Malware infecting widely used security appliance survives firmware updates

by
Dan Goodin
from Ars Technica - All content on (#69N0B)
evil-packet-800x480.jpg

Enlarge (credit: Getty Images)

Threat actors with a connection to the Chinese government are infecting a widely used security appliance from SonicWall with malware that remains active even after the device receives firmware updates, researchers said.

SonicWall's Secure Mobile Access 100 is a secure remote access appliance that helps organizations securely deploy remote workforces. Customers use it to grant granular access controls to remote users, provide VPN connections to organization networks, and set unique profiles for each employee. The access the SMA 100 has to customer networks makes it an attractive target for threat actors.

In 2021, the device came under attack by sophisticated hackers who exploited what was then a zero-day vulnerability. Security appliances from Fortinet and Pulse Secure have come under similar attacks in recent years.

Read 12 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments