Sunday, February 21, 17:12
Home security An error has been detected in the cloud system of SonicWall firewalls

An error has been detected in the cloud system of SonicWall firewalls

A bug in a cloud system used to manage SonicWall firewalls was recently discovered. The bug could allow hackers to enter thousands of corporate networks.

Corporate firewalls and virtual private network devices are vital systems for protecting corporate networks from hackers and various attacks on cyberspace. Hackers are known to search errors in critical network tools to infiltrate corporate networks in order to steal data or install malware.

SonicWall bug

Vaggelis Stykas, a researcher at the security company Pen Test Partners, found the new bug in SonicWall's Global Management System (GMS), a web application that allows IT departments to remotely configure SonicWall devices in network.

However, the error, in case someone took advantage of it, meant that any existing user with access in SonicWall GMS could create a user account with access to anyone else's network company without permission.

From there, the newly created account could remotely manage this company's SonicWall tools.

In a blog post shared with TechCrunch, Stykas said there were two barriers to entry. First, an aspirant intruder would need an existing SonicWall GMS user account. The easiest way - and what Stykas did to independently check the error - was to buy a SonicWall device.

The second issue was that the would-be intruder would have to guess a unique seven-digit number associated with network of another company. But Stykas said that number was consecutive and the hacker could easily have guessed.

If the hacker managed to break into a company's network, he could deliver ransomware directly to the internal systems of victims - a very popular tactic of hackers who carry out attacks with financial motives.

SonicWall has confirmed that the error has now been fixed. But Stykas criticized the company for more than two weeks to correct the vulnerability, which the company described as "insignificant".

"Even car alarm sellers have fixed similar problems within three days of our report," the researcher said.

A SonicWall spokesman defended the company's decision, saying it had to submit the correction to a "complete" quality control before it was released.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...

What are the 6 most known attacks on gaming companies?

A few days ago, the gaming company Big Huge Games informed the players that it was the victim of an attack, which affected its data ...