A recent report states that a cybersecurity firm has found three new “critical” vulnerabilities in SolarWinds software after a vulnerability in the company’s systems led to a massive hack of U.S. government and corporate sites last year.
NBC News reports the security company Trustwave has discovered three new “critical” flaws in software produced by SolarWinds, the Texas-based IT firm that was exploited last year resulting in a massive hack of U.S. government and corporate sites.
Trustwave stated that it informed SolarWinds about the vulnerabilities which Trustwave believes could have enabled an attacker to compromise the networks of SolarWinds customers. SolarWinds has since released a patch to fix the security flaws and neither company found evidence that hackers exploited the vulnerabilities.
Ziv Mador, Trustwave’s vice president of security research, stated that after the SolarWinds hack became public in December of 2020, “we decided that we wanted to try ourselves to see how secure SolarWinds products are. In two weeks, [we] found three severe vulnerabilities.”
In a statement to NBC News, SolarWinds said:
Vulnerabilities of varying degrees are common in all software products, but we understand that there is heightened scrutiny on SolarWinds right now.
Following the recent nation-state attack against an array of American software providers, including SolarWinds, we have been collaborating with our industry partners and government agencies to advance our goal of making SolarWinds the most secure and trusted software company.
We have always been committed to working with our customers and other organizations to identify and remediate any vulnerabilities across our product portfolio in a responsible way. Today’s announcement aligns with this process.
Mador stated that the lesson here is that software companies should continually subject their products to “penetration testing” to find and fix bugs. “In nearly 100 percent of the applications we test, we find vulnerabilities,” he said. “Some severe, some mild.”
Breitbart News reported in December of 2020 that hackers had gained access to the networks of the U.S. Treasury and Commerce departments by sneaking malware into a SolarWinds software update.
SolarWinds CEO Kevin Thompson said in a statement that the company believes that products it released in March and June of 2020 were modified in a “highly-sophisticated, targeted and manual supply chain attack by a nation state.”
SolarWinds produces an extremely popular piece of server software used by hundreds of thousands of organizations globally. Most Fortune 500 companies and many U.S. federal agencies utilize the software and will be working hard to secure their networks following news of the hack.
SolarWinds boasts 300,000 customers worldwide including all five branches of the U.S. military including the Pentagon, the State Department, NASA, the NSA, the Department of Justice, and the White House. The 10 leading U.S. telecommunications companies and top five U.S. accounting firms are also SolarWinds customers.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com
COMMENTS
Please let us know if you're having issues with commenting.