Hackers exploit SonicWall email security vulnerability

Join Transform 2021 this July 12-16. Register for the AI event of the year.


(Reuters) — Hackers have targeted customers of California-based network services firm SonicWall via a previously undisclosed vulnerability in its email security product, the company and cybersecurity firm FireEye said Tuesday.

In a statement, SonicWall said that the vulnerability had been “exploited in the wild”, meaning hackers had already used the flaw to break into target systems. SonicWall urged customers to “immediately upgrade” to a version that patched the hole.

The intrusions are the latest in a string of hacks using third-party provided software and hardware in the United States. The most notable – the compromise of SolarWinds by alleged Russian hackers last year – has raised concerns about the ability of end users to vet the security of their devices and their programs.

Last month, it was disclosed that an unknown number of Microsoft customers had been compromised after an allegedly Chinese hacking group made use of serious vulnerabilities in the company’s email server software.

Just last week, a breach with potentially serious knock-on consequences was reported at San Francisco-based software auditing firm Codecov. Earlier on Tuesday, hackers were outed for exploiting a serious vulnerability in VPN devices made by Utah-based IT firm Ivanti.

In SonicWall’s case, hackers could have used the weakness to easily gain “a pretty significant foothold” in their targets’ networks, said Charles Carmakal, a senior vice president of Mandiant, an arm of FireEye. He said his firm didn’t have a clear idea of who the hackers were and said that he was aware of “fewer than five” victims.

SonicWall did not immediately respond to a Reuters’ call for comment.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Source

Leave a Comment