Mastodawn

📢 SonicWall publie un firmware pour supprimer un rootkit sur les SMA 100
📝 Selon BleepingComputer (Sergiu Gatlan, 23 septembre 2025), SonicWall a publié un nouveau firmware pour les appliances...
📖 cyberveille : https://cyberveille.ch/posts/2025-09-26-sonicwall-publie-un-firmware-pour-supprimer-un-rootkit-sur-les-sma-100/
🌐 source : https://www.bleepingcomputer.com/news/security/sonicwall-releases-sma100-firmware-update-to-wipe-rootkit-malware/
#OVERSTEP #SMA_100 #Cyberveille

SonicWall publie un firmware pour supprimer un rootkit sur les SMA 100

Selon BleepingComputer (Sergiu Gatlan, 23 septembre 2025), SonicWall a publié un nouveau firmware pour les appliances SMA 100 afin d’aider à retirer un rootkit observé dans des attaques récentes. 🛡️ SonicWall annonce la version de firmware SMA 100 10.2.2.2-92sv avec vérifications de fichiers renforcées permettant de retirer des rootkits connus présents sur les équipements. L’éditeur recommande fortement la mise à niveau pour les SMA 210, 410 et 500v. 🔎 Contexte menace: en juillet, le Google Threat Intelligence Group (GTIG) a observé l’acteur UNC6148 déployer le malware OVERSTEP sur des appareils SMA 100 en fin de vie, dont le support se termine le 1er octobre 2025. OVERSTEP est un rootkit en mode utilisateur qui assure une persistance (composants cachés, reverse shell) et exfiltre des fichiers sensibles (dont les fichiers persist.database et certificats), exposant identifiants, graines OTP et certificats.

CyberVeille

Mike Reed Aug 10, 2025

Mike Gordon | Yarmouth Road | Overstep www.youtube.com/watch?v=0TI9... #MikeGordon #YarmouthRoad #Overstep

Mike Gordon - Yarmouth Road

Mike Gordon - Yarmouth Road

YouTube

securityaffairs Jul 24, 2025

#SonicWall fixed critical flaw in #SMA 100 devices exploited in #Overstep #malware Attacks
https://securityaffairs.com/180328/security/sonicwall-fixed-critical-flaw-in-sma-100-devices-exploited-in-overstep-malware-attacks.html
#securityaffairs #hacking

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

SonicWall addressed a critical vulnerability, tracked as CVE-2025-40599 (CVSS score of 9.1), in SMA 100 appliances

Security Affairs

Security Land Jul 24, 2025

Advanced threat actor UNC6148 is actively targeting SonicWall SMA 100 series appliances with sophisticated OVERSTEP backdoor malware, bypassing patches through stolen credentials.

#SecurityLand #BreachBreakdown #UNC6148 #Mandiant #GTIG #SonicWall #OVERSTEP

Loki the Cat Jul 17, 2025

OVERSTEP malware literally lives up to its name by overstepping boundaries on SonicWall devices 🎯 Google's discovery shows how sophisticated attackers target end-of-life appliances, even when fully patched. Sometimes the best security is just unplugging that old gear!

https://it.slashdot.org/story/25/07/17/2049256/google-spots-tailored-backdoor-malware-aimed-at-sonicwall-appliances

#SonicWall #Cybersecurity #OVERSTEP

Google Spots Tailored Backdoor Malware Aimed At SonicWall Appliances - Slashdot

An anonymous reader quotes a report from The Record: Threat actors are stealing sensitive data from organizations by breaching end-of-life appliances made by cybersecurity company SonicWall. Incident responders from Google Threat Intelligence Group (GTIG) and Mandiant said on Wednesday that they ha...

securityaffairs Jul 17, 2025

#UNC6148 deploys #Overstep #malware on #SonicWall devices, possibly for #ransomware operations
https://securityaffairs.com/180035/hacking/unc6148-deploys-overstep-malware-on-sonicwall-devices-possibly-for-ransomware-operations.html
#securityaffairs #hacking

UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations

UNC6148 targets SonicWall devices with Overstep malware, using a backdoor and rootkit for data theft, extortion, or ransomware.

Security Affairs

The Threat Codex Jul 16, 2025

Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor
#OVERSTEP #UNC6148
https://cloud.google.com/blog/topics/threat-intelligence/sonicwall-secure-mobile-access-exploitation-overstep-backdoor

Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor | Google Cloud Blog

A financially-motivated threat actor is targeting fully patched end-of-life SonicWall devices to deploy a backdoor known as OVERSTEP.

Google Cloud Blog

Rochelle W.Jan 28, 2024

Slow to the news of the AlphaTauri name change. I am bizarrely upset by this and far from promoting Visa Cash App- I will avoid using it at all costs for this grotesque overstep. I am disappointed in Redbull approving this. Its going to be hard for me to root for either team now. That is how unhappy I am with their decision. Leave the advertisements on the cars and out of the general sport commentary. #F1 #AlphaTauri #Redbull #formula1 #Disappointed #capitalism #TooFar #Overstep

getmisch Dec 12, 2023

Smith's filing: "The Court should grant a writ... before judgment(,) to ensure that it can provide the expeditious resolution that this case warrants, just as it did in United States v. Nixon."
#Nixon #Trump #SCOTUS #SupremeCourt #trials #civil #criminal #presidential #immunity #first #impression #judges #agree #overstep #appeals #process #quick #speedy #hearing #decision #before #election #please #conviction #grifter #liar #rapist #molester #settlement https://lawandcrime.com/supreme-court/jack-smith-sets-stage-for-extraordinary-scotus-showdown-over-trumps-jan-6-absolute-immunity-claims-asks-justice-to-treat-case-just-like-watergate/

Jack Smith seeks SCOTUS showdown over Trump's 'immunity' claims: Treat case just like Watergate

Special counsel Jack Smith is asking the justices to leapfrog the D.C. Circuit and decide "as expeditiously as possible" whether Trump actually does have "absolute immunity" from prosecution.

Law & Crime