New SonicWall SonicOS flaw allows hackers to crash firewalls
American cybersecurity company SonicWall urged customers today to patch a high-severity SonicOS SSLVPN security flaw that can allow attackers to crash vulnerable firewalls. [...]
Stay secure with our latest firewall updates, trends, and expert insights in information security to protect your digital assets effectively.
Search across headline titles and summaries.
Background for this topic.
Firewalls are security controls that permit or block network connections according to policy. They can operate at network boundaries, between internal segments, on individual hosts, or in cloud environments. Basic rules use addresses, ports, protocols, and connection state; more advanced firewalls may inspect applications or encrypted traffic where configured. Their purpose is to limit which systems can communicate, not to determine that all permitted traffic is safe.
Security depends heavily on accurate policy and maintenance. Overly broad, obsolete, or conflicting rules can expose services or allow unnecessary lateral movement, while unmanaged administrative interfaces and unpatched firewall software create additional attack surfaces. Practitioners should restrict management access, apply least-privilege rules, review and remove exceptions, and monitor logs for unexpected connections and policy changes. Firewall logs can support investigation, but encryption, evasion, and traffic allowed by policy may limit what the control can detect.
American cybersecurity company SonicWall urged customers today to patch a high-severity SonicOS SSLVPN security flaw that can allow attackers to crash vulnerable firewalls. [...]
Attackers may be joining the dots to enable unauthenticated RCE Fortinet has confirmed that another flaw in its FortiWeb web application firewall has been exploited as a zero-day and issued a patch, just days after disclosing a critical bug in the same product that attackers had found and abused a month earlier.…
A second zero-day vulnerability in its web application firewall (WAF) line has come under attack, raising more questions about the vendor's disclosure practices.
CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet's FortiWeb web application firewall, which was exploited in zero-day attacks. [...]
IoT devices can be compromised, thanks to gaps in cloud management interfaces for firewalls and routers, even if they're protected by security software or not online.