Image for post
Image for post

Update 1/26/2020: MITRE assigned CVE-2020–7984 for this vulnerability.

Update 12:55pm 1/24/2020: SolarWinds has released two hotfixes for the vulnerabilities! You can find these fixes on their support website. According to the documentation these hotfixes disable N-central’s device auto-import feature temporarily. A future release will re-enable the feature.

• 12.1 SP1 HF5: https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-1-SP1-HF5
• 12.2 SP1 HF2: https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-2-SP1-HF2

Update 10:58am 1/24/2020: SolarWinds has published some mitigation instructions to expunge the credentials from the N-central service. This should clear the passwords that attackers are able to extract using the Dumpster Diver vulnerability. …


Image for post
Image for post

We’ve updated each section with additional information we gained from discussions with Bishop Fox and with the ConnectWise Control team. Additionally ConnectWise released a summary matrix of the analyses and their own response.

In computer security, responsible disclosure is a vulnerability disclosure model in which an issue is publicly disclosed only after a period of time that allows for the affected party to patch/resolve the problem in a reasonable amount of time. …


This week we had the opportunity to help an MSP partner contain and remediate an Emotet/TrickBot infection that impacted a client with 50+ computers and servers. Considering how quickly TrickBot reinfects systems and drops ransomware, this was the perfect opportunity to kick the tires on our new Assisted Remediation beta feature — which was designed to combat this exact scenario. Keep reading for a play-by-play of how this incident unfolded.

Introducing the Situation

Network Titan’s day started out with a bang when Huntress detected TrickBot on 23 of 55 systems within one of their clients’ networks. This created a separate incident report for each host containing remediation details. Don’t get us wrong, our remediation steps are easy to follow. …

About

Kyle Hanslovan

Ethical Hacker. Malware Connoisseur. CEO at @HuntressLabs.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store