![solarwinds solarwinds](https://image.cnbcfm.com/api/v1/image/106813162-1611668202964-106813162-16082424922020-12-17t192827z_723072824_rc27pk92lqsq_rtrmadp_0_usa-cyber-breach.jpg)
![solarwinds solarwinds](https://cdn.arstechnica.net/wp-content/uploads/2021/02/solarwinds-800x534.jpg)
#Solarwinds windows
![solarwinds solarwinds](https://dailycoin.com/wp-content/uploads/2021/01/solarwinds-hack-twitter.jpg)
Vulnerability used in ransomware attacksĪccording to a new report by the NCC Group, there's been an uptick in Clop ransomware infections in the past couple of weeks, with most of them starting with the exploitation of CVE-2021-35211. The company also warned that this vulnerability only affects customers who have enabled the SSH feature, which is commonly used to further protect connections to the FTP server. SolarWinds released an emergency security update in July 2021 after discovering a "a single threat actor" exploiting it in attacks.
#Solarwinds code
The Serv-U Managed File Transfer and Serv-U Secure FTP remote code execution vulnerability, tracked as CVE-2021-35211, allows a remote threat actor to execute commands on a vulnerable server with elevated privileges. The Clop ransomware gang, also tracked as TA505 and FIN11, is exploiting a SolarWinds Serv-U vulnerability to breach corporate networks and ultimately encrypt its devices.