Security News

SolarWinds has issued a hotfix for a zero-day remote code execution vulnerability already under active, yet limited, attack on some of the company's customers. Though the current threat appears to be from a sole actor and "Involves a limited, targeted set of customers," SolarWinds wanted to remedy the situation before it could escalate, the company said.

SolarWinds has released an emergency patch for CVE-2021-35211, a RCE vulnerability affecting its Serv-U Managed File Transfer and Serv-U Secure FTP that is currently being exploited in the wild. "Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability. SolarWinds is unaware of the identity of the potentially affected customers," the company shared.

SolarWinds has issued an emergency patch after a critical security hole in its Serv-U Managed File Transfer and Serv-U Secure FTP was spotted being exploited in the wild. The vulnerability, discovered by Microsoft's Threat Intelligence Center and Offensive Security Research teams, can be exploited by an attacker to achieve remote code execution, and is present in Serv-U version 15.2.3 HF1 and all prior builds.

Security responders at SolarWinds are scrambling to contain a new zero-day vulnerability being actively exploited in what is being described as "Limited, targeted attacks." In an advisory issued over the weekend, SolarWinds said a single threat actor exploited security flaws in its Serv-U Managed File Transfer and Serv-U Secure FTP products against "a limited, targeted set of customers."

SolarWinds is urging customers to patch a Serv-U remote code execution vulnerability exploited in the wild by "a single threat actor" in attacks targeting a limited number of customers. "Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability," the company said in an advisory published on Friday.

In yet another sign that the Russian hackers who breached SolarWinds network monitoring software to compromise a slew of entities never really went away, Microsoft said the threat actor behind the malicious cyber activities used password spraying and brute-force attacks in an attempt to guess passwords and gain access to its customer accounts. Nobelium is the name assigned by Microsoft to the nation-state adversary responsible for the unprecedented SolarWinds supply chain attacks that came to light last year.

New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security. The good news is that security teams are beefing up network defenses, but the bad news is that most companies have recently suffered a cybersecurity incident that required a board meeting.

New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security. The good news is that security teams are beefing up network defenses, but the bad news is that most companies have recently suffered a cybersecurity incident that required a board meeting.

Microsoft says it has observed new activity associated with Nobelium, the Russia-linked threat actor that compromised IT management and monitoring solutions provider SolarWinds. The SolarWinds attack was brought to light in early December 2020 and it involved compromising SolarWinds' Orion monitoring product to deliver trojanized updates to the company's customers worldwide, in an effort to breach their networks.

The spies who backdoored SolarWinds' Orion software infiltrated Microsoft's support desk systems last month and obtained information to use in cyber-attacks on some of the Windows giant's customers, it was reported. Microsoft customers targeted by the support desk intruder have been alerted.