|
In
a statement
https://www.sonicwall.com/
support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360,
SonicWall Inc said that the vulnerability had been "exploited in
the wild", meaning hackers had already used the flaw to break
into target systems. SonicWall said it had published a fix for
the issue and urged customers to "immediately upgrade" their
software.
The intrusions are the latest in a string of hacks using
third-party provided software and hardware in the United States.
The most notable - the compromise of SolarWinds Corp by alleged
Russian hackers last year - has raised concerns about the
ability of end users to vet the security of their devices and
their programs.
Last month, it was disclosed that an unknown number of Microsoft
customers had been compromised after an allegedly Chinese
hacking group made use of serious vulnerabilities in the
company's email server software.
Just last week, a breach with potentially serious knock-on
consequences was reported at San Francisco-based software
auditing firm Codecov. Earlier on Tuesday, hackers were outed
for exploiting a serious vulnerability in VPN devices made by
Utah-based IT firm Ivanti.
In SonicWall's case, hackers could have used the weakness to
easily gain "a pretty significant foothold" in their targets'
networks, said Charles Carmakal, a senior vice president of
Mandiant, an arm of FireEye. He said his firm didn't have a
clear idea of who the hackers were and said that he was aware of
"fewer than five" victims.
(Reporting by Raphael Satter; Editing by Sam Holmes)
[© 2021 Thomson Reuters. All rights
reserved.] Copyright 2021 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
|
|
