Government SEC Charges Four Companies Over Misleading Disclosures on SolarWinds Hack The SEC announces penalties against Unisys, Avaya, Check Point and Mimecast for downplaying the impact of the SolarWinds Orion hack. Ryan NaraineOctober 22, 2024
Vulnerabilities SolarWinds Patches Critical Vulnerability in Access Rights Manager SolarWinds has announced patches for a critical-severity remote code execution vulnerability in Access Rights Manager. Ionut ArghireSeptember 16, 2024
Vulnerabilities SolarWinds Axes Hardcoded Credentials With Hotfix for Exploited Web Help Desk Flaw SolarWinds has issued a second Web Help Desk hotfix to remove hardcoded credentials after patching a critical-severity vulnerability last week. Ionut ArghireAugust 23, 2024
Vulnerabilities SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day The US cybersecurity agency CISA warns that a recent SolarWinds Web Help Desk vulnerability has been exploited in the wild. Ionut ArghireAugust 16, 2024
Vulnerabilities SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability SolarWinds has released a hotfix for a critical Java deserialization remote code execution vulnerability in Web Help Desk. Ionut ArghireAugust 15, 2024
CISO Strategy Judge Dismisses Major SEC Charges Against SolarWinds and CISO Judge dismissed SEC lawsuit charging SolarWinds and CISO Timothy Brown with hiding security problems before and after the SUNBURST supply chain compromise. Ryan NaraineJuly 19, 2024
Vulnerabilities SolarWinds Patches Critical Vulnerabilities in Access Rights Manager SolarWinds has released patches for 13 vulnerabilities in Access Rights Manager, including eight critical bugs. Ionut ArghireJuly 19, 2024
Vulnerabilities Recent SolarWinds Serv-U Vulnerability Exploited in the Wild Threat actors are exploiting a recent path traversal vulnerability in SolarWinds Serv-U using public PoC code. Ionut ArghireJune 21, 2024
Vulnerabilities SolarWinds Patches High-Severity Vulnerability Reported by NATO Pentester SolarWinds has released patches for high-severity vulnerabilities in Serv-U and the SolarWinds Platform. Ionut ArghireJune 7, 2024
Incident Response Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails Microsoft says the Midnight Blizzard APT group may still be poking around its internal network after stealing source code, spying on emails. Ryan NaraineMarch 8, 2024
CISO Strategy SEC Charges SolarWinds and Its CISO With Fraud and Cybersecurity Failures The SEC filed charges against SolarWinds and its CISO over misleading investors about its cybersecurity practices and known risks. Mike LennonOctober 30, 2023
Identity & Access SolarWinds Patches High-Severity Flaws in Access Rights Manager SolarWinds patches high-severity flaws in its Access Rights Manager product, including three unauthenticated remote code execution issues. Ionut ArghireOctober 23, 2023