At a glance.
- SonicWall advises customers to disable VPN services amid investigation of a potential zero-day.
- Chanel discloses breach of US customer data.
- Vishing attack compromises Cisco CRM system.
SonicWall advises customers to disable SSLVPN services amid investigation of a potential zero-day.
SonicWall is urging customers to disable SSLVPN services on Gen 7 SonicWall firewalls following reports of a ransomware gang potentially exploiting a zero-day flaw to gain initial access, the Record reports. Arctic Wolf published a report on Friday describing Akira ransomware activity targeting SonicWall VPNs, noting, "While credential access through brute force, dictionary attacks, and credential stuffing have not yet been definitively ruled out in all cases, available evidence points to the existence of a zero-day vulnerability. In some instances, fully patched SonicWall devices were affected following credential rotation. Despite TOTP MFA being enabled, accounts were still compromised in some instances." Researchers at Huntress and Mandiant have observed similar activity.
SonicWall stated, "We are actively investigating these incidents to determine whether they are connected to a previously disclosed vulnerability or if a new vulnerability may be responsible." The company "strongly advises all partners and customers using Gen 7 SonicWall firewalls" to disable SSLVPN services where practical. If disabling SSLVPN is not viable, users are advised to limit SSLVPN connectivity to trusted source IPs, enable security services, enforce multifactor authentication, remove unused accounts, and practice good password hygiene.
Chanel discloses breach of US customer data.
French luxury fashion house Chanel has disclosed a breach affecting personal information belonging to customers in the US. A company spokesperson told WWD, "Based on the findings of the investigation, the data obtained by the unauthorized external party contained limited details of a subset of individuals who contacted our client care center in the U.S. —specifically name, email address, mailing address and phone number."
BleepingComputer reports that the incident was part of a wave of social engineering attacks targeting Salesforce instances, conducted by the ShinyHunters extortion group. The publication says similar hacks hit Adidas, Qantas, Allianz Life, and LVMH brands Louis Vuitton, Dior, and Tiffany & Co. Salesforce stresses that the incidents rely purely on social engineering, and advises customers to follow its security guidance to prevent these attacks.
Vishing attack compromises Cisco CRM system.
Cisco warns that a threat actor gained access to a third-party CRM system via a voice phishing (vishing) attack and stole data belonging to user profiles registered on Cisco.com. It's unclear how many users were affected. The company stated, "Our investigation has determined that the exported data primarily consisted of basic account profile information of individuals who registered for a user account on Cisco.com (name, organization name, address, Cisco assigned user ID, email address, phone number, and account-related metadata – such as creation date). The actor did not obtain any of our organizational customers’ confidential or proprietary information, or any passwords or other types of sensitive information. Cisco did not identify any impact to our products or services, and no other Cisco CRM instances were affected."
Cisco hasn't disclosed which CRM product was affected, but BleepingComputer notes that the vishing tactic aligns with the ongoing wave of Salesforce attacks outlined above.
