-
SEC charges tech companies for downplaying SolarWinds breaches
The SEC has charged four companies—Unisys Corp, Avaya Holdings, Check Point Software, and Mimecast—for allegedly misleading investors about the impact of their breaches during the massive 2020 SolarWinds Orion hack.
- October 22, 2024
- 02:31 PM
0
-
SolarWinds Web Help Desk flaw is now exploited in attacks
CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024.
- October 16, 2024
- 03:53 PM
0
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
SolarWinds fixes hardcoded credentials flaw in Web Help Desk
SolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials.
- August 22, 2024
- 11:01 AM
- 0
-
CISA warns critical SolarWinds RCE bug is exploited in attacks
CISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds' Web Help Desk solution for customer support.
- August 16, 2024
- 12:33 PM
- 0
-
SolarWinds fixes critical RCE bug affecting all Web Help Desk versions
A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today.
- August 14, 2024
- 11:22 AM
- 0
-
SolarWinds fixes 8 critical bugs in access rights audit software
SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager (ARM) software, six of which allowed attackers to gain remote code execution (RCE) on vulnerable devices.
- July 18, 2024
- 11:51 AM
- 0
-
SolarWinds Serv-U path traversal flaw actively exploited in attacks
Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits.
- June 20, 2024
- 11:45 AM
- 0
-
SolarWinds fixes critical RCE bugs in access rights audit solution
SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.
- February 16, 2024
- 01:32 PM
- 0
-
SEC sues SolarWinds for misleading investors before 2020 hack
The U.S. Securities and Exchange Commission (SEC) today charged SolarWinds with defrauding investors by allegedly concealing cybersecurity defense issues before a December 2020 linked to APT29, the Russian Foreign Intelligence Service (SVR) hacking division.
- October 30, 2023
- 05:54 PM
- 1
-
Critical RCE flaws found in SolarWinds access audit solution
Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product that remote attackers could use to run code with SYSTEM privileges.
- October 20, 2023
- 10:59 AM
- 1
-
RomCom RAT malware campaign impersonates KeePass, SolarWinds NPM, Veeam
The threat actor behind the RomCom RAT (remote access trojan) has refreshed its attack vector and is now abusing well-known software brands for distribution.
- November 03, 2022
- 03:36 PM
- 0
-
Microsoft: Windows 11 KB5012643 update will break some apps
Microsoft has warned Windows 11 users that they might experience issues launching and using some .NET Framework 3.5 applications.
- May 04, 2022
- 10:06 AM
- 3
-
SolarWinds warns of attacks targeting Web Help Desk instances
SolarWinds warned customers of attacks targeting Internet-exposed Web Help Desk (WHD) instances and advised removing them from publicly accessible infrastructure (likely to prevent the exploitation of a potential security flaw).
- March 16, 2022
- 04:18 PM
- 0
-
Microsoft: SolarWinds fixes Serv-U bug exploited for Log4j attacks
SolarWinds has patched a new Serv-U vulnerability discovered by Microsoft that threat actors attempted to use to propagate Log4j attacks to internal LDAP servers.
- January 19, 2022
- 05:32 PM
- 0
-
Clop gang exploiting SolarWinds Serv-U flaw in ransomware attacks
The Clop ransomware gang, also tracked as TA505 and FIN11, is exploiting a SolarWinds Serv-U vulnerability to breach corporate networks and ultimately encrypt its devices.
- November 09, 2021
- 09:54 AM
- 0
-
Autodesk reveals it was targeted by Russian SolarWinds hackers
Autodesk has confirmed that it was also targeted by the Russian state hackers behind the large-scale SolarWinds Orion supply-chain attack, almost nine months after discovering that one of its servers was backdoored with Sunburst malware.
- September 02, 2021
- 07:30 AM
- 0
-
DOJ: SolarWinds hackers breached emails from 27 US Attorneys’ offices
The US Department of Justice says that the Microsoft Office 365 email accounts of employees at 27 US Attorneys' offices were breached by the Russian Foreign Intelligence Service (SVR) during the SolarWinds global hacking spree.
- July 30, 2021
- 08:12 PM
- 0
-
Chinese hackers use new SolarWinds zero-day in targeted attacks
China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server.
- July 13, 2021
- 07:54 PM
- 0
-
SolarWinds patches critical Serv-U vulnerability exploited in the wild
SolarWinds is urging customers to patch a Serv-U remote code execution vulnerability exploited in the wild by "a single threat actor" in attacks targeting a limited number of customers.
- July 12, 2021
- 10:17 AM
- 0
-
Russian hackers had months-long access to Denmark's central bank
Russian state hackers compromised Denmark's central bank (Danmarks Nationalbank) and planted malware that gave them access to the network for more than half a year without being detected.
- June 29, 2021
- 01:48 PM
- 4
