SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers
SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers
SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers
Information
SonicWall is warning customers to reset their passwords and authentication tokens after a breach discovered that compromised some users' firewall configuration backups in MySonicWall accounts unauthorized access This event may increase the risk that an attacker will steal sensitive information such as passwords and API keysand tokens were used to breach the firewall, and the company immediately cut off the attackers' access and is working with cybersecurity agencies and law enforcement to investigate the impact.
SonicWall stated that the incident affected less than 5% of its firewall devices, with the attackers using a brute-force method to compromise the cloud backup system's API.
Although the file is encrypted, it contains configuration information that could increase the opportunity for an attacker to exploit the vulnerability. The company recommends that administrators reset all passwords, API keys and associated tokens, as well as related services VPN and LDAP/RADIUS connected to SonicWall devices, with access to services from the external network (WAN) temporarily disabled or restricted for security.
While SonicWall maintains that it has found no evidence of file release or ransomware involvement, the incident coincides with the Akira ransomware incident the CVE-2024-40766 vulnerability in SonicOS has been confirmed to be used to attack unpatched devices, and researchers are urging organizations to quickly patch it Monitor usage logs and strengthen security measures to prevent replay attacks or unauthorized network access.
Recommendation
SonicWall is reminding customers to reset their passwords and authentication tokens and to closely monitor SonicWall for updates to patch the issue as soon as possible.
The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
061 387 9439 (Ms.Sirilak)
092 257 6902 (Ms.Narusorn)
063 197 7510 (Mr.Yanotai)
065 725 7405 (Ms.Chanuntida)
065 725 7405 (Ms.Nattharini)
References
- https://thehackernews.com/2025/09/sonicwall-urges-password-resets-after.html
- https://www.thaicert.or.th/2025/09/19/sonicwall-%e0%b9%80%e0%b8%95%e0%b8%b7%e0%b8%ad%e0%b8%99%e0%b8%a5%e0%b8%b9%e0%b8%81%e0%b8%84%e0%b9%89%e0%b8%b2%e0%b8%a3%e0%b8%b5%e0%b9%80%e0%b8%8b%e0%b9%87%e0%b8%95%e0%b8%a3%e0%b8%ab%e0%b8%b1%e0%b8%aa/
Weekly Interesting CVE
| NO. |
CVE Name |
Published Date |
Last Update |
Device/Appplication/OS Target |
Attack Type |
CVSS |
Detail |
Solution |
Reference |
|---|---|---|---|---|---|---|---|---|---|
| 1 |
CVE-2025-9934 |
3/9/2025 |
4/9/2025 |
Totolink |
command injection |
6.3 |
A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. |
A patch has not yet been released. |
https://app.opencve.io/cve/CVE-2025-9934 |
| 2 |
CVE-2025-57071 |
9/9/2025 |
10/9/2025 |
Windows Kerberos |
Tenda |
7.5 |
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the vpnUsers parameter in the formAddVpnUsers function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. |
A patch has not yet been released. |
https://github.com/vulnDetailRecord/VulforDevice/blob/main/Tenda/G3/formAddVpnUsers.md |
| 3 |
CVE-2025-23343 |
9/9/2025 |
11/9/2025 |
NVIDIA |
Path traversal |
7.6 |
The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to write files to restricted components. A successful exploit of this vulnerability may lead to information disclosure, denial of service, and data tampering. |
Updated to Version |
https://nvidia.custhelp.com/app/answers/detail/a_id/5696 https://app.opencve.io/cve/CVE-2025-23343
|
| 4 |
CVE-2025-10159 |
9/9/2025 |
10/9/2025 |
Sophos |
Authentication bypass |
9.8 |
An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7). |
Updated to Version |
https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap6 |
| 5 |
CVE-2025-54256 |
9/9/2025 |
10/9/2025 |
Adobe |
Cross-Site Request Forgery (CSRF) |
8.6 |
Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must click on a malicious link, and scope is changed. |
Updated to Version |
https://app.opencve.io/cve/CVE-2025-54256 |
Malware News or Campaign IOC/IOA | EN
|
No |
Campaign Name |
Detection Date |
Attack Type |
Description |
Mitigation/Remediation |
|---|---|---|---|---|---|
| 1 |
Updated malware arsenal touted by Mustang Panda |
15/09/2025 |
Malware |
Chinese advanced persistent threat group Mustang Panda, also known as Hive0154, has launched highly sophisticated attacks involving an updated Toneshell backdoor and the novel SnakeDisk USB malware against Southeast Asia, GBHackers News reports. Meanwhile, Thailand was targeted by Mustang Panda with attacks involving the SnakeDisk malware, coinciding with the country's mounting tensions with Cambodia. |
|
Ref: https://www.scworld.com/brief/updated-malware-arsenal-touted-by-mustang-panda
23 September 2025
Viewed 212 time
