SonicWall firewall maker hacked using zero-day in its VPN device

Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems.

SonicWall is a well-known manufacturer of hardware firewall devices, VPN gateways, and network security solutions whose products are commonly used in SMB/SME and large enterprise organizations.

On Friday night, SonicWall released an ‘urgent advisory’ stating that hackers used a zero-day vulnerability in their Secure Mobile Access (SMA) VPN device and its NetExtender VPN client in a “sophisticated” attack on their internal systems.

Read more…
Source: Bleeping Computer