Credential Hygiene Emerges as Core Security Weakness

SonicWall investigated claims of a zero-day vulnerability exploited in Akira ransomware attacks but concluded the issue stemmed from the known CVE-2024-40766. The company found that attackers likely used previously compromised credentials, especially during migrations between firewall generations, where passwords weren’t reset. SonicWall noted fewer than 40 related incidents, often involving overlooked password updates despite advisories. Meanwhile, Google separately observed threat group UNC6148 exploiting legacy credentials to deploy new malware targeting SonicWall SMA appliances.

Read more:

https://www.securityweek.com/sonicwall-says-recent-attacks-dont-involve-zero-day-vulnerability/