The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
All content for CyberWire Daily is the property of N2K Networks and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
This week, we are joined by Jamie Levy, Director of Adversary Tactics at Huntress, who is discussing their work on "Active Exploitation of SonicWall VPNs." Huntress has released an urgent threat advisory on active exploitation of SonicWall VPNs, with attackers bypassing MFA, pivoting to domain controllers, and ultimately deploying Akira ransomware. The campaigns involve techniques such as disabling defenses, clearing logs, credential theft, and Bring Your Own Vulnerable Driver (BYOVD) attacks with legitimate Windows drivers.
Organizations using SonicWall devices are strongly advised to disable SSL VPN access or restrict it via IP allow-listing, rotate credentials, and hunt for indicators of compromise as this remains an ongoing and evolving threat.
Complete our annual audience survey before August 31.
The research can be found here:
Huntress Threat Advisory: Active Exploitation of SonicWall VPNs
Learn more about your ad choices. Visit megaphone.fm/adchoices
CyberWire Daily
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
