SonicWall warns customers to reset credentials after breach - Bleeping Computer

SonicWall has disclosed a security breach that exposed firewall configuration backup files stored in MySonicWall accounts, affecting fewer than 5% of their firewall install base.

The breach occurred through brute-force attacks targeting the API service for cloud backup, potentially giving threat actors access to sensitive credentials, tokens, and configuration data that could make firewall exploitation significantly easier. While the exposed files contained encrypted passwords, they also included information that could facilitate network compromise. SonicWall has since blocked attacker access and is working with cybersecurity agencies and law enforcement to investigate the incident.

• Administrators must immediately reset all credentials, API keys, and authentication tokens for users, VPN accounts, and services
• The company recommends disabling WAN access to services before credential resets and updating passwords across connected systems
• This follows previous SonicWall security concerns, including recent Akira ransomware attacks exploiting CVE-2024-40766 vulnerability
• SonicWall has published detailed remediation guidance and checklists to help customers secure their networks and detect potential threats