Advertisement
Top
image credit: jackthegag / Flickr

Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks

April 30, 2021

Via: The Hacker News
Category:

An “aggressive” financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS.

The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an “improper SQL command neutralization” flaw in the SSL-VPN SMA100 product (CVE-2021-20016, CVSS score 9.8) that allows an unauthenticated attacker to achieve remote code execution.

Read More on The Hacker News

RELATED PUBLICATIONS

In the vanguard of 21st century cyber threats
VPN users beware — security flaws are being exploited to spread dangerous malware
Accused PII seller faces jail for running underground fraud op

Latest Publications

U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity
Report: Russian Hackers Targeting Ukrainian Soldiers on Apps
iPhone Users Are Being Targeted by MFA Bombs, Here’s What We Know
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!