Wednesday, December 23, 2020

SolarWinds roundup: Fixes, new bad actors, and the company knew

The SolarWinds Orion security breach is unfolding at a rapid pace and the number of vendors and victims continues to grow. Each day brings new revelations as to its reach and depth. Of particular concern is the rate of infection and impact on government systems.

In case you missed it, a backdoor was found in the SolarWinds Orion IT monitoring and management software. A dynamic link library called SolarWinds.Orion.Core.BusinessLayer.dll, a SolarWinds digitally-signed component of the Orion software framework was found to contain a backdoor that communicates via HTTP to third-party servers.

After an initial dormant period of up to two weeks, the Trojan retrieves and executes commands, called jobs, that include the ability to transfer files, execute files, profile the system, reboot, and disable system services. In short, a total takeover of the machine.

To read this article in full, please click here

No comments:

Post a Comment