![solarwinds competitors solarwinds competitors](https://appuals.com/wp-content/uploads/2019/09/4235863-cool-background.jpg)
The bulletin references research released earlier this week by security firm Volexity, which described encountering the same attackers using a novel technique to bypass MFA protections provided by Duo for Microsoft Outlook Web App (OWA) users.ĭuo’s parent Cisco Systems Inc. “Our guidance in this advisory helps detect and mitigate against this, no matter the initial access method,” the NSA said.ĬISA’s analysis suggested the crooks behind the SolarWinds intrusion were heavily focused on impersonating trusted personnel on targeted networks, and that they’d devised clever ways to bypass multi-factor authentication (MFA) systems protecting networks they targeted. 17, the NSA released a far more detailed advisory explaining how it has seen the VMware vulnerability being used to forge SAML tokens, this time specifically referencing the SolarWinds compromise.Īsked about the potential connection, the NSA said only that “if malicious cyber actors gain initial access to networks through the SolarWinds compromise, the TTPs noted in our December 17 advisory may be used to forge credentials and maintain persistent access.” 7 advisory said the hacking activity it saw involving the VMware vulnerability “led to the installation of a web shell and follow-on malicious activity where credentials in the form of SAML authentication assertions were generated and sent to Microsoft Active Directory Federation Services (ADFS), which in turn granted the actors access to protected data.”Īlso on Dec. These tokens can then be used to access resources in hosted environments, such as email, for data exfiltration via authorized application programming interfaces (APIs).” Once this is accomplished, the adversary creates unauthorized but valid tokens and presents them to services that trust SAML tokens from the environment. 17, DHS’s Cybersecurity and Infrastructure Security Agency (CISA) released a sobering alert on the SolarWinds attack, noting that CISA had evidence of additional access vectors other than the SolarWinds Orion platform.ĬISA’s advisory specifically noted that “one of the principal ways the adversary is accomplishing this objective is by compromising the Security Assertion Markup Language (SAML) signing certificate using their escalated Active Directory privileges. “This has also been confirmed by SolarWinds own investigations to date.”
SOLARWINDS COMPETITORS SOFTWARE
“While we have identified limited instances of the vulnerable SolarWinds Orion software in our environment, our own internal investigation has not revealed any indication of exploitation,” the company said in a statement. VMware added that while some of its own networks used the vulnerable SolarWinds Orion software, an investigation has so far revealed no evidence of exploitation. In response to questions from KrebsOnSecurity, VMware said it has “received no notification or indication that the CVE 2020-4006 was used in conjunction with the SolarWinds supply chain compromise.”
![solarwinds competitors solarwinds competitors](https://www.esecurityplanet.com/wp-content/uploads/2021/03/progress-logo-300x81.png)
However, the SolarWinds compromise would have provided that internal access nicely. The NSA said that in order to exploit this particular flaw, hackers would already need to have access to a vulnerable VMware device’s management interface - i.e., they would need to be on the target’s internal network (provided the vulnerable VMware interface was not accessible from the Internet). In its advisory on the VMware vulnerability, the NSA urged patching it “as soon as possible,” specifically encouraging the National Security System, Department of Defense, and defense contractors to make doing so a high priority.
SOLARWINDS COMPETITORS CODE
13, FireEye disclosed that the incident was the result of the SolarWinds compromise, which involved malicious code being surreptitiously inserted into updates shipped by SolarWinds for users of its Orion network management software as far back as March 2020. The NSA advisory (PDF) came less than 24 hours before cyber incident response firm FireEye said it discovered attackers had broken into its networks and stolen more than 300 proprietary software tools the company developed to help customers secure their networks.
![solarwinds competitors solarwinds competitors](https://vertassets.blob.core.windows.net/image/7add2587/7add2587-12bc-4def-9a1c-fd8be5818687/375_250-precendent.png)
3, and said it learned about the flaw from the NSA.
SOLARWINDS COMPETITORS UPDATE
VMware released a software update to plug the security hole ( CVE-2020-4006) on Dec. 7, 2020, the NSA said “Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware Access and VMware Identity Manager products, allowing the actors access to protected data and abusing federated authentication.” 7 was being used by Russian hackers to impersonate authorized users on victim networks. National Security Agency (NSA) warned on Dec. According to sources, among those was a flaw in software virtualization platform VMware, which the U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets.