SolarWinds warned of internet-facing WHD instances 12.7.5 found to be vulnerable against external attempted attacks...

Continue reading
Web Help Desk by SolarWinds has been exploited following the incoming instances of external attempts to attacks reported by the users that their EDR system has blocked. After this, Solar Winds started warning its users about the internet-exposed Web Help Desk instances, advising them to immediately remove it from any publicly accessible infrastructure as a safety measure to prevent any further exploitation.
Solar Winds further added that if any user is experiencing issues in immediately removing WHD instances from Internet-exposed servers are also advised to deploy Endpoint Detection & Response software to monitor them for any upcoming attempts of attacks.
While SolarWinds has yet to provide further details about the tactics, techniques, procedures (TTPs) of the attacks, here are the extended details of four security vulnerabilities an attacker could exploit to target a vulnerable Web Help Desk.
According to the CVE-2021-35251 advisory, threat actors will be able to exploit unpatched Web Help Desk instances in order to access environmental details about the Web Help Desk installation, making it even easier to exploit the rest of the three security vulnerabilities.

DHS confirms a breach of its HSIN intelligence-sharing network during World Cup security operations; a senator warns of national security risk