Have you been backing up your SoniWall to their cloud?
17 views
Skip to first unread message
Kurt Buff
Oct 10, 2025, 3:36:03 PM (9 days ago) Oct 10
to ntsys...@googlegroups.com
"While SonicWall insists the intrusion did not affect other MySonicWall
services or customer devices, it's urging administrators to treat the
incident seriously. Customers have been told to delete any existing
cloud backups, change their MySonicWall credentials, rotate shared
secrets and passwords, and recreate new backup files locally rather than
in the cloud."
All of your configs, credentials, etc. have been compromised.
Kurt
Micheal Espinola
Oct 10, 2025, 5:48:15 PM (9 days ago) Oct 10
to ntsys...@googlegroups.com
[...] confirms that the attackers successfully accessed data belonging to every customer who had ever used the cloud backup service [...]
So much for less than 5%
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce5n6_9HPygq-S8KAP1qrznqCg-kUvKMN3TcVqHLCQ1cHA%40mail.gmail.com.
--
---
Espi
Shawn K. Hall
Oct 10, 2025, 6:53:43 PM (9 days ago) Oct 10
to ntsys...@googlegroups.com
Maybe only 5% used cloud backup?
-S
> <https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce5n6_9HPyg
> q-S8KAP1qrznqCg-kUvKMN3TcVqHLCQ1cHA%40mail.gmail.com?utm_mediu
m=email&utm_source=footer> .
>
>
>
>
> --
>
>
> ---
> Espi
> %3DT3S9jcvPieYx18SZbVPSPHjViYHpV8VAg%40mail.gmail.com
> <https://groups.google.com/d/msgid/ntsysadmin/CAAfzEuw8fnXd2jE
> y%3DT3S9jcvPieYx18SZbVPSPHjViYHpV8VAg%40mail.gmail.com?utm_med
ium=email&utm_source=footer> .
>
>
-S
> q-S8KAP1qrznqCg-kUvKMN3TcVqHLCQ1cHA%40mail.gmail.com?utm_mediu
m=email&utm_source=footer> .
>
>
>
>
> --
>
>
> ---
> Espi
>
> --
> You received this message because you are subscribed to the
> Google Groups "ntsysadmin" group.
> To unsubscribe from this group and stop receiving emails from
> it, send an email to ntsysadmin+...@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/ntsysadmin/CAAfzEuw8fnXd2jEy
> --
> You received this message because you are subscribed to the
> Google Groups "ntsysadmin" group.
> To unsubscribe from this group and stop receiving emails from
> it, send an email to ntsysadmin+...@googlegroups.com.
> To view this discussion visit
> %3DT3S9jcvPieYx18SZbVPSPHjViYHpV8VAg%40mail.gmail.com
> <https://groups.google.com/d/msgid/ntsysadmin/CAAfzEuw8fnXd2jE
> y%3DT3S9jcvPieYx18SZbVPSPHjViYHpV8VAg%40mail.gmail.com?utm_med
ium=email&utm_source=footer> .
>
>
Micheal Espinola
Oct 10, 2025, 7:18:51 PM (9 days ago) Oct 10
to ntsys...@googlegroups.com
That's a fair point, but I'm skeptical because of the lack of information in the updated incident report. The changelog says:
2025-9-17 8:45 PM PDT: Revised incident disclosure text to clarify scope (<5% of firewalls), encrypted credentials, no known leaks, and brute-force (not ransomware) attack
And yet, where is this clarification of this scope in the incident report itself?
On top of that, what I particularly love, is that the downloadable PDF version cannot be searched for text even though it's essentially a print of the webpage itself. It's essentially an extended screenshot. You can't even click on the hyperlinks.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/6EEF077B942B4DFDB35A193A3C4A6934%40Firefly.
--
---
Espi
Reply all
Reply to author
Forward
0 new messages