fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

SolarWinds patches critical Serv-U vulnerability exploited in the wild

SolarWinds patches critical Serv-U vulnerability exploited in the wild

SolarWinds is urging customers to patch a Serv-U remote code execution vulnerability exploited in the wild by “a single threat actor” in attacks targeting a limited number of customers.

“Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability,” the company said in an advisory published on Friday.

“To the best of our understanding, no other SolarWinds products have been affected by this vulnerability. [..] SolarWinds is unaware of the identity of the potentially affected customers.”

Also Read: How Does Ransomware Work? Examples and Defense Tips

Only impacts servers with SSH enabled

The zero-day vulnerability (tracked as CVE-2021-35211) impacts Serv-U Managed File Transfer and Serv-U Secure FTP, and it enables remote threat actors to execute arbitrary code with privileges following successful exploitation.

According to SolarWinds, “if SSH is not enabled in the environment, the vulnerability does not exist.”

The bug found by Microsoft Threat Intelligence Center (MSTIC) and Microsoft Offensive Security Research teams in the latest Serv-U 15.2.3 HF1 released in May 2021 also affects all prior versions.

SolarWinds has addressed the security vulnerability reported by Microsoft with the release of Serv-U version 15.2.3 hotfix (HF) 2.

Software VersionUpgrade Paths
Serv-U 15.2.3 HF1Apply Serv-U 15.2.3 HF2, available in your Customer Portal
Serv-U 15.2.3Apply Serv-U 15.2.3 HF1, then apply Serv-U 15.2.3 HF2, available in your Customer Portal
All Serv-U versions prior to 15.2.3Upgrade to Serv-U 15.2.3, then apply Serv-U 15.2.3 HF1, then apply Serv-U 15.2.3 HF2, available in your Customer Portal

The company added that all other SolarWinds and N-able products (including the Orion Platform and Orion Platform modules) are unaffected by CVE-2021-35211.

“SolarWinds released a hotfix Friday, July 9, 2021, and we recommend all customers using Serv-U install this fix immediately for the protection of your environment,” the US-based software firm warned.

SolarWinds provides additional info on how to find if your environment was compromised during the attacks Microsoft reported.

Customers can also request more information by opening a customer service ticket with the subject “Serv-U Assistance.”

The SolarWinds Orion supply-chain attack

Last year, SolarWinds disclosed a supply-chain attack coordinated by the Russian Foreign Intelligence Service.

The attackers breached the company’s internal systems and trojanized the Orion Software Platform source code and builds released between March 2020 and June 2020.

The malicious builds were later used to deliver a backdoor tracked as Sunburst to “fewer than 18,000,” but, luckily, the threat actors only picked a substantially lower number of targets for second-stage exploitation.

Right before the attack was disclosed, SolarWinds’ list of 300,000 customers worldwide [12] included more than 425 US Fortune 500 companies, all top ten US telecom companies, and a long list of govt agencies, including the US Military, the US Pentagon, the State Department, NASA, NSA, Postal Service, NOAA, the US Department of Justice, and the Office of the President of the United States.

Multiple US govt agencies confirmed that they were breached in the SolarWinds supply-chain attack, with the list including:

In March, SolarWinds reported expenses of $3.5 million from last year’s supply-chain attack, including costs related to remediation and incident investigation.

Even though $3.5 million doesn’t seem too much compared to the aftermath of the SolarWinds supply-chain attack, the incurred expenses reported so far were recorded only through December 2020, with high extra costs being expected throughout the subsequent financial periods.

Also Read: 5 Most Frequently Asked Questions About Ransomware

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us