SonicWall is investigating a potential zero-day vulnerability after a surge in ransomware attacks targeting its firewalls since mid-July. Google's threat intelligence team first spotted the campaign, where hackers deployed a new backdoor called Overstep on fully patched devices. The attacks affect Gen 7 SonicWall firewalls with SSLVPN enabled, particularly TZ and NSa-series models running firmware 7.2.0-7015 or earlier.
What's alarming: attackers bypassed multi-factor authentication and reached domain controllers within hours. SonicWall recommends immediately disabling SSLVPN services, limiting connectivity to trusted IPs, and updating all passwords while the investigation continues.
Source: Security Week