SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, May 1st: Sonicwall Attacks; Cached Windows RDP Credentials
4 snips
May 1, 2025 Recent scans targeting SonicWall vulnerabilities are skyrocketing, possibly linked to brute force attacks. An alarming IPv6-based malware tactic has emerged where attackers use spoofed DNS servers to deliver malicious updates. Additionally, a significant flaw in Windows Remote Desktop Protocol may allow logins using outdated credentials, raising pressing security concerns. Technology enthusiasts and security experts alike will find these breaking developments both intriguing and alarming.
AI Snips
Chapters
Transcript
Episode notes
Defend Against SonicWall Brute Forces
- Patch your SonicWall devices promptly and use strong passwords on all login endpoints.
- Be alert for spike in brute force scans targeting older SonicWall API vulnerabilities like CVE-2021-20016.
IPv6 Router Advertisement Exploit
- Attackers use IPv6 router advertisements to insert fake recursive DNS servers, hijacking DNS resolution.
- This enables adversaries to redirect software update requests, injecting malicious payloads stealthily.
Mitigate IPv6 Attacks
- Monitor unusual IPv6 traffic especially involving reserved prefixes like 2001:DB8::/32 used for documentation.
- Consider disabling IPv6 if not needed to reduce exposure to SLAAC spoofing attacks.