Security News

SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager software, six of which allowed attackers to gain remote code execution on vulnerable devices. Access Rights Manager is a critical tool in enterprise environments that helps admins manage and audit access rights across their organization's IT infrastructure to minimize threat impact.

ProPublica has a long investigative article on how the Cyber Safety Review Board failed to investigate the SolarWinds attack, and specifically Microsoft’s culpability, even though they were...

A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995...

Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept exploits. The vulnerability arises from insufficient validation of path traversal sequences, enabling attackers to bypass security checks and access sensitive files.

SolarWinds has fixed a high-severity vulnerability affecting its Serv-U managed file transfer server solution, which could be exploited by unauthenticated attackers to access sensitive files on the host machine. Serv-U MFT Server is a widely used enterprise solution that provides secure file transfer and file sharing hosted on Windows and Linux machines.

SolarWinds has released updates for Access Rights Manager and Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations. The company whose Orion IT administration platform has been infamously compromised in 2020 to deploy backdoors on select agencies' and companies' systems, has patched five vulnerabilities affecting its Access Rights Manager solution.

SolarWinds has patched five remote code execution flaws in its Access Rights Manager solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.Access Rights Manager allows companies to manage and audit access rights across their IT infrastructure to minimize insider threat impact and more.

In a motion to dismiss [PDF] the SEC's lawsuit, the embattled developer described the fraud charges leveled against it, and its CISO Tim Brown, "As unfounded as they are unprecedented." In a statement to The Register, Serrin Turner, an attorney at Latham and Watkins, which is representing SolarWinds, railed against the SEC's charges.

The SEC's cybersecurity-related capabilities were again questioned when SolarWinds addressed the allegations that it didn't follow the NIST Cybersecurity Framework at the time of the attack. The thrust of the SEC's lawsuit concerns how the communication from and actions taken by the company and its CISO, Timothy G Brown, allegedly misled investors about its security practices and known risks, and there are claims SolarWinds did not directly address in its riposte.

The Securities and Exchange Commission brought charges against both Austin, TX-based information security software company SolarWinds and its CISO Timothy G. Brown on October 30. The SEC alleges that between SolarWinds' October 2018 initial public offering and the December 2020 announcement of the large-scale cyberattack, SolarWinds and Brown specifically " defrauded investors by overstating SolarWinds' cybersecurity practices and understating or failing to disclose known risks.