Originally reported to SolarWinds on October 10th, this flaw known as “Dumpster Diver,” allows attackers to gain domain administrator credentials, essentially granting them control over the entire system. Proof-of-concept code to exploit the vulnerability is available. While SolarWinds pushed out a hotfix quite recently, Vice President of Security for SolarWinds, Tim Brown, stated that as of January 24th, there were no known instances where this exploit was used maliciously. Additionally, a mitigation tool can be used in the event that the hotfix cannot be applied.
With all the news around COVID-19/Coronavirus, the average person is turning to the internet for