Topic: cve-2024-40766
-
Marquis Data Breach Exposes 74+ US Banks and Credit Unions
A ransomware attack on Marquis Software Solutions in August 2025 compromised sensitive personal data, including Social Security and financial account information, for over 400,000 individuals across more than 74 U.S. banks and credit unions. The breach occurred via a compromised SonicWall firewal...
Read More » -
Akira Ransomware Bypasses MFA to Breach SonicWall VPNs
Akira ransomware is bypassing multi-factor authentication on SonicWall SSL VPN devices, likely using stolen OTP seeds to generate valid tokens despite security patches. Attackers exploit the CVE-2024-40766 vulnerability to steal credentials, which they reuse even on patched systems, gaining rapid...
Read More » -
SonicWall SMA100 Update Eradicates Rootkit Malware
SonicWall has released a critical firmware update for its SMA 100 series appliances that can eradicate the OVERSTEP rootkit malware, which enables persistent unauthorized access and data theft. The update is urgent due to active attacks by threat actor UNC6148, who uses the rootkit to steal sensi...
Read More » -
Ransomware Hackers Exploit Misconfigured EDR to Disable Security
Modern ransomware groups exploit minor security oversights, such as human error and misconfigurations, to bypass multi-factor authentication and disable critical defenses like EDR systems. Attackers used a variety of tools, including common utilities and legitimate Windows drivers, to disable sec...
Read More » -
Akira Ransomware Actively Exploits Critical SonicWall VPN Flaw
The Akira ransomware group is exploiting CVE-2024-40766, a known vulnerability in SonicWall VPN appliances, to breach unpatched corporate networks. Despite a patch being available since August 2024, incomplete updates and unchanged default credentials allow attackers to bypass security measures l...
Read More » -
Akira Ransomware Exploits SonicWall Firewalls to Breach Organizations
SonicWall firewalls are still being exploited by Akira ransomware affiliates due to unpatched vulnerabilities and misconfigurations, including CVE-2024-40766 and SSLVPN settings. Attackers gain initial access through SSLVPN, escalate privileges, and deploy ransomware after exfiltrating data and d...
Read More »