ITWire

iTWire - SolarWinds FTP credentials were leaking on GitHub in November 2019

A researcher from India had advised SolarWinds in November 2019 that he had found a public GitHub repository which was leaking the company's FTP credentials. Vinoth Kumar, who describes himself as a ...
Bleeping Computer

Chinese hackers use new SolarWinds zero-day in targeted attacks

China-based hackers known to target US defense and software companies are now targeting organizations using a vulnerability in the SolarWinds Serv-U FTP server. Today, SolarWinds released a security ...
HotHardware

Microsoft Discovers 0-Day Vulnerability Actively Exploited In SolarWinds FTP Product

Yesterday, Microsoft reported that it had detected a 0-day remote code execution exploit being used in the wild against SolarWinds’ Serv-U FTP product. The vulnerability that allowed this exploit has ...
Ars Technica

SolarWinds patches vulnerabilities that could allow full system control

SolarWinds, the previously little-known company whose network-monitoring tool Orion was a primary vector for one of the most serious breaches in US history, has pushed out fixes for three severe ...
Bleeping Computer

SolarWinds patches critical vulnerabilities in the Orion platform

Even with the security updates prompted by the recent SolarWinds Orion supply-chain attack, researchers still found some glaring vulnerabilities affecting the platform, one of them allowing code ...
Threat Post

SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover

The by-now infamous company has issued patches for three security vulnerabilities in total. Three serious vulnerabilities have been found in SolarWinds products: Two in the Orion User Device Tracker ...
Threat Post

The SolarWinds Perfect Storm: Default Password, Access Sales and More

Meanwhile, FireEye has found a kill switch, and Microsoft and other vendors are quickly moving to block the Sunburst backdoor used in the attack. A perfect storm may have come together to make ...