I am disheartened to have read the CISA alert this morning after spending years supporting Solarwinds. I would like a full detail of what/how. I also am wondering about the availability of HF2. I read about it and just wondering if source was valid.
Keep an eye on our security advisory page, which is being continually updated: https://www.solarwinds.com/securityadvisory
We're also hard at work getting a hotfix released.
HF2 should be out tomorrow, IIRC.
Also, there's basically no defense against a dedicated and well funded state attack. Anyone who thinks otherwise just doesn't understand how computer security actually works, IMO.
I'd like to know why the CEO and others dumped tons of stock.
Don't be disheartened unless SW executives try to suppress stories and information about this, which we see no indication of them doing at this point. As @happyfunnorm pointed out, this was a very sophisticated, targeted, hands-on attack that US intelligence believes to be from a nation-state. The information that you need to know can be found in these links:
We can't know for sure, but executives often have scheduled stock sell-offs. This is not unusual, and they would have had to have been scheduled in advance--I optimistically assume they were in place before anybody knew about the breach.
If I could wear the page by clicking refresh I would have already. I am facing a meeting with mgmt and am going to have to support our use, and continued use of this product. They are going to be asking for details that I cannot provide at this time.
Are we still expecting HF2 to be today. We are running out of clock on the EST.
You probably have seen by now, but HF2 was delivered as promised last night. Numerous Thwack members have already installed it in labs and production at this point. Good luck to all!
