Security News

SolarWinds CEO Sudhakar Ramakrishna is making changes at the board level and in daily operations to change the company's security mindset. This project is designed to build security into the design phase of software development and to make security an ongoing instead of an after-the-fact priority.

SolarWinds has released security updates to address four vulnerabilities impacting the company's Orion IT monitoring platform, two of them allowing attackers to execute arbitrary code remotely. The highest severity security flaw patched by SolarWinds on Thursday is a critical JSON deserialization bug that remote attackers can exploit to execute arbitrary code through Orion Platform Action Manager's test alert actions.

IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution. Chief among them is a JSON deserialization flaw that allows an authenticated user to execute arbitrary code via the test alert actions feature available in the Orion Web Console, which lets users simulate network events that can be configured to trigger an alert during setup.

Solarwinds has shipped a major security update to fix at least four documented security vulnerabilities, including a pair of bugs that be exploited for remote code execution attacks. The patches were pushed out Thursday as part of a minor security makeover of the Orion Platform, the same compromised Solarwinds product that was exploited in recent nation-state software supply chain attacks.

Email security firm Mimecast on Tuesday revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded source code out of a limited number of repositories. "The threat actor did access a subset of email addresses and other contact information and hashed and salted credentials," the company said in a write-up detailing its investigation, adding the adversary "Accessed and downloaded a limited number of our source code repositories, as the threat actor is reported to have done with other victims of the SolarWinds Orion supply chain attack."

Microsoft has updated its Defender Antivirus to mitigate the ProxyLogon flaw on vulnerable Exchange Servers automatically, while the Cybersecurity and Infrastructure Security Agency has released CHIRP, a forensic tool that can help defenders find IoCs associated with the SolarWinds attackers' activities. Microsoft is determined to do everything in its power to make sure that as many Exchange Servers as possible are made safe from exploits that start with the exploitation of ProxyLogon, the vulnerability recently leveraged by attackers to breach on-premises Microsoft Exchange Servers around the world.

The Cybersecurity and Infrastructure Security Agency has released a new tool to detect post-compromise malicious activity associated with the SolarWinds hackers in on-premises enterprise environments. CISA Hunt and Incident Response Program, the new forensics collection tool, is a Python-based tool that helps detect SolarWinds malicious activity IOCs on Windows operating systems.

Email security biz Mimecast has dumped SolarWinds' network monitoring tool in favour of Cisco's Netflow product after falling victim to the infamous December supply chain attack. In an incident report detailing its experiences of the SolarWinds compromise, Mimecast said it had "Decommissioned SolarWinds Orion and replaced it with an alternative NetFlow monitoring system".

Hackers who compromised Mimecast networks as part of the SolarWinds espionage campaign have swiped some of the security firm's source code repositories, according to an update by the company. In the most recent part of its investigation into the SolarWinds hack, Mimecast said it has found evidence that a "Limited" number of source code repositories were also accessed.

Email security company Mimecast on Tuesday said it completed its forensic investigation into the impact of the SolarWinds supply chain attack, and revealed that the threat actor managed to steal some source code. Mimecast was one of the several cybersecurity companies to confirm being targeted by the hackers who breached the systems of IT management solutions provider SolarWinds.