Why MDR is better than antivirus for real environments

Attackers compromised ALL SonicWall firewall configuration backup files: The attackers who brute-forced their way into SonicWall’s firewall cloud backup service accessed configuration backup files of all customers who have used the service, SonicWall stated on Wednesday, following the conclusion of a Mandiant-supported investigation into the incident. Early reports suggested limited impact On September 17, SonicWall publicly confirmed the security incident and said that backup firewall preference files for fewer than 5% of its firewall install base had been accessed. Cory Clark, VP of … More → The post Attackers compromised ALL SonicWall firewall configuration backup files appeared first on Help Net Security. #HelpNetSecurity #Cybersecurity

SonicWall SSLVPN Compromise Huntress has reported a widespread compromise of SonicWall SSLVPN devices across multiple environments monitored by their platform. Threat actors are authenticating into multiple accounts rapidly across compromised devices, suggesting they control valid credentials rather than brute-forcing. The activity began around October 4 and has affected over 100 SSLVPN accounts across 16 monitored environments. In some cases, the actors disconnected shortly after login; in others, they performed network scanning and attempted to access numerous local Windows accounts. Huntress notes there is currently no evidence linking this activity to SonicWall’s recent cloud backup incident but continues to investigate. They recommend restricting remote access, resetting all credentials and keys, reviewing logs for suspicious activity, and enforcing MFA for all admin and remote accounts. For more information: https://lnkd.in/eX4TvWZJ #CyberSecurity #SonicWall #Huntress #IncidentResponse #NetworkSecurity #InfoSec #Vulnerability

The attackers who brute-forced their way into SonicWall’s firewall cloud backup service accessed configuration backup files of all customers who have used the service, SonicWall stated on Wednesday, following the conclusion of a Mandiant-supported investigation into the incident. Early reports suggested limited impact On September 17, SonicWall publicly confirmed the security incident and said that backup firewall preference files for fewer than 5% of its firewall install base had been accessed. Cory Clark, VP of … More → The post Attackers compromised ALL SonicWall firewall configuration backup files appeared first on Help Net Security. #CyberSecurity #DataBreach #SonicWall #Firewall #CloudBackup

Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks SonicWall on Wednesday disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. "The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks," the company said. It also noted that it's working to notify all partners and customers, adding it has released tools to assist with device assessment and remediation. The company is also urging users to log in and check for their devices. Stay connected for industry’s latest content – Follow Deepthi Talasila #DevSecOps #ApplicationSecurity #AgenticAI #CloudSecurity #CyberSecurity #AIinSecurity #SecureDevOps #AppSec #AIandSecurity #CloudComputing #SecurityEngineering #ZeroTrust #MLSecurity #AICompliance #SecurityAutomation #SecureCoding #linkedin #InfoSec #SecurityByDesign #AIThreatDetection #CloudNativeSecurity #ShiftLeftSecurity #SecureAI #AIinDevSecOps #SecurityOps #CyberResilience #DataSecurity #SecurityInnovation #SecurityArchitecture #TrustworthyAI #AIinCloudSecurity #NextGenSecurity https://lnkd.in/gRm9HJyx

At Vortex, we’ve moved entirely to a cloud-first environment, and one of the most impactful security decisions we made was migrating from traditional antivirus to Microsoft Defender for Endpoint. The difference has been clear from day one. Traditional antivirus solutions have always been reactive. They rely heavily on signature-based detection, meaning they can only protect against threats that have already been identified and catalogued. In today’s environment, where new and complex attacks appear daily, that approach simply doesn’t go far enough. Microsoft Defender for Endpoint operates on a completely different model. It uses cloud intelligence, behavioural analytics, and machine learning to detect suspicious activity, even when no known signature exists. Instead of waiting for definitions to update, it analyses how processes behave in real time and responds automatically to anything that looks out of place. One of the biggest advantages we’ve seen at Vortex is visibility. Whether a device is in the office or remote, we have a complete view of its security posture and can investigate or contain threats instantly. Everything feeds back into a central console, so instead of juggling multiple systems or disconnected alerts, we have one consistent view of what’s happening across our endpoints. Integration has also been seamless. Because Defender sits within the Microsoft ecosystem, it communicates with tools like Intune, Entra ID, and Microsoft 365 Security. That means we’re not dealing with third-party conflicts or gaps in coverage. It’s a unified environment that’s easier to manage and more reliable. Since deploying Defender for Endpoint, we’ve seen fewer false positives, faster response times, and a clear reduction in manual workload for our IT team. The built-in threat and vulnerability management gives us proactive guidance on patching and configuration, which helps us reduce risk before issues occur. Overall, Defender for Endpoint has proven to be far more than just antivirus. It’s a full endpoint detection and response platform that fits perfectly with a modern cloud strategy. For any organisation still relying on legacy antivirus, I’d strongly recommend exploring what Defender can do. The security landscape has changed — and this is a solution that’s built for where it’s heading, not where it’s been.

