SolarWinds WHD Attacks Highlight Risks of Exposed Apps
Organizations that have exposed their instances of Web Help Desk to the public Internet have inadvertently made them prime targets for attackers.
SolarWinds is associated with software supply-chain security, network management tools, and the 2020 compromise that affected public and private organizations.
Search across headline titles and summaries.
Background for this topic.
SolarWinds is a software company whose IT-management and network-monitoring products are used to administer systems and collect operational data. In security news, the tag commonly covers its products, vulnerabilities, and the 2020 Orion supply-chain compromise, in which attackers inserted malicious code into legitimate software updates; selected downstream customers were then targeted.
The central security concern is that management software often has broad network visibility and administrative access, making its build pipeline, update mechanism, and deployment environment high-value attack surfaces. Organizations should distinguish the Orion compromise from separately reported product vulnerabilities, maintain an inventory of affected versions, apply verified fixes, and restrict management servers’ privileges and outbound communications. Monitoring unusual authentication, remote administration, or connections from management infrastructure can support detection, while threat intelligence and incident response may be needed to assess whether a compromised update was installed and what systems it could reach.
Weekly headline count for the current query.
Organizations that have exposed their instances of Web Help Desk to the public Internet have inadvertently made them prime targets for attackers.
Some of the world's biggest technology companies use a program liable to introduce malware into their software. The potential consequences are staggering, but there's an easy fix.
The IT service management and observability tools company acquired Squadcast last month and is adding the automated incident response platform to the SolarWinds portfolio.
Five years after a Russian APT infiltrated a software update to gain access to thousands of SolarWinds customers, the board has voted unanimously to sell at a top valuation and plans for uninterrupted operations.
New research highlights how bad actors could abuse deleted AWS S3 buckets to create all sorts of mayhem, including a SolarWinds-style supply chain attack.
Four companies — Avaya, Check Point, Mimecast, and Unisys — have been charged by the SEC for misleading disclosures in the aftermath of the 2020 SolarWinds compromise.
The disclosure of CVE-2024-28987 means that, in two weeks, there have been two critical bugs and corresponding patches for SolarWinds' less-often-discussed IT help desk software.
The vulnerability was given a high-severity CVSS score, indicating that customers should act swiftly to mitigate the flaw.
Judge dismisses claims against SolarWinds for actions taken after its systems had been breached, but allows the case to proceed for alleged misstatements prior to the incident.
Yahoo, Uber, SolarWinds — increasingly, the government is incentivizing better corporate security by punishing the individuals leading it. Is that a good idea? And how can security pros avoid ending up on the butt end of a lawsuit?
The latest platform update from SolarWinds includes patches for three vulnerabilities, including two high-severity bugs.
The SEC's lawsuit may take years to resolve through litigation, but here are five things CISOs should do now to protect both themselves as individuals as well as their organizations.
Get updated advice on how, when, and where we should disclose cybersecurity incidents under the SEC's four-day rule after SolarWinds, and join the call to revamp the rule to remediate first.
Unlike the SolarWinds and CodeCov incidents, all that it took for an adversary to nearly pull off a massive supply chain attack was some slick social engineering and a string of pressure emails.
What happens to security leaders that don't communicate security well enough? "Ask SolarWinds."
A successor to the "Golden SAML" tactic used in the SolarWinds campaign, this new technique taps SAML response forgery to gain illegitimate access to apps and services.
Responding to SEC charges, SolarWinds fired back with a detailed defense of how a Russian-backed cyber espionage attack on its system was handled.
The Russian APT behind the SolarWinds attacks exfiltrated data from HPE email accounts last May.
Post-SolarWinds, it's no longer enough for chief information security officers to remain compliant and call it a day.
The SolarWinds SEC lawsuit illuminates the potential risks faced by CISOs and other cybersecurity executives.