• ethiocert
  • ethiocert
  • ethiocert

Nested Applications

first link

 

Untitled Basic Web Content

 

Asset Publisher

null Microsoft: Hackers Exploiting New SolarWinds Serv-U Bug Related to Log4j Attacks

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets.

Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation.

The flaw, which was discovered by security researcher Jonathan Bar Or, affects Serv-U versions 15.2.5 and prior, and has been addressed in Serv-U version 15.3.

"The Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized," SolarWinds said in an advisory, adding it "updated the input mechanism to perform additional validation and sanitization."

The IT management software maker also pointed out that "no downstream effect has been detected as the LDAP servers ignored improper characters." It's not immediately clear if the attacks detected by Microsoft were mere attempts to exploit the flaw or if they were ultimately successful.
The development comes as multiple threat actors continue to take advantage of the Log4Shell flaws to mass scan and infiltrate vulnerable networks for deploying backdoors, coin miners, ransomware, and remote shells that grant persistent access for further post-exploitation activity.

On top of this,  previously observed exploiting a critical security vulnerability affecting SolarWinds Serv-U (CVE-2021-35211) to install malicious programs on the infected machines.

Services

 

Services

ema
Protect

This refers to making sure an organization has taken the necessary measures and precautions to secure itself before any cybersecurity problems arise. This area focuses on proactive strategies rather than reactive strategies.

ema
Detect

Incidents cannot be responded to unless they are detected. In fact, detection of security incidents may take weeks or months for many organizations to accomplish.

ema
Respond

Responding to a computer security incident has a few steps. The first step is when the team receives a report of an incident from a constituent, such as a user, business partner or security operations center staff member.

Nested Applications

Alerts and Tips

Alerts and Tips

 

Security Awareness

Security Awareness

Tools

Tools