Security News > 2021 > July > SolarWinds Issues Hotfix for Zero-Day Flaw Under Active Attack
SolarWinds has issued a hotfix for a zero-day remote code execution vulnerability already under active, yet limited, attack on some of the company's customers.
Though the current threat appears to be from a sole actor and "Involves a limited, targeted set of customers," SolarWinds wanted to remedy the situation before it could escalate, the company said.
SolarWinds does not currently know many customers may be directly affected by the flaw, nor has it identified the ones who were targeted.
SolarWinds likely still has fresh memories of a global supply-chain attack targeting the company's technology that was discovered late last year and stretched well into 2021.
Specifically, attackers installed the Sunburst/Solorigate backdoor inside SolarWinds.
SolarWinds stressed in its advisory that the latest vulnerability is not related to that previous scenario - which cost the company $3.5 million in investigation and remediation expenses - in any way.
News URL
https://threatpost.com/solarwinds-hotfix-zero-day-active-attack/167704/
Related news
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- SolarWinds Web Help Desk flaw is now exploited in attacks (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) (source)
- SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures (source)