Hackers Exploiting Critical SolarWinds Serv-U Vulnerability In The Wild

The attacks evolved from simple vulnerability scans to intense exploitation attempts, with peaks of new payload types observed on specific dates (“July 7” and “July 29”). attempts emerged and target sensitive files like “unattended.xml” and “sysprep.xml,” which may contain credentials in plaintext. This flaw allowed attackers to read arbitrary files by manipulating the “InternalDir” and “InternalFile” parameters in ‘HTTP’ requests. Moreover, helpful insights into the lifecycle and exploitation patterns of a “high-profile vulnerability” in a widely-used “enterprise software product” are provided by this real-world data. In June 2024, SolarWinds’ “Serv-U” file transfer product was found to have a “critical path-traversal” vulnerability. The analysis also noted “broken” requests with typos or incorrect paths and creative guesses like “password.txt” on the administrator’s desktop. Besides this, the “Linux” systems were initially probed, and “Windows” became the primary target, according to the GreyNoise report. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News Is a Dedicated News Channel For Hackers And Security Professionals. The company gained fame following a significant supply chain attack in 2020, where hackers inserted malicious code into Orion updates, compromising the networks of over 30,000 clients. Get Latest Hacker News & Cyber Security Newsletters update Daily.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 01 Oct 2024 11:40:19 +0000


Cyber News related to Hackers Exploiting Critical SolarWinds Serv-U Vulnerability In The Wild

CISOs on alert following SEC charges against SolarWinds - While the outcome of the Security and Exchange Commission's complaint against SolarWinds remains to be seen, infosec experts say the charges are likely to have a major impact on the role of the CISO going forward. In late October, the SEC charged ...
8 months ago Techtarget.com
Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024 - COMMENTARY. In December 2020, the SolarWinds attack sent shockwaves around the world. Attackers gained unauthorized access to SolarWinds' software development environment, injected malicious code into Orion platform updates, and created a backdoor ...
9 months ago Darkreading.com
SolarWinds Files Motion to Dismiss SEC Lawsuit - In a new filing with the US Southern District Court of New York, SolarWinds argued that the Securities and Exchange Commission was outside of its depth of expertise as well as its scope of authority in charging SolarWinds and its chief information ...
8 months ago Darkreading.com
Echoes of SolarWinds: JetBrains TeamCity servers under attack by Russia-backed hackers - The SolarWinds hackers are infiltrating JetBrains TeamCity servers via a critical vulnerability enabling authorization bypass and arbitrary code execution, government officials warn. Russian Foreign Intelligence Service-backed threat actor CozyBear ...
9 months ago Packetstormsecurity.com
Critical RCE flaws found in SolarWinds access audit solution - Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager product that remote attackers could use to run code with SYSTEM privileges. SolarWinds ARM is a tool that enables organizations to ...
10 months ago Bleepingcomputer.com
Hackers Exploiting Critical SolarWinds Serv-U Vulnerability In The Wild - The attacks evolved from simple vulnerability scans to intense exploitation attempts, with peaks of new payload types observed on specific dates (“July 7” and “July 29”). attempts emerged and target sensitive files like ...
1 week ago Cybersecuritynews.com
CVE-2021-35211 - Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. ...
1 year ago
Google links WinRAR exploitation to Russian, Chinese state hackers - Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. ...
10 months ago Bleepingcomputer.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
1 year ago Hackread.com
The Unlikely Romance of Hackers and Government Suitors - The annual Hack the Capitol event brings together a diverse group of scientists, hackers, and policymakers to educate congressional staffers, scholars, and the press about the most critical cybersecurity challenges facing our nation. Hack the Capitol ...
9 months ago Darkreading.com
Russia is exploiting JetBrains TeamCity users at large scale The Register - Updated The offensive cyber unit linked to Russia's Foreign Intelligence Service is exploiting the critical vulnerability affecting the JetBrains TeamCity CI/CD server at scale, and has been since September, authorities warn. Announced in late ...
9 months ago Go.theregister.com
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
4 months ago Securityaffairs.com
Russian hackers exploiting Outlook bug to hijack Exchange accounts - Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted ...
10 months ago Bleepingcomputer.com
CISA: Russian hackers target TeamCity servers since September - CISA and partner cybersecurity agencies and intelligence services warned that the APT29 hacking group linked to Russia's Foreign Intelligence Service has been targeting unpatched TeamCity servers in widespread attacks since September 2023. APT29 is ...
10 months ago Bleepingcomputer.com
Hackers exploit critical D-Link DIR-859 router flaw to steal passwords - Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords. The security issue was disclosed in January and is currently tracked as CVE-2024-0769 - ...
3 months ago Bleepingcomputer.com
Exploits released for critical Jenkins RCE flaw, patch now - Multiple proof-of-concept exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks. ...
8 months ago Bleepingcomputer.com
RCE vulnerabilities fixed in SolarWinds enterprise solutions - SolarWinds has released updates for Access Rights Manager and Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations. The company whose Orion IT administration platform has been infamously compromised ...
7 months ago Helpnetsecurity.com
14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries - Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. Multiple flaws in DrayTek ...
1 week ago Securityaffairs.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
8 months ago Bleepingcomputer.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
8 months ago Bleepingcomputer.com
Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare - APT29, the notorious Russian advanced persistent threat behind the 2020 SolarWinds hack, is actively exploiting a critical security vulnerability in JetBrains TeamCity that could open the door to rampant software supply chain attacks. According to ...
9 months ago Darkreading.com
Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
10 months ago Bleepingcomputer.com
Hackers breach US govt agencies using Adobe ColdFusion exploit - The U.S. Cybersecurity and Infrastructure Security Agency is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. The security issue allows ...
10 months ago Bleepingcomputer.com
Hackers start exploiting critical ownCloud flaw, patch now - Hackers are exploiting a critical ownCloud vulnerability tracked as CVE-2023-49103 that exposes admin passwords, mail server credentials, and license keys in containerized deployments. OwnCloud is a widely used open-source file synchronization and ...
10 months ago Bleepingcomputer.com
Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now! - “Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, a remote code execution vulnerability in Zimbra mail servers. Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, ...
1 week ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)