The News - How It Affects You

Impact Of Current Events On Your Business

Author

Gayla Wars-White
August 15, 2025

Table of Contents:

  • SonicWall Vulnerability Exploitation

  • One Big Beautiful Bill Act

  • Tariffs

  • Tip of the Week

🛡️ Urgent Security Advisory:
SonicWall SSLVPN Vulnerability Exploitation

🔍 Overview

SonicWall has confirmed active exploitation of a previously disclosed vulnerability—CVE-2024-40766—affecting Gen 7 SonicWall firewalls. While not a zero-day, this vulnerability has been linked to recent threat activity, including unauthorized access and ransomware deployment.

⚠️ What Is CVE-2024-40766?

  • Type: Improper Access Control

  • CVSS Score: 9.3 (Critical)

  • Impact: Allows unauthorized access to firewall resources and may cause system crashes under certain conditions.

  • Affected Products: SonicOS 7.0.1-5035 and older versions on Gen 7 firewalls.

🚨 Recent Threat Activity

  • Attackers are exploiting weak or reused passwords from Gen 6 to Gen 7 migrations.

  • Incidents involve brute-force attacks, MFA bypass, and Akira ransomware deployment.

  • Fewer than 40 cases have been reported, but the risk remains high for unpatched or misconfigured systems.

🧠 Potential Impacts on Users

  • Unauthorized network access

  • Compromise of admin credentials

  • Firewall crashes and service disruption

  • Sensitive data exposure

  • Ransomware attacks

  • Supply chain risks for MSPs and downstream clients

 What Should Users Do?

🔒 Immediate Actions

  • Disconnect affected systems.

  • Disable SSLVPN access temporarily.

  • Reset all credentials.

  • Enable MFA for all remote access accounts.

🔍 Investigation & Forensics

  • Review logs and alerts.

  • Capture packet data and debug logs.

  • Scan for malware and ransomware.

🛠️ Remediation

  • Update to SonicOS 7.3.0 or later.

  • Enable Botnet Protection and Geo-IP Filtering.

  • Restrict access to trusted IPs.

  • Audit and clean up user accounts.

📞 Support & Reporting

  • Contact SonicWall Support.

  • Notify internal security and leadership teams.

  • Report to authorities if required.

🔁 Post-Incident Review

  • Conduct a full security audit.

  • Update your incident response plan.

📄 Downloadable Resource

We’ve created a printable checklist to help guide your response:

🔗 Additional Resources

📬 Need Help?

If you need assistance with patching, auditing, or incident response, please reach out to our support team. We’re here to help you stay secure.

Example BEFORE & AFTER Below

Transport Data Systems Inc

We Appreciate Your Business

Reply

or to participate.