CVE-2021-35211

Get our weekly newsletter New research says it's Clop's favourite attack method du jour

Stor-a-File, a British data capture and storage company, suffered a ransomware attack in August that exploited an unpatched instance of SolarWinds' Serv-U FTP software. The company informed its clients about the September attack, and told The Register that it refused to pay. We understand some data has been leaked by ransomware criminals on a Tor blog. At least one of Stor-a-File's clients is a medical company, one of whose customers got in touch with El Reg last week. "The medical company (whic...

'Single threat actor' already abusing RCE flaw, Microsoft reports

SolarWinds has issued an emergency patch after a critical security hole in its Serv-U Managed File Transfer and Serv-U Secure FTP was spotted being exploited in the wild. The vulnerability, discovered by Microsoft's Threat Intelligence Center (MSTIC) and Offensive Security Research teams, can be exploited by an attacker to achieve remote code execution, and is present in Serv-U version 15.2.3 HF1 and all prior builds. The Redmond crew also said a "single threat actor" was abusing the programming...

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Increase in espionage and cyberattacks since law requiring vulnerabilities first be reported to Beijing

Microsoft has asserted that China's offensive cyber capabilities have improved, thanks to a law that has allowed Beijing to create an arsenal of unreported software vulnerabilities. China's 2021 law required organizations to report security vulnerabilities to local authorities before disclosing them to any other entity. The rules mean Beijing can use local research to hoard vulnerability information. A year later, researchers from the Atlantic Council found there was a decrease in reported vulne...