1. Run up to date antivirus or EDR products that detect compromised SolarWinds libraries [...]
2. Block known C2 endpoints listed below in IOCs using your network infrastructure.[...]
3. Follow the best practices of your identity federation technology provider in securing your SAML token signing keys. [...]
4. Ensure that user accounts with administrative rights follow best practices, including use of privileged access workstations, JIT/JEA, and strong authentication. [...]
5. Ensure that service accounts and service principals with administrative rights use high entropy secrets, like certificates, stored securely.[...]
6. Reduce surface area by removing/disabling unused or unnecessary applications and service principals.[...]
2 comments
[ 4.7 ms ] story [ 17.2 ms ] thread1. Run up to date antivirus or EDR products that detect compromised SolarWinds libraries [...]
2. Block known C2 endpoints listed below in IOCs using your network infrastructure.[...]
3. Follow the best practices of your identity federation technology provider in securing your SAML token signing keys. [...]
4. Ensure that user accounts with administrative rights follow best practices, including use of privileged access workstations, JIT/JEA, and strong authentication. [...]
5. Ensure that service accounts and service principals with administrative rights use high entropy secrets, like certificates, stored securely.[...]
6. Reduce surface area by removing/disabling unused or unnecessary applications and service principals.[...]