New SolarWinds Bugs Expose Servers to Root Access

SolarWinds, the software company at the center of a devastating supply-chain attack in 2020, is once again facing a major security crisis. The company has released patches for four critical vulnerabilities in its Serv-U managed file transfer server, which could allow attackers to gain root access to unpatched servers. This latest development comes as a stark reminder of the ongoing struggle to secure software supply chains.

According to Ensar Seker, CISO at SOCRadar, these vulnerabilities should be treated as "high-urgency patch events." Seker warned that the vulnerabilities, which are rated "critical," the highest severity score, could lead to "full system compromise" if left unpatched. The Serv-U file transfer server is a self-hosted tool designed for Windows and Linux, allowing enterprises to exchange files via FTPS, SFTP, and HTTP/S.

The vulnerabilities, identified as CVEs, are remote code execution (RCE) flaws that could be exploited by attackers to gain root access to unpatched servers. To exploit these flaws, attackers would need to have already obtained admin access to the server. However, once inside, they could potentially move laterally across the network, compromising sensitive data and systems.

This latest disclosure is not an isolated incident. SolarWinds has faced a string of high-severity disclosures in recent months, raising concerns about the company's ability to secure its software. The company's software has been a popular target for threat actors, who have exploited vulnerabilities to gain access to sensitive systems and data.

In a separate but related development, researchers at Malwarebytes have warned of a new phishing scam that uses fake Zoom meeting invitations to install surveillance software on Windows computers. The scam, which is designed to look like a legitimate Zoom video call, tricks users into downloading a malicious installer that silently installs a commercial monitoring tool called Teramind.

Teramind is a legitimate tool used by companies to monitor employee activity on work computers. However, in the hands of a threat actor, it can be used to log keystrokes, take screenshots, record website visits, and capture clipboard contents. The software can also track email and file activity, providing a wealth of sensitive information to attackers.

The use of fake Zoom meeting invitations is a clever tactic, as employees are often accustomed to receiving such invitations and may let their guard down. However, this scam highlights the need for vigilance and caution when interacting with emails and attachments, even if they appear to be legitimate.

As the cybersecurity landscape continues to evolve, it's clear that software supply chains remain a major vulnerability. The SolarWinds disclosure and the fake Zoom meeting scam are stark reminders of the need for robust security measures and ongoing vigilance. As Seker noted, "When you are talking about pre-authentication RCE with potential root-level access, you are effectively talking about full system compromise." The consequences of inaction can be severe, and it's imperative that organizations take immediate action to patch vulnerabilities and secure their systems.