Hackers getting in via NPM maybe

Parents
  • Just received an email from Solarwinds - seems like I am affected. I'm on 2019.4

    Here's the email

    "Dear Customer,

    We have just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWindsRegistered OrionRegistered Platform software builds for versions 2019.4 through 2020.2.1.

    We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed incident, as opposed to a broad, system-wide attack. We are recommending that you upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security of your environment. The latest version is available in the SolarWinds Customer Portal.

    If you aren’t sure which version of the Orion Platform you are using, see directions on how to check that here. To check which hotfixes you have applied, please go here.

    In addition, we recommend you review the guidance provided in the Secure Configuration for the Orion Deployment document available here.

    Security and trust in our software is the foundation of our commitment to our customers. We strive to implement and maintain appropriate administrative, physical, and technical safeguards, security processes, procedures, and standards designed to protect our customers. For more information go to solarwinds.com/securityadvisory.

    SolarWinds thanks you for your continued patience and partnership as we continue to work through this issue. We will continue to keep you updated of any new developments or findings. If you have any immediate questions prior to our next update, please contact Customer Support at 1-866-530-8040 or swisupport@solarwinds.com.

    Yours sincerely,

    Kevin Thompson
    President & CEO
    SolarWinds, Inc"

Reply
  • Just received an email from Solarwinds - seems like I am affected. I'm on 2019.4

    Here's the email

    "Dear Customer,

    We have just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWindsRegistered OrionRegistered Platform software builds for versions 2019.4 through 2020.2.1.

    We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed incident, as opposed to a broad, system-wide attack. We are recommending that you upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security of your environment. The latest version is available in the SolarWinds Customer Portal.

    If you aren’t sure which version of the Orion Platform you are using, see directions on how to check that here. To check which hotfixes you have applied, please go here.

    In addition, we recommend you review the guidance provided in the Secure Configuration for the Orion Deployment document available here.

    Security and trust in our software is the foundation of our commitment to our customers. We strive to implement and maintain appropriate administrative, physical, and technical safeguards, security processes, procedures, and standards designed to protect our customers. For more information go to solarwinds.com/securityadvisory.

    SolarWinds thanks you for your continued patience and partnership as we continue to work through this issue. We will continue to keep you updated of any new developments or findings. If you have any immediate questions prior to our next update, please contact Customer Support at 1-866-530-8040 or swisupport@solarwinds.com.

    Yours sincerely,

    Kevin Thompson
    President & CEO
    SolarWinds, Inc"

Children