BlackBerry Limited (BB) Q2 2022 Earnings Call Transcript fool.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from fool.com Daily Mail and Mail on Sunday newspapers.
Tyler McLellan, principal threat analyst for advanced practices at Mandiant says the company is unsure about how many SonicWall VPN devices remain unpatched against CVE-2021-20016, a critical SQL injection vulnerability in SonicWall s Secure Mobile Access SMA 100 series remote access products. SonicWall issued a patch for the flaw, which is the one that UNC2447 is targeting, in February 2021. While we don’t have numbers on unpatched devices, Mandiant is aware that UNC2447-related threat actors are still in possession of credentials stolen from over 100 VPN appliances, McLellan says. These affected organizations will remain at risk of ransomware attack even if patched, unless they enable multifactor authentication or reset all passwords.