[ad_1]
A latest surge in Clop ransomware assaults led researchers to identify a standard thread within the first stage of the assault: the exploitation of a identified and patched vulnerability in SolarWinds Serv-U file server software program.NCC Group’s Cyber Incident Response Crew not too long ago noticed the assault chain whereas conducting incident response instances of Clop ransomware victims hit by the notorious T505 cybercrime group out of Russia. “We imagine exploiting such vulnerabilities is a latest preliminary entry method for TA505, deviating from the actor’s normal phishing-based method,” the researchers wrote of their findings.The attackers exploited variations of the SolarWinds Serv-U software program that haven’t been up to date to the newest model that fixes the distant code execution flaw (CVE-2021-35211).NCC Group recommends updating SolarWinds Serv-U software program to the latest model; it outlined a number of indicators of compromise they noticed within the assaults.Learn the complete report right here.Sustain with the newest cybersecurity threats, newly-discovered vulnerabilities, knowledge breach data, and rising developments. Delivered day by day or weekly proper to your e mail inbox.Subscribe
[ad_2]