SolarWinds Web Help Desk Vulnerability Exposes Critical Security Risks

SolarWinds Web Help Desk, a widely used IT service management tool, has been found to contain a critical vulnerability that could allow attackers to gain unauthorized access to sensitive systems. This security flaw, identified as CVE-2023-35078, enables remote code execution due to improper input validation. Exploiting this vulnerability could lead to data breaches, system compromise, and disruption of IT operations. SolarWinds has released patches to address the issue, urging all users to update their software immediately to mitigate potential risks. Cybersecurity experts emphasize the importance of timely patch management and continuous monitoring to defend against exploitation attempts. This incident highlights the ongoing challenges organizations face in securing third-party software and the need for robust vulnerability management practices. The SolarWinds Web Help Desk vulnerability serves as a critical reminder for IT teams to prioritize security updates and maintain vigilance against emerging threats in the cybersecurity landscape.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 23 Sep 2025 12:20:24 +0000

Cyber News related to SolarWinds Web Help Desk Vulnerability Exposes Critical Security Risks

8 Strategies for Defending Against Help Desk Attacks - COMMENTARY. Defensive security techniques often lag offensive attack tactics, opening companies to heightened risk from rapidly evolving threats. An alarming case in point is the help desk, one of today's most exposed organizational Achilles' heels. ...
1 year ago Darkreading.com

CISOs on alert following SEC charges against SolarWinds - While the outcome of the Security and Exchange Commission's complaint against SolarWinds remains to be seen, infosec experts say the charges are likely to have a major impact on the role of the CISO going forward. In late October, the SEC charged ...
1 year ago Techtarget.com

Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
1 year ago Bleepingcomputer.com

Clorox lawsuit says help-desk contractors handed over passwords in 2023 cyberattack | The Record from Recorded Future News - Cleaning product giant Clorox has filed a lawsuit against Cognizant, a company it hired to operate its IT services call-in help desk, accusing the contractor of being directly responsible for a 2023 cyberattack that cost hundreds of millions. In ...
2 months ago Therecord.media

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
3 months ago Cybersecuritynews.com

Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024 - COMMENTARY. In December 2020, the SolarWinds attack sent shockwaves around the world. Attackers gained unauthorized access to SolarWinds' software development environment, injected malicious code into Orion platform updates, and created a backdoor ...
1 year ago Darkreading.com

SolarWinds Files Motion to Dismiss SEC Lawsuit - In a new filing with the US Southern District Court of New York, SolarWinds argued that the Securities and Exchange Commission was outside of its depth of expertise as well as its scope of authority in charging SolarWinds and its chief information ...
1 year ago Darkreading.com

SolarWinds Web Help Desk Vulnerability Exposes Critical Security Risks - SolarWinds Web Help Desk, a widely used IT service management tool, has been found to contain a critical vulnerability that could allow attackers to gain unauthorized access to sensitive systems. This security flaw, identified as CVE-2023-35078, ...
2 weeks ago Cybersecuritynews.com CVE-2023-35078

SolarWinds releases third patch to fix Web Help Desk RCE bug - SolarWinds has issued its third security patch to address a critical remote code execution (RCE) vulnerability in its Web Help Desk software. This vulnerability, identified as CVE-2023-35078, allows attackers to execute arbitrary code on affected ...
2 weeks ago Bleepingcomputer.com CVE-2023-35078

Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens - Vulnerability disclosure: Legal risks and ethical considerations for researchersIn this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in ...
1 year ago Helpnetsecurity.com

Securing helpdesks from hackers: What we can learn from the MGM breach - In the wake of the MGM Resorts service desk hack, it's clear that organizations need to rethink their approach to security, particularly when it comes to verifying the identity of employees contacting the helpdesk. In this article, we'll explore how ...
1 year ago Bleepingcomputer.com

Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
6 months ago Cybersecuritynews.com

Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com

What is Word Unscrambler In Gaming? - Are you tired of getting stuck on those tricky word puzzles in your favourite mobile game? Have you ever wished for a tool to help unscramble those seemingly impossible words? Look no further because the word unscrambler is here to save the day! This ...
2 years ago Hackread.com

Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days - Strategies for secure identity management in hybrid environmentsIn this Help Net Security interview, Charlotte Wylie, SVP and Deputy CSO at Okta, discusses the challenges of managing user identities across hybrid IT environments. Leveraging AI for ...
1 year ago Helpnetsecurity.com

Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast - What organizations need to know about the Digital Operational Resilience ActIn this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act on ...
1 year ago Helpnetsecurity.com

10 Best Dark Web Monitoring Tools in 2025 - DarkOwl is a comprehensive dark web monitoring tool that provides organizations with real-time intelligence on emerging threats and data breaches. Recorded Future is a comprehensive dark web monitoring tool that leverages machine learning and ...
2 months ago Cybersecuritynews.com

6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
1 year ago Esecurityplanet.com

The First 10 Days of a vCISO’S Journey with a New Client - Cyber Defense Magazine - During this period, the vCISO conducts a comprehensive assessment to identify vulnerabilities, engages with key stakeholders to align security efforts with business objectives, and develops a strategic roadmap to prioritize actions and resources. If ...
1 year ago Cyberdefensemagazine.com

Echoes of SolarWinds: JetBrains TeamCity servers under attack by Russia-backed hackers - The SolarWinds hackers are infiltrating JetBrains TeamCity servers via a critical vulnerability enabling authorization bypass and arbitrary code execution, government officials warn. Russian Foreign Intelligence Service-backed threat actor CozyBear ...
1 year ago Packetstormsecurity.com CVE-2023-42793

Critical RCE flaws found in SolarWinds access audit solution - Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager product that remote attackers could use to run code with SYSTEM privileges. SolarWinds ARM is a tool that enables organizations to ...
1 year ago Bleepingcomputer.com

Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
1 year ago Darkreading.com Scattered Spider

Modern DevSecOps - DevSecOps - a fusion of development, security, and operations - emerged as a response to the challenges of traditional software development methodologies, particularly the siloed nature of development and security teams. DevSecOps aims to break down ...
1 year ago Feeds.dzone.com

Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
1 year ago Helpnetsecurity.com

Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware - Transitioning to memory-safe languages: Challenges and considerationsIn this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation, discusses the evolution of memory-safe programming languages and ...
1 year ago Helpnetsecurity.com LockBit