Episode 243 – Security vulnerabilities in SolarWinds Orion Platform & Serv-U FTP – Insights with Trustwave’s Craig Searle

Interview with Craig Searle, Director, Consulting & Professional Services (Pacific) at Trustwave discussing the new SolarWinds vulnerabilities discovered – PLUS its Safer Internet Day 2021 #SID2021

Craig has been in the cyber security industry for nearly two decades. He has built cyber security ventures from the ground up most recently seeing Hivint, a new kind of professional services business, exit to Trustwave, an Optus Company in 2018. He now runs Trustwave (Pacific) consulting and professional services. At Trustwave, Craig continues to build on his extensive experience in the development, management & execution of IT security advice and assurance activities within large organisations, including banking and finance, critical infrastructure, ASX200 organisations and government (both state and federal).

Two security vulnerabilities in SolarWinds Orion Platform (CVE-2021-25275 and CVE-2021-25274) and one vulnerability in SolarWinds Serv-U FTP for Windows (CVE-2021-25276). All three vulnerabilities are severe bugs, with the most critical one in SolarWinds Orion Platform (CVE-2021-25274) allowing remote code execution with high privileges.

Trustwave – SpiderLabs Blog: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/

#MySecurityTV takeaway – Feb 9, 2021 – full episode, with an interview with Mark Lukie, Engineer Manager, Barracuda and a walk through how scammers have turned to Bots and automation to avoid detection – available here: https://mysecuritymarketplace.com/av-media/mysec-tv-live-today-joined-by-craig-searle-of-trustwave-and-mark-lukie-of-barracuda/


About the Provider

MySecurity Media
MySecurity Media has an all-media capability and continues to track the rapid advancement of security and technology to educate, entertain and engage with professionals around the world and across the security domain.