Security News > 2021 > July > SolarWinds Issues Hotfix for Zero-Day Flaw Under Active Attack
SolarWinds has issued a hotfix for a zero-day remote code execution vulnerability already under active, yet limited, attack on some of the company's customers.
Though the current threat appears to be from a sole actor and "Involves a limited, targeted set of customers," SolarWinds wanted to remedy the situation before it could escalate, the company said.
SolarWinds does not currently know many customers may be directly affected by the flaw, nor has it identified the ones who were targeted.
SolarWinds likely still has fresh memories of a global supply-chain attack targeting the company's technology that was discovered late last year and stretched well into 2021.
Specifically, attackers installed the Sunburst/Solorigate backdoor inside SolarWinds.
SolarWinds stressed in its advisory that the latest vulnerability is not related to that previous scenario - which cost the company $3.5 million in investigation and remediation expenses - in any way.
News URL
https://threatpost.com/solarwinds-hotfix-zero-day-active-attack/167704/
Related news
- Google fixes two Android zero-days used in targeted attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- Japan warns of IO-Data zero-day router flaws exploited in attacks (source)
- Fully patched Cleo products under renewed 'zero-day-ish' mass attack (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)