Security News

Microsoft: Hackers Exploiting New SolarWinds Serv-U Bug Related to Log4j Attacks
2022-01-20 20:27

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247, the issue is an " input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation," Microsoft Threat Intelligence Center said.

Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug
2022-01-20 18:39

Threat actors have weaponized a newly discovered bug in SolarWinds Serv-U file-sharing software to launch Log4j attacks against networks' internal devices, Microsoft warned on Wednesday. SolarWinds fixed the vulnerability in Serv-U version 15.3, released on Tuesday.

New SolarWinds Serv-U vulnerability exploited in Log4j-related attacks
2022-01-20 10:18

Attackers looking to exploit recently discovered Log4j vulnerabilities are also trying to take advantage of a previously undisclosed vulnerability in the SolarWinds Serv-U software. It affects version 15.2.5 and previous versions of Serv-U, and has been patched by SolarWinds in version 15.3.

Microsoft: SolarWinds fixes Serv-U bug exploited for Log4j attacks
2022-01-19 22:32

SolarWinds has patched a Serv-U vulnerability discovered by Microsoft that threat actors actively used to propagate Log4j attacks to internal devices on a network. Microsoft says they discovered the vulnerability during their monitoring of the Log4j attacks.

SolarWinds Hackers Targeting Government and Business Entities Worldwide
2021-12-07 19:16

Nobelium, the threat actor attributed to the massive SolarWinds supply chain compromise, has been once again linked to a series of attacks targeting multiple cloud solution providers, services, and reseller companies, as the hacking group continues to refine and retool its tactics at an alarming pace in response to public disclosures. The revelations come exactly a year after details emerged of a Kremlin-backed hacking campaign that breached the servers of network management provider SolarWinds to distribute tainted software binaries to a number of high-profile customers, including nine U.S. federal agencies.

SolarWinds Attackers Spotted Using New Tactics, Malware
2021-12-07 13:24

Researchers said they've seen the threat group - which Microsoft refers to as "Nobelium" and which is linked to Russia's spy agency - compromising global business and government targets with novel tactics and custom malware, stealing data and moving laterally across networks. Researchers believe the threat actors acquired the credentials from an info-stealer malware campaign of a third party rather than one of their own, they said.

Stor-a-File hit by ransomware after crooks target SolarWinds Serv-U FTP software
2021-11-10 12:28

Stor-a-File, a British data capture and storage company, suffered a ransomware attack in August that exploited an unpatched instance of SolarWinds' Serv-U FTP software. "The medical company used Stor-a-file for the scanning of paper documents including medical records," our reader told us.

Clop gang exploiting SolarWinds Serv-U flaw in ransomware attacks
2021-11-09 14:54

The Clop ransomware gang, also tracked as TA505 and FIN11, is exploiting a SolarWinds Serv-U vulnerability to breach corporate networks and ultimately encrypt its devices. SolarWinds released an emergency security update in July 2021 after discovering a "a single threat actor" exploiting it in attacks.

SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks
2021-10-25 19:16

The SolarWinds attackers - an advanced persistent threat known as Nobelium - have started a new wave of supply-chain intrusions, this time using the technology reseller/service provider community to attack their targets. "While the SolarWinds supply-chain attack involved malicious code inserted in legitimate software, most of this recent intrusion activity has involved leveraging stolen identities and the networks of technology solutions, services and reseller companies in North America and Europe to ultimately access the environments of organizations that are targeted by the Russian government."

SolarWinds attacker on the move: Russia's Nobelium crew has trebled attacks targeting MSPs, cloud resellers, says Microsoft
2021-10-25 13:16

Russia's Nobelium group - fingered as being a Russian state actor by both the United States and Britain - has massively ramped up phishing and password spraying attempts against managed service providers and cloud resellers, Microsoft's security arm has warned. The Windows maker said the group's targeted attacks against "Resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers" had trebled over the past three months.