SonicWall is currently conducting an active investigation into a surge of malicious activity aimed at its firewall systems.

SonicWall has issued a warning to users of its Gen 7 SonicWall firewalls, advising them to disable SSLVPN services wherever possible. This alert comes in response to a significant increase in cyber incidents reported both internally and externally over the past 72 hours, specifically involving Gen 7 SonicWall firewalls with SSLVPN enabled. In a notice posted on 4 August, SonicWall acknowledged the surge in incidents and stated that it is actively investigating the situation. The company is collaborating with external partners, including Arctic Wolf, Google Mandiant, and Huntress, to determine whether these incidents are linked to a previously disclosed vulnerability or if a new vulnerability has emerged.

As part of its ongoing investigation, SonicWall has committed to keeping customers informed and will provide a firmware update if a new vulnerability is identified. In the meantime, the company is urging customers to take precautionary measures by disabling SSLVPN services, restricting SSLVPN connectivity to trusted IP addresses, and enabling security services along with multifactor authentication. Security analysts at Huntress have reported a wave of high-severity incidents originating from SonicWall Secure Mobile Access, highlighting the urgency of the situation. 

Categories: Cyber Incidents, SSLVPN Vulnerability, Security Recommendations 

Tags: SonicWall, Firewalls, SSLVPN, Cyber, Incidents, Vulnerability, Investigation, Authentication, Exploitation, Security