Threat actors accessed firewall configuration files from SonicWall's MySonicWall cloud backup service in early September, impacting all users. SonicWall confirmed on October 8 that the stolen files contain encrypted credentials and configurations, increasing the risk of targeted attacks. Users are advised to reset credentials and check for flagged serial numbers on affected firewalls. SonicWall is collaborating with Mandiant to enhance security and has provided tools for device assessment and remediation.

When Cloud Backups Aren’t as Safe as You Think SonicWall recently admitted what many feared: every single firewall backup stored in their cloud service was exposed to attackers. What began as a breach initially thought to affect 5 percent of backups has ballooned to 100 percent. The attackers accessed encrypted credentials and firewall configurations. Information that, in the wrong hands, can be used to manipulate or breach client networks. This vulnerability shows us how trust in managed services can backfire. Even though the backups were encrypted, attackers having possession of configuration files and credentials greatly increases the risk of deeper, targeted infiltration. Gaps in secrets management, rotation practices, and credential reuse across systems make this kind of breach more damaging. If your organization relies on cloud backup or remote configuration services, now is the time to rethink how much you trust them and how you guard against their failure modes. Regular credential rotation, tighter access segmentation, and verification of backups (ensuring they can’t be manipulated offline) are essential first steps. At RedZone Technologies, we specialize in assessing these trust boundaries. If you’d like help auditing your backup strategy or validating your secret rotation policies, let’s chat. Stay ahead of the latest cybersecurity trends, emerging threats, and practical defense strategies with our monthly RedZone newsletter. Each edition is crafted to keep IT leaders informed and ready for what’s next—without the noise. Subscribe today and join a community focused on smarter, stronger security. Sign up here: https://lnkd.in/ergFiyAE https://lnkd.in/eTAibu3u #CloudSecurity #BackupSafety #CredentialRisk #ConfigurationSecurity #CyberRisk #RedZoneTechnologies

Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks SonicWall on Wednesday disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. "The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks," the company said. It also noted that it's working to notify all partners and customers, adding it has released tools to assist with device assessment and remediation. The company is also urging users to log in and check for their devices. The development comes a couple of weeks after SonicWall urged customers to perform a credential reset after their firewall configuration backup files were exposed in a security breach impacting MySonicWall accounts. The list of impacted devices available on the MySonicWall portal has been assigned a priority level to help customers prioritize remediation efforts. The labels are as follows - https://lnkd.in/eFH9G5Hh Please follow Divye Dwivedi for such content.  #DevSecOps, #SecureDevOps, #CyberSecurity, #SecurityAutomation, #CloudSecurity, #InfrastructureSecurity, #DevOpsSecurity, #ContinuousSecurity, #SecurityByDesign, #SecurityAsCode, #ApplicationSecurity, #ComplianceAutomation, #CloudSecurityPosture, #SecuringTheCloud, #AI4Security #DevOpsSecurity #IntelligentSecurity #AppSecurityTesting #CloudSecuritySolutions #ResilientAI #AdaptiveSecurity #SecurityFirst #AIDrivenSecurity #FullStackSecurity #ModernAppSecurity #SecurityInTheCloud #EmbeddedSecurity #SmartCyberDefense #ProactiveSecurity

Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks SonicWall reported unauthorized access to encrypted firewall configuration backups for all cloud backup service users. While encryption holds, the breach raises risks for targeted attacks. The company is notifying affected parties, providing assessment tools, and urging credential resets and device checks via MySonicWall portal, prioritizing active devices for remediation following a prior MySonicWall account exposure. SonicWall has disclosed that threat actors gained unauthorized access to encrypted configuration backups of firewall appliances stored in its cloud backup service. The networking and cybersecurity company said the incident was detected on September 29, 2025, and that it impacts all users of the SonicWall Cloud Backup and Recovery Service (CBRS), although the backups are encrypted. "While the backups are encrypted, we are notifying all potentially affected customers and providing tools to help them assess the potential impact," SonicWall said in a security advisory published last week. "We recommend customers reset credentials and check devices for any signs of compromise." https://lnkd.in/ecgxjN8f

A firewall is no longer enough. It locks the front door, but today’s attackers are getting in through open windows: endpoints, cloud apps, and identity systems. That’s why modern security calls for a layered approach, with end-to-end defences that overlap, reinforce and stop attackers from breaking in. So what are the layers? And how do you put them in place? Read the full breakdown here: https://lnkd.in/gCjjr-Uc #CyberSecurity #CloudSecurity #SIEM #EndpointSecurity #CIO #CISO