We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
(Reuters) — Hackers have targeted customers of California-based network services firm SonicWall via a previously undisclosed vulnerability in its email security product, the company and cybersecurity firm FireEye said Tuesday.
In a statement, SonicWall said that the vulnerability had been “exploited in the wild,” meaning hackers had already used the flaw to break into target systems. SonicWall urged customers to “immediately upgrade” to a version that patched the hole.
The intrusions are the latest in a string of hacks using third-party-provided software and hardware in the United States. The most notable — the compromise of SolarWinds by alleged Russian hackers last year — has raised concerns about the ability of end users to vet the security of their devices and their programs.
Last month, it was disclosed that an unknown number of Microsoft customers had been compromised after an allegedly Chinese hacking group made use of serious vulnerabilities in the company’s email server software.
Just last week, a breach with potentially serious knock-on consequences was reported at San Francisco-based software auditing firm Codecov. Earlier on Tuesday, hackers were outed for exploiting a serious vulnerability in VPN devices made by Utah-based IT firm Ivanti.
In SonicWall’s case, hackers could have used the weakness to easily gain “a pretty significant foothold” in their targets’ networks, said Charles Carmakal, a senior VP of Mandiant, an arm of FireEye. He said his firm didn’t have a clear idea of who the hackers were and said that he was aware of “fewer than five” victims.
SonicWall did not immediately respond to a Reuters’ call for comment.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.