Recently discovered by US cybersecurity company, FireEye, SolarWinds became the victim of a very sophisticated supply chain hack leading to a likely global attack, with highly sensitive data compromised.
A vulnerability (SUNBURST) was inserted within SolarWinds’s IT management software, Orion®, which could potentially allow the attacker to compromise the server which the Orion products run if present and activated. This sophisticated attack disrupted a standard process resulting in a compromised outcome to attack subsequent software users.
SolarWinds are urging customers with any of the below products listed as known affected for Orion® Platform to upgrade as soon as possible to ensure your environment’s security. Upgrades are available here.
Customer with no hotfix installed or 2020.2 HF 1 to upgrade to Orion® Platform version 2020.2.1 HF 2. Hotfix installation instructions are available in the 2020.2.1 HF 2 Release Notes here.
Customer with hotfix installed to updated to Orion Platform 2019.4 HF 6. Hotfix installation instructions are available in the 2019.4 HF 6 Release Note here.
If you are unable to apply the Hotfix due to environmental restrictions, it is prudent to review the necessity of the below for an immediate risk assessment.
Assess current network if there is a need to segregate zones
Any lateral movements for tools related to SUNBURST that may already been weaponized
Latest signatures on IPS and other security tools
Periodically scan of critical servers / endpoints
6 Jan 2021 | Original articles from SolarWinds
67 Ubi Avenue 1, #05-01
StarHub Green, South Wing, Singapore 408942
Copyright © 2023 JOS (SG) Pte. Ltd. All rights reserved.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |