877-374-7581 sales@thirtyseven4.com

SolarWinds Vulnerability

by | Dec 16, 2020 | Internet Security, Thirtyseven4 Endpoint Security, Uncategorized, Virus Threats | 0 comments

Thirtyseven4 & SolarWinds Vulnerability

Regarding the announced cyberattack made to insert a vulnerability in SolarWinds Orion Platform software builds.

Below is the statement from SolarWinds about what happened:
SolarWinds has been made aware of a cyberattack that inserted a vulnerability within SolarWinds® Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run. SolarWinds has been advised that this incident was likely the result of a highly sophisticated, targeted, and manual supply chain attack by an outside nation state, but SolarWinds has not independently verified the identity of the attacker.

Below is the advisory from SolarWinds:
https://www.solarwinds.com/securityadvisory

Below is the FAQ addressed by SolarWinds:
https://www.solarwinds.com/securityadvisory/faq

Below are the steps proactively taken by Thirtyseven4 Endpoint Security to mitigate the risks posed by the described vulnerability within SolarWinds Orion Software:

1. The following Thirtyseven4 detections were available:
HackTool.Agent.40241.GC
Trojan.VBS.Agent.40252
JS.Trojan.Agent.40253
HTML.Trojan.40236
Backdoor.Sunburst

2. Thirtyseven4 is blocking all active (and proactively blocking yet be active) associated Command & Control (CnC) domains.

3. Detection safeguards added within Thirtyseven4 IDS/IPS (Intrusion Detection System/Intrusion Prevention System):

HTTP/SunBurst.UN!PT.40262
HTTP/SunBurst.UN!PT.40263
HTTP/SunBurst.UN!PT.40264
HTTP/SunBurst.UN!PT.40265
HTTP/SunBurst.UN!PT.40267
HTTP/SunBurst.UN!PT.40268
HTTP/SunBurst.UN!PT.40278
HTTP/SunBurst.UN!PT.40285
HTTP/SunBurst.UN!PT.40286
HTTP/SunBurst.UN!PT.40287
HTTP/SunBurst.UN!PT.40288
HTTP/SunBurst.UN!PT.40289
HTTP/SunBurst.UN!SS.40290
HTTP/SunBurst.!SS.40291
HTTP/SunBurst.!SS.40292
HTTP/HackTool.!SS.40188
HTTP/HackTool.UN!PT.40190
HTTP/HackTool.UN!PT.40191
HTTP/HackTool.UN!PT.40192
HTTP/HackTool.UN!PT.40195
HTTP/HackTool.UN!PT.40196
HTTP/HackTool.!SS.40199
HTTP/HackTool.!SS.40200
HTTP/HackTool.UN!PT.40204
HTTP/HackTool.UN!PT.40208
HTTP/HackTool.!SS.40209
HTTP/HackTool.!SS.40212
HTTP/HackTool.!SS.40216
HTTP/HackTool.!SS.40219
HTTP/HackTool.!SS.40220

Interested Thirtyseven4 Endpoint Security? You can request a Quote today

Evaluation licenses of Thirtyseven4 Antivirus are available at: https://www.thirtyseven4.com/free-trial/. For more information contact Thirtyseven4 at 877-374-7581 or email sales@thirtyseven4.com

About Thirtyseven4:

Born out of a desire to better connect antivirus protection solutions with premium customer support and service, Thirtyseven4, LLC seeks to protect schools, businesses, governmental agencies and home‐users with the best antivirus products available. Thirtyseven4 is an American company built on honesty, trust and value for the customer. http://www.thirtyseven4.com.

 

 

 

Thirtyseven4, LLC is dedicated to serving customers with a full palette of security solutions including AntiVirus, AntiMalware, Anti-Ransomware and Zero-Day Threat Protection.

Submit a Comment

Your email address will not be published. Required fields are marked *