Friday, March 29, 2024

DHS Urges US govt agencies to Update SolarWinds Orion Software

The recent SolarWinds hack has left several companies and government agencies reeling in their wake having caused widespread chaos and panic. Following up from this, the Cybersecurity and Infrastructure Security Agency (CISA) has updated its official guidance for dealing with the impacts of this attack.

The CISA in its latest guidance has advised all US government agencies using the SolarWinds Orion platform to update to the latest version, 2020.2.1.HF2 before the start of 2021.

The CISA has taken a very hard stance in this scenario by stating that agencies that are unable to upgrade by then should take all the Orion systems offline.

CISA has asked the agencies to act at a rapid pace since the fallout from the attack has the potential to snowball into something huge.

The attack had exploited a major vulnerability that allows attackers to bypass Orion API’s authentication and execute code remotely thus gaining complete access.

Supernova malware was being installed in the Orion run servers using this vulnerability. SolarWinds believes that this malware may have been installed by at least a mind boggling 18,000 companies.

It is believed that Solorigate is only the first level attack to gain access. Once access has been gained into the victim’s servers the attackers deploy a Teardrop, another malware strain. Microsoft too corroborates the view that the goal of the attackers was to enter the companies’ networks through the affected Orion app and then escalate their access to the victims’ local networks.

To tackle this, SolarWinds had launched the 2020.2.1HF2 version last week and has claimed that installing this updated version would remove all traces of the Solorigate code.

This has prompted CISA to urge all government agencies to update at once. Several of the government agencies have still not recovered from the effects of the initial attack and the second wave of attack could cripple several agencies.

CISA has also released a free Azure and Microsoft O365 malicious detection tool to counter this attack.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles