<img height="1" width="1" style="display: none" alt="" src="https://px.ads.linkedin.com/collect/?pid=1098858&amp;fmt=gif">

SonicWall Confirms No New SSL VPN Zero-Day — Ransomware Attack Linked to Old Vulnerability

SonicWall urges updating credentials and using SonicOS 7.3.0 after ransomware exploits old CVE flaw in SSLVPN products.
Content Team
By Content Team
Last updated:

SonicWall has confirmed that recent ransomware attacks targeting its SSL VPN products weren't caused by a new zero-day vulnerability, but rather were the result of attackers exploiting the previously patched CVE-2024-40766 flaw. The attacks affected fewer than 40 customers and appear linked to legacy credentials left over during migrations from Generation 6 to Generation 7 firewalls.

Attackers exploited outdated or weak credentials that weren't updated during hardware upgrades. SonicWall is urging customers to immediately change their credentials and upgrade to SonicOS 7.3.0, which includes enhanced multi-factor authentication, login attempt lockouts, and stronger password policies to prevent future attacks.

Source: Cyber Security News
Share this article
Share on facebook Share on linkedin Share on twitter Share on email
blog_book_a_demo_cta_3x
Have questions about protecting your software?
Our escrow experts are standing by to help.
Book a free demo
YOU MAY ALSO LIKE
Data breaches
Hackers Use 250+ Fake Korean Apps to Steal Data and Blackmail Victims
Aug 9, 2025
Cyberattacks
PyPI Warns Developers of Active Phishing Campaign Using Fake Verification Emails
Aug 9, 2025
Cyberattacks
Google Hit by Salesforce Hack That Targeted Multiple Major Companies
Aug 9, 2025
Cyberattacks
French Telecom Giant Bouygues Hit by Cyberattack Affecting 6.4 Million Customers
Aug 9, 2025