now warns that a cyber-criminal group is exploiting CVE-2019-7481 – an older SQL injection vulnerability affecting SonicWall Secure Remote Access (SRA) 4600 devices running firmware versions 8.x and 9.x – to penetrate organizations’ networks.
“In some recent investigations, CrowdStrike’s Incident Response team has had correlative evidence indicating a root cause via VPN access without brute forcing. These investigations have a common denominator: All organizations used SonicWall SRA VPN appliances running 9.0.0.5 firmware,” the company noted.
Why is this happening?
VPN devices have become a mainstay for organizations looking to provide remote employees with contolled access needed to do their jobs – as well as a favorite target for bot ..
Support the originator by clicking the read the rest link below.
 - Help Net Security){kind=link}