The Department of Homeland Security (DHS) has issued new emergency guidance on the SolarWinds Orion Code compromise and supply chain vulnerability.
Late Tuesday night, DHS published new supplemental guidance with recommendations to mitigate the SolarWinds Orion Code compromise. This is the second supplement to the Emergency Directive 21-01 first published on December 13, 2020. Supplemental Guidance v1 was also added on December 18, 2020.
DHS urges all federal agencies to upgrade their SolarWinds Orion systems by year-end or they will need to take those systems offline (emphasis in bold added):
“Specifically, all federal agencies operating versions of the SolarWinds Orion platform other than those identified as ‘affected versions’ below are required to use at least SolarWinds Orion Platform version 2020.2.1HF2. The National Security Agency (NSA) has examined this version and verified that it eliminates the previously identified malicious code. Given the number and nature of disclosed and undisclosed vulnerabilities in SolarWinds Orion, all instances that remain connected to federal networks must be updated to 2020.2.1 HF2 by COB December 31, 2020.”DHS
In addition, affected versions that should be powered down or removed from networks based on ED 21-01 include: 2019.4 HF5, 2020.2 RC1, 2020.2 RC2, 2020.2, 2020.2 HF1. All others should be upgraded to 2020.2.1 HF2
Readers can also check out the following SolarWinds and related threat updates with excerpts noted below.
SolarWinds releases updated advisory on SUPERNOVA malware (updated with CVE-2020-10148)
SolarWinds has released an updated security advisory on SUPERNOVA malware, a separate threat vector from the previously reported supply chain cyberattack that was based on SUNBURST backdoor malware. The update now includes new information on 0-day CVE-2020-10148 and PoC demo.
DHS warns businesses of risks using Chinese tech and data services
The United States Department of Homeland Security (DHS) has published a new advisory warning businesses of the risks using tech and data services linked to the People’s Republic of China (PRC).
Cybersecurity experts reveal growing list of SolarWinds 2nd stage attack victims
Cybersecurity experts have revealed a growing list of SolarWinds 2nd stage attack victims based on malware analysis.
Solorigate malware behind the SolarWinds attack
Microsoft shared new insights into the Solarigate malware, the compromised DLL file behind the SolarWinds software supply chain attacks.
CISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated)
The Cybersecurity and Infrastructure Security Agency (CISA) has warned the recent compromise by threat actors of SolarWinds poses a ‘grave risk’ to critical infrastructure, government and private sector organizations.
Global active exploits against SolarWinds via Sunburst backdoor
Cybersecurity experts are warning of major global active exploits against SolarWinds Orion Platform software versions via a Sunburst backdoor and supply chain attack.
- SolarWinds releases updated advisory on SUPERNOVA malware (updated with CVE-2020-10148)
- Solorigate malware behind the SolarWinds attack
- Cybersecurity experts reveal growing list of SolarWinds 2nd stage attack victims
- CISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated)
- Global active exploits against SolarWinds via Sunburst backdoor
- DHS warns businesses of risks using Chinese tech and data services