Threat Post

Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug

UPDATE: SolarWinds has fixed a Serv-U bug discovered when attackers used the Log4j flaw to try to log in to the file-sharing software. Attackers are trying to log in to SolarWinds Serv-U file-sharing ...
ZDNet

SolarWinds releases security advisory after Microsoft says customers 'targeted' through vulnerability

SolarWinds released updates for their Serv-U Managed File Transfer and Serv-U Secure FTP tools this weekend after being notified of Microsoft's vulnerability. In an advisory sent out on Friday and ...
Bleeping Computer

Microsoft: SolarWinds fixes Serv-U bug exploited for Log4j attacks

SolarWinds has patched a new Serv-U vulnerability discovered by Microsoft that threat actors attempted to use to propagate Log4j attacks to internal LDAP servers. Serv-U can be configured to ...
Bleeping Computer

Latest Serv-U news

SolarWinds has patched a new Serv-U vulnerability discovered by Microsoft that threat actors attempted to use to propagate Log4j attacks to internal LDAP servers. The Clop ransomware gang, also ...
Dark Reading

SolarWinds Discloses Zero-Day Under Active Attack

SolarWinds has issued an advisory confirming a new zero-day affecting its Serv-U Managed File Transfer and Serv-U Secured FTP products. It has developed a hotfix to address the flaw. The remote code ...
Ars Technica

Microsoft discovers critical SolarWinds zero-day under active attack

I know most on here will know Solarwinds for their network monitoring, and rightly so. However, being a managed file transfer (MFT) specialist I know them for their Serv-U product line Solarwinds ...
Threat Post

SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover

The by-now infamous company has issued patches for three security vulnerabilities in total. Three serious vulnerabilities have been found in SolarWinds products: Two in the Orion User Device Tracker ...
Dark Reading

SolarWinds Vulnerability Exploited in First Stage of Clop Ransomware Attacks

A recent surge in Clop ransomware attacks led researchers to spot a common thread in the first stage of the attack: the exploitation of a known and patched vulnerability in SolarWinds Serv-U file ...
ZDNet

SolarWinds patches three newly discovered software vulnerabilities

SolarWinds customers are being urged to apply newly released security patches after the discovery of three previously undisclosed severe vulnerabilities which could allow attackers to abuse the ...
The Verge

Microsoft attributes new SolarWinds attack to a Chinese hacker group

Microsoft’s Threat Intelligence Center (MSTIC) reported on Tuesday that SolarWinds software was attacked with a zero-day exploit by a group of hackers it calls “DEV-0322.” The hackers were focused on ...
Homeland Security Today

SolarWinds Releases Advisory for Serv-U Vulnerability

SolarWinds has released an advisory addressing a vulnerability—CVE-2021-35211—affecting Serv-U Managed File Transfer and Serv-U Secure FTP. Exploitation of this vulnerability may allow a remote ...