SolarWinds Strengthens Security After Supernova Malware Attack

SolarWinds provides two security-strengthening updates in response to a recently reported hacking at the software company.
Author:
Publish date:

SolarWinds  (SWI) - Get Report said Thursday it has released security-strengthening updates in response to a malware attack that exploited a vulnerability in the software company's Orion Platform.

Shares of the Austin company at last check were down 1.6% at $15.75.

SolarWinds said in a statement that on Dec. 14 and 15 it provided two updates that contained security enhancements, including those designed to prevent certain versions of the Orion Platform products from being exploited in a Supernova attack.

The company also released similar updates for all other supported versions of the Orion Platform products and a fix for customers on unsupported versions of these products.

SolarWinds urged all active maintenance customers of Orion Platform products, except those already on Orion Platform versions 2019.4 HF6 or 2020.2.1 HF2, as soon as possible to apply the latest updates related to the versions of the product they have deployed.

Hackers believed to be linked to Russia’s foreign intelligence service inserted malware into software updates for SolarWinds’ Orion IT infrastructure management software between March and June. 

Jim Cramer: CyberSecurity Hack Is a Reason to Buy NortonLifeLock

This led to security breaches at the Treasury Department, the National Telecommunications and Information Administration, the Department of Homeland Security and a number of SolarWinds’ corporate clients.

Last week, Microsoft  (MSFT) - Get Report said it had detected and removed malicious SolarWinds binaries in its environment. The software giant said it had not found evidence of access to production services or customer data. 

Cisco  (CSCO) - Get Report, Intel  (INTC) - Get Report, Nvidia  (NVDA) - Get Report and other tech companies have all reportedly had networks infected with the malware. 

SolarWinds said it would provide free consulting services to active maintenance Orion Platform product customers in response to the Supernova malware attack.

"The company wants to make sure that customers working to secure their environments have the help and assistance they need from knowledgeable resources," the company said.