June 7, 2023

Researchers reported three new vulnerabilities in SolarWinds products

The vulnerabilities, which have been already been patched, included a remote code execution flaw in Orion that required only network access. That flaw allows hackers to use an improperly installed Microsoft Messaging Queue to send commands for a server to execute.

Two other vulnerabilities require local access. One flaw in SolarWinds Serv-U FTP allows users to grant themselves read and write access, while a second flaw in Orion stemmed from insecurely stored credentials guarding the SOLARWINDS_ORION database.

SolarWinds, a widely used network management vendor, was the first of a handful of firms leveraged in supply chain attacks

All products within supply chains will have to adapt to the new reality that began after the SolarWinds breaches were discovered. Indeed, new assessments of their products, looking for any signs of suspicious activity, code anomalies, or exploits.

Tags:

Leave a Reply

You may have missed

Microsoft to comply with LinkedIn GDPR Violation

Microsoft to comply with LinkedIn GDPR Violation

June 7, 2023
Google Fixes Third Chrome Zeroday

Google Fixes Third Chrome Zeroday

June 6, 2023
Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
%d bloggers like this: