SonicWall has released a critical firmware update designed to eradicate a previously unknown rootkit called OVERSTEP from its Secure Mobile Access (SMA) 100 series appliances. This action follows a warning from Google about a campaign by a threat group, UNC6148, which exploited end-of-life devices to deploy the persistent backdoor. The rootkit modifies the system's boot process to maintain access and steal credentials while hiding its components.
The new firmware, version 10.2.2.2-92sv, is strongly recommended for SMA 210, 410, and 500v models. This security update arrives amid a series of other attacks targeting SonicWall products. In a separate incident, the company and CISA warned of brute-force attacks on its cloud backup service for firewalls, which led to configuration data being accessed for a small percentage of customers.
Furthermore, SonicWall has been investigating ransomware attacks, notably from the Akira group, which exploited a high-severity flaw (CVE-2024-40766) and SSL VPN misconfigurations. These overlapping security issues highlight ongoing challenges for the network security vendor and its customers, underscoring the need for vigilant patching and configuration management.
Read more...