We’re not saying this is how SolarWinds was backdoored, but its FTP password ‘leaked on GitHub in plaintext’

16 December 2020

SolarWinds, the maker of the Orion network management software that was subverted to distribute backdoored updates that led to the compromise of multiple US government bodies, was apparently told last year that credentials for its software update server had been exposed in a public GitHub repo. Vinoth Kumar, a security researcher, claimed on Tuesday he had made such a report to SolarWinds last November, warning that it could be used to upload files to the server.

Read full article on The Register

Date:

16 December 2020

Categorie(s):

NEWS

Tag(s):

File Systems, FTP, Internet, IT, SolarWinds

DHS establishes AI Safety and Security Board to protect critical infrastructure29 April 2024
Agent Tesla and Taskun Malware Targeting US Education and Govt Entities29 April 2024
New UK Smart Device Security Law Comes into Force29 April 2024
PoC Exploit Released For Windows Kernel EoP Vulnerability29 April 2024
Chinese Botnet As-A-Service Bypasses Cloudflare & Other DDoS Protection Services29 April 2024