Get Permission
Data breaches often turn out to be worse than they first appear, as investigators begin probing exactly what happened and when.
The massive SolarWinds supply chain attack, which was identified by FireEye in December 2020 after it traced back a breach of its systems that resulted in the theft of penetration testing tools, has already fit that mold in spades. Now, it appears that attackers had backdoored SolarWinds Orion network monitoring software by last March, which was used by 18,000 customers.
Incident responders have been racing to identify exactly who then got hit with second-stage attacks via the Orion backdoor, dubbed Sunburst, as well as what types of information they may have stolen. Victims are suspected to number in the hundreds, and are known to include Microsoft and Cisco, as well as the U.S. government s Commerce, Energy, Homeland Security, Justice, Labor, State and Treasury departments.
SolarWinds patches two critical CVEs in Orion platform
New vulnerabilities disclosed as SolarWinds reels from December 2020 Solorigate/Sunburst attack – but do not appear to have been exploited yet
Share this item with your network: By Published: 03 Feb 2021 11:00
Users of SolarWinds’ Orion networking platform – the service at the centre of the high-profile Solorigate/Sunburst attack – are once again being advised to patch their systems urgently following the disclosure of two unrelated critical vulnerabilities.
Discovered by researchers at Trustwave’s SpiderLabs unit, and assigned CVEs 2021-25274 and 2021-25275, the bugs were disclosed to SolarWinds on 30 December 2020 and confirmed in early January 2021. A patch has been available since 25 January, and proof-of-concept code is also available, although it is being held back for a bit longer to give end-user administrators more time to rectify the issues.
Robert Scammell 3rd February 2021 (Last Updated February 3rd, 2021 12:57)
Ascannio / Shutterstock.com
Share Article
Security researchers have discovered three “severe” security flaws in IT products made by SolarWinds, the company at the centre of a sprawling cyberattack that compromised up to 18,000 customers.
The most critical SolarWinds vulnerability allows remote code execution with high privileges of the company’s Orion platform, used for IT management.
The other two vulnerabilities are exploitable by someone with local access to take control of the SOLARWINDS ORION database, which could allow an attacker to steal data or add a new user with admin-level privileges. All three vulnerabilities have now been patched.
The by-now infamous company has issued patches for three security vulnerabilities in total.
Three serious vulnerabilities have been found in SolarWinds products: Two in the Orion User Device Tracker and one in the Serv-U FTP for Windows product. The most severe of these could allow trivial remote code execution with high privileges.
The SolarWinds Orion platform is the network management tool at the heart of the recent espionage attack against several U.S. government agencies, tech companies and other high-profile targets. It allows users to manage devices, software and firmware versioning, applications and so on, and has full visibility into enterprise customer networks.
Знаменитый архиватор WinZip позволяет хакерам захватывать ПК internetua.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from internetua.com Daily Mail and Mail on Sunday newspapers.