In March 2020, was published information about the problem CVE-2020-0796, which is also called SMBGhost.…
The bug was originally discovered by Microsoft, as well as targeted attacks on unnamed SolarWinds customers, and the company now has shared details of its find.
Microsoft experts said that the vulnerability in Serv-U is exploited by Chinese hackers, using it to attack defense and software companies in the United States. The company tracks this hack group under the ID DEV-0322.
It is reported that the threat was discovered due to the fact that Defender began to notice malicious processes generated by the main application Serv-U, which ultimately led to an investigation of what was happening and the detection of attacks on a zero-day vulnerability.
Microsoft says Serv-U users can test their devices for compromise by looking at the Serv-U log file (DebugSocketLog.txt) and searching for exception messages. In particular, “C0000005; CSUSSHSocket :: ProcessReceive ”may indicate that attackers tried to hack Serv-U, although the exception may be displayed for other reasons as well.
Other signs of compromise were named:
Unfortunately, according to Censys, there are currently over 8,200 SolarWinds Serv-U systems available on the network with an open SSH port, and the number has remained unchanged since last week when the patches were released.
Let me remind you that we wrote that SolarWinds Attack Gives Hackers Access to Trump Administration Officials Accounts, as well as that IS experts gained access to the servers of hackers who attacked SolarWinds.
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…
News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…
Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…
News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…
Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…