Top
image credit: jackthegag / Flickr

Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks

April 30, 2021

An “aggressive” financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS.

The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an “improper SQL command neutralization” flaw in the SSL-VPN SMA100 product (CVE-2021-20016, CVSS score 9.8) that allows an unauthenticated attacker to achieve remote code execution.

Read More on The Hacker News