A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack

From thehackernews.com

SolarWinds vulnerability

SolarWinds, the Texas-based company that became the epicenter of a massive supply chain attack late last year, has issued patches to contain a remote code execution flaw in its Serv-U managed file transfer service.

The fixes, which target Serv-U Managed File Transfer and Serv-U Secure FTP products, arrive after Microsoft notified the IT management and remote monitoring software maker that the flaw was being exploited in the wild. The threat actor behind the exploitation remains unknown as yet, and it isn’t clear exactly how the attack was carried out.

Read more…