SolarWinds has released an emergency patch for CVE-2021-35211, a RCE vulnerability affecting its Serv-U Managed File Transfer and Secure FTP that is currently being exploited in the wild. Microsoft has attributed these ‘limited and targeted attacks’ to DEV-0322, which is targeting entities in the U.S. Defense Industrial Base Sector and software companies. Censys CTO Derek Abdine said they discovered over 8,000 serv-U hosts on the internet, and also that a lot of those ‘present the same SSH host key fingerprint’
Source: https://www.helpnetsecurity.com/2021/07/13/solarwinds-patches-zero-day-exploited-in-the-wild-cve-2021-35211/