InfoSunrise – Daily Insights Across Tech, Travel, Lifestyle & More

Latest News, Trends & Expert Picks in One Place

Tech

This long-exposed SonicWall flaw is being used to infect organizations with Akira ransomware – so patch now

Byadmin

Sep 11, 2025 #5G technology, #AI technology, #artificial intelligence, #augmented reality, #best laptops, #best tech apps, #blockchain, #cloud computing, #cryptocurrency, #cybersecurity, #digital transformation, #emerging tech, #future technology, #iOS vs Android, #latest inventions, #latest tech news, #machine learning, #new gadgets, #robotics, #smart home devices, #smartphones, #software updates, #tech, #tech comparisons, #tech industry news, #tech innovations, #tech reviews, #tech startups, #tech tips and tricks, #tech trends, #tech tutorials, #technology, #top tech of 2025, #virtual reality, #wearable tech
  • Akira ransomware is exploiting a year-old SonicWall SSLVPN flaw, targeting unpatched Gen5–Gen7 firewalls
  • Attackers also abuse default LDAP group settings and public access to the Virtual Office Portal
  • Rapid7 warns that Akira combines multiple weaknesses, urging businesses to patch systems

A vulnerability in SonicWall’s SSLVPN instances, discovered and patched more than a year ago, is now being abused by Akira ransomware operators, security researchers are warning.

The miscreants are going after companies that did not yet apply the patch, or otherwise mitigate the risk.

In a newly published security advisory, experts from Rapid7 said that an improper access control vulnerability for SSLVPN, affecting Gen5, Gen6, and Gen7 firewall[1] appliances, has seen an uptick in abuse, starting in August 2025.

Combining risks

Rapid7 also said that Akira is using other means to gain unauthorized access, besides targeting outdated firewall instances. It said that SonicWall posted additional security guidance around the firewall’s Default Users Group Security Risk, a risk which can provision access to the services based on the Default LDAP group configurations (in some instances). This allows users without proper permissions to gain access to the SSLVPN.

The threat actors are also accessing the Virtual Office Portal hosted by SonicWall appliances, the outfit further stated. This service can be used to initially set up MFA/TOTP configurations for SSLVPN users and, in certain default configurations, allows public access to the portal, which allows miscreants to configure MFA/TOTP with valid, previously exposed, accounts.

“Evidence collected during Rapid7’s investigations suggests that the Akira group is potentially utilizing a combination of all three of these security risks to gain unauthorized access and conduct ransomware[2] operations,” the researchers warned.

To mitigate the risk, businesses should rotate passwords on all SonicWall accounts, ensure MFA policies are properly configured, and check if Virtual Office Portal is restricted to LAN/internal access (or trusted network access only). Other mitigations include monitoring access to the Virtual Office Portal and making sure everything’s patched up.

Akira has been active for at least two years now, and is known for aggressively targeting edge devices, the researchers concluded.

You might also like

References

  1. ^ firewall (www.techradar.com)
  2. ^ ransomware (www.techradar.com)

By admin

Related Post

Tech

I tried and failed to break Greg Joswiak’s iPhone Air, and I think he’s OK with that

Sep 11, 2025 admin
Tech

IPVanish takes its first step toward a RAM-only VPN network

Sep 11, 2025 admin
Tech

The EU has never been closer to agreeing on the scanning of your private chats – but how did we get here?

Sep 11, 2025 admin

You missed

News

South Korean workers detained in immigration raid leave Atlanta and head home

September 11, 2025 admin
Politics

When crypto wins without rules, families lose without warning

September 11, 2025 admin
Politics

National Institutes for Health grant for nearly $500,000 awarded to D.O. school researcher

September 11, 2025 admin
Politics

Fall enrollment surges at Harding University

September 11, 2025 admin