CyberVeille.ch2d ago
📢 Fuite de données chez un fournisseur: l’attaque ransomware contre Marquis expose des clients de banques américaines
📝 Selon BankInfoSecurity (article de Mathew...
📖 cyberveille : https://cyberveille.ch/posts/2026-01-04-fuite-de-donnees-chez-un-fournisseur-lattaque-ransomware-contre-marquis-expose-des-clients-de-banques-americaines/
🌐 source : https://www.bankinfosecurity.com/more-banks-issue-breach-notifications-over-supplier-breach-a-30421
#SonicWall #banques #Cyberveille
Fuite de données chez un fournisseur: l’attaque ransomware contre Marquis expose des clients de banques américaines

Selon BankInfoSecurity (article de Mathew J. Schwartz, 31 décembre 2025), plusieurs établissements financiers américains notifient des fuites de données liées à une attaque de ransomware ayant ciblé le fournisseur Marquis Software Solutions, éditeur texan de logiciels de marketing et de conformité pour plus de 700 banques et credit unions. • Nature de l’incident: une attaque de ransomware le 14 août impliquant la compromission d’un pare-feu SonicWall de Marquis. Des enquêteurs externes mandatés par Marquis ont établi que l’attaquant a pu accéder à des fichiers stockés par Marquis pour le compte de ses clients professionnels et que l’incident serait limité à l’environnement de Marquis. Les données potentiellement exposées incluent: noms, adresses, numéros de téléphone, numéros de sécurité sociale (SSN), informations de compte financier sans codes d’accès, et dates de naissance. 🚨

CyberVeille
Show threadⓂ3️⃣3️⃣ 🌌Dec 19
Sonicwall: "First!" 😆 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019

(in all good fun, keep up !) #sonicwall
Security Advisory

The New OilDec 19

#Sonicwall warns of new #SMA1000 zero-day exploited in attacks

https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-new-sma1000-zero-day-exploited-in-attacks/

#cybersecurity

Sonicwall warns of new SMA1000 zero-day exploited in attacks

SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges.

BleepingComputer
circlDec 18

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

#sonicwall #vulnerabilitymanagement #cybersecurity

CVE-2025-40602

🔗 https://vulnerability.circl.lu/vuln/CVE-2025-40602#sightings

cvelistv5 - CVE-2025-40602

Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.

securityaffairsDec 18
U.S. #CISA adds #Cisco, #SonicWall, and #ASUS flaws to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/185830/security/u-s-cisa-adds-cisco-sonicwall-and-asus-flaws-to-its-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking
U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Cisco, SonicWall, and ASUS vulnerabilities to its Known Exploited Vulnerabilities catalog..

Security Affairs
Offensive SequenceDec 18
⚠️ CRITICAL zero-day in SonicWall SMA 1000 exploited in the wild! Remote code execution possible with no auth. Patch urgently, segment networks, check logs for IOCs. No CVE yet. Details: https://radar.offseq.com/threat/sonicwall-patches-exploited-sma-1000-zero-day-0b1eed74 #OffSeq #SonicWall #ZeroDay #InfoSec
securityaffairsDec 17
#SonicWall warns of actively exploited flaw in SMA 100 AMC
https://securityaffairs.com/185809/hacking/sonicwall-warns-of-actively-exploited-flaw-in-sma-100-amc.html
#securityaffairs #hacking
SonicWall warns of actively exploited flaw in SMA 100 AMC

SonicWall warned users to patch a SMA1000 AMC flaw that was exploited as a zero-day privilege escalation vulnerability in attacks.

Security Affairs
TechNaduDec 8

iQ Credit Union has disclosed that a ransomware incident at its vendor, Marquis Software Solutions, exposed personal information of over 111K Washington residents. The attacker accessed files containing names, SSNs, dates of birth, addresses, and partial financial data after exploiting a SonicWall firewall.

Identity protection services are being provided, and individuals are advised to monitor accounts and consider credit freezes.

How should financial institutions rethink vendor-risk strategies moving forward?

Source: https://www.claimdepot.com/data-breach/iq-credit-union-2025

Share your insights and follow us for ongoing threat-intelligence updates.

#infosec #databreach #FinancialSecurity #VendorRisk #SonicWall #ThreatIntel #IdentityProtection #Ransomware #SecurityAwareness

TechNaduDec 8

GreyNoise reports a coordinated wave of login attempts against Palo Alto GlobalProtect portals, later expanding into scans of SonicWall SonicOS API endpoints. More than 7,000 IPs tied to 3xK GmbH infrastructure were involved.

Palo Alto Networks confirmed the activity represents credential-based probing, not a vulnerability exploit.
Defenders are encouraged to enforce MFA, track recurring client fingerprints, and apply dynamic blocking.

Source: https://www.bleepingcomputer.com/news/security/new-wave-of-vpn-login-attempts-targets-palo-alto-globalprotect-portals/

How are you monitoring for reconnaissance patterns across VPN and firewall surfaces today?
Share your approach and follow us for more operational threat updates.

#infosec #PaloAltoNetworks #SonicWall #GlobalProtect #ThreatHunting #ThreatIntel #NetworkSecurity #VPNsecurity

GreyNoiseDec 4

Palo + SonicWall campaign uncovered. We dug into a spike of GlobalProtect login attempts earlier this week and found something unexpected.

Full analysis: https://www.greynoise.io/blog/hidden-pattern-credential-based-attacks-palo-alto-sonicwall
#Palo #SonicWall #Cybersecurity

A Hidden Pattern Within Months of Credential-Based Attacks Against Palo Alto GlobalProtect

GreyNoise detected a surge of 7,000+ IPs attempting to log into GlobalProtect, sharing fingerprints with a surge in SonicWall API scanning and earlier Palo Alto campaigns, exposing a persistent credential-based attack pattern.