Bleeping Computer

SolarWinds Web Help Desk flaw is now exploited in attacks

CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late ...
CRN

Hackers Exploit SolarWinds, Pulse Secure For Credential Theft: Feds

Hackers entered the unidentified victim’s network through a Pulse Secure VPN appliance, moved laterally to the victim’s SolarWinds Orion sever, installed Supernova malware, and stole credentials, ...
Dark Reading

SolarWinds Attack Reinforces Importance of Principle of Least Privilege

The SolarWinds attack is historic for its multidimensional sophistication. As we continue to learn of new victims, techniques, and implications, it's important that chief information security officers ...