Connect with us

Hacked SolarWinds software lacked exploit protection



SolarWinds has not implemented ASLR technology in some modules of its software.

US software maker SolarWinds, which suffered a massive supply chain attack last December, failed to implement exploitation prevention measures, which allowed attackers to launch targeted cyberattacks in July this year.

These are targeted attacks that exploit a zero-day vulnerability in Serv-U Managed File Transfer and Serv-U Secure FTP products. Based on victimology, techniques, tactics and procedures, the Microsoft Threat Intelligence Center (MSTIC) attributed the attacks to the DEV-0322 cybercriminal group operating from China.

Last week Microsoft specialists published a more detailed analysis of the attack, which noted that SolarWinds did not implement ASLR technology (Address Space Layout Randomization) in some modules of its software.

“Enabling ASLR […] it is a critical security measure for services open to untrusted remote data entry and requires all binaries in the process to be compatible to better protect against attacks using stitched addresses in exploits, as was possible in Serv-U, “the experts noted. …

According to the researchers, the attackers used DLLs compiled without ASLR that injected into the Serv-U process and exploited the CVE-2021-35211 vulnerability.

The Microsoft team has confirmed that the manufacturer has already patched the vulnerability in the software, but it is unclear if the ASLR mechanism was added to the affected products.

ASLR (Address Space Layout Randomization) is a security mechanism that randomizes virtual memory addresses of various data structures that are susceptible to attacks.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Want to learn how to work with cloud databases and take the DP-900 certification exam for free?



Take a two-day training session from Microsoft on October 25 and 26.

From Microsoft experts, you will learn about the key principles of Azure services, proven approaches, and the specifics of working with relational and non-relational data.

Have time sign up for training

Continue Reading


Women and minorities are more likely to be cyberattacks than other people



Women are more likely than men to receive messages from unknown numbers containing potentially malicious links.

Demographics play a large role in how often people are victims of cybercrime. Low-income and vulnerable populations are disproportionately affected by cybercrime. As the results showed poll 5 thousand people in Germany, the UK and the US, conducted by experts from Malwarebytes, Digitunity and Cybercrime Support Network, minorities, as well as groups of people with low income and low educational level, are more likely to be victims of a cyber attack. Some groups are much more likely to face online threats.

For example, women are much more likely to receive text messages from unknown numbers containing potentially malicious links than men (79% versus 73%). Almost half (46%) of women said their social media accounts had been hacked, compared with 37% of men.

Black, Indigenous and People of Color (BIPOC) social media accounts are more likely to be attacked than whites (45% versus 40%); BIPOC populations are also more likely to experience identity theft (21% versus 15%). In fact, only 47% of BIPOC respondents escaped the financial consequences of cybercriminals.

Age is also an important factor. 36% of people aged 65 and over have been victims of credit card information theft.

21% of women and 23% of BIPOC respondents experienced “significant” stress when faced with suspicious online activity.

According to the report, the statistics are linked to the overall sense of security (or lack thereof) in cyberspace. While half of all respondents do not feel secure online and 31% do not feel safe online, the numbers are different for women. Women feel the least private online (53% versus 47% of men) and the least secure (35% versus 27% of men).

Socioeconomic class also matters. People with higher incomes (51%) feel more secure online than people with lower incomes (40%). The same is true for educational attainment – users with the highest educational attainment feel more secure (48%) than those who graduated only from college (44%) or high school (40%).

Continue Reading


The United States launched a program to replace network equipment Huawei and ZTE



The US government allocated $ 1.9 billion for the implementation of the program.

On Monday, September 28, the US Federal Communications Commission (FCC) announced the launch of a program to replace network equipment of telecom operators in rural areas. The government allocated $ 1.9 billion to implement the program, writes Reuters.

The program was approved in July 2021, and applications for participation in it will open on October 29 and will last until January 14, 2022. Its goal is to remove from the networks of American telecom operators equipment manufactured by Chinese companies recognized in the United States as a threat to national security, in particular Huawei and ZTE.

Last year, the FCC recognized Huawei and ZTE as a threat to national security, thereby depriving US companies of the ability to use the $ 8.3 billion government fund to buy equipment from them. In December, the FCC passed regulations requiring carriers using ZTE and Huawei equipment to “dispose of and replace” it.

The requirement is a big problem for telecom operators in rural areas, which do not have the financial ability to purchase new equipment and find specialists who are able to carry out such a replacement.

The latest FCC ruling expands the program from telecom operators with 2 million or less subscribers to operators with 10 million or less subscribers.

Continue Reading

Most Popular