In the wake of the SolarWinds cyber attack on the U.S. government, the US Cybersecurity and Infrastructure Security Agency (CISA) urges agencies to update their SolarWinds Orion software by the end of the year or take them offline.
Update SolarWinds ASAP
The SolarWinds attack is the largest of its kind against the U.S. government in years. The company sells networking software called Orion that helps businesses manage their IT infrastructure. Believed to originate from Russia’s hacking team known as APT 29 or “Cozy Bear”, the hack involved compromised Orion updates that let them infiltrate as many as 18,000 companies.
A second vulnerability was found over the holidays, CVE-2020-10148, this one through the Orion API. It could let a remote attacker to bypass authentication and execute API commands. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
CISA wants companies to update to version 2020.2 HF2 for Orion which has been verified by the NSA. CISA has also released a free PowerShell script that detects possible compromised accounts and applications in an Azure or Microsoft 365 environment.