Sonic Booms to SonicWall: Cybersecurity News from Sept. 19-22

Whether your weekend was restful or you were assembling your family's fall decorations, bad actors were hard at work. From Friday through today, we have seen airport disruptions and firewall breaches. Here’s a breakdown of the major developments and why they matter.

• Cyberattack on Collins Aerospace / Muse Software disrupts European airports

  • A cyberattack targeting Collins Aerospace’s MUSE (Multi-User System Environment) software caused significant disruption on Sept. 19-20 at major airports in Europe (Heathrow, Berlin, Brussels, Dublin). Flight check-ins, baggage drop, and other boarding/boarding-support systems were affected. The attack forced airports to revert to manual processing, resulting in cancellations, long delays, frustration among passengers, and operational backlog. Collins Aerospace (an RTX company) is working with European regulators/agencies to restore systems. There is concern about reliance on third-party platforms for core infrastructure in air travel.

  • Read more about how this breach took off.

     

• Stellantis breach via third-party provider

  • The automotive giant Stellantis disclosed a breach at one of its service providers supporting North American customer service. Only basic contact info was exposed — no financial or highly sensitive personal data has been reported compromised so far. The company is notifying affected customers and warning them about potential phishing attempts.

  • Find out what's driving this breach.

  •  

  •  

• SonicWall "MySonicWall" service breach

  • Remember how we told you  SonicWall was sunsetting their legacy VPN product and giving customers one option: to migrate to their cloud service? If you're moving over, you might want to re-think that.

  • SonicWall confirmed that its cloud service “MySonicWall” was breached. Attackers accessed backup configuration files via brute-force attacks. These files (though encrypted) included network rules, VPN configuration details, and service credentials. The scale: estimated that <5% of its customer base was affected, but that still could mean tens of thousands of organizations globally may face risk. SonicWall has asked users to reset credentials, removed attacker access, and is improving security measures.

  • Learn if you've been impacted.

  •  

• Final takeaway

• This weekend’s incidents share a common theme: attackers exploit weakest links — often service providers, configurations, or overlooked data.

  Here’s how to protect your organization:

  1. 1. Adopt a Zero-Trust mindset → Limit access to only what’s necessary.

  2. 2. Use MFA everywhere → Credentials alone are not enough.

  3. 3. Harden and segment your network → Contain potential breaches before they spread.

  4. 4. Vet your vendors → Third-party risk is real.

  5. 5. Prepare for phishing fallout → Assume exposed contact info = targeted campaigns.

  6. Ready to find out how OpenVPN can help? Join a demo. 
  7. 
•