https://www.google.com/amp/s/www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html%3foutputType=amp
Hackers getting in via NPM maybe
Top Replies
-
SolarWinds asks all customers to upgrade immediately to Orion Platform version 2020.2.1 HF 1 to address a security vulnerability. More information is available at solarwinds.com/securityadvisory. -
Just logged a ticket with support. They indicate patches for 2019 and 2020 are coming 12/14 and 12/15 respectively. No other remediation steps available other than getting an updated .dll file from the… -
I cannot keep searching these forums for latest info. As of this writing, the link at: https://www.solarwinds.com/securityadvisory is undated and has no time stamp indicating that it is the latest info…
Parents
-
-
Per Support:
We have just been made aware that our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds
Orion Platform software builds for versions 2019.4 through 2020.2.1.
If customers ask for an ETA when the vulnerability will be resolved, please use the info below to set expectations with them.- 2020.2 Hotfix 2 will be available on Tuesday, Dec 15th
- 2019.4 Hotfix 6 will be available on Monday, Dec 14th
- Customers needing an immediate fix for 2019.4 Hotfix 5 can install a DLL provided by Engineering (more info about this from Engineering to come)
----------------------------------------------------------------------------------------------
As per our discussion this was the said date it will be release for the vulnerability fixed.
For the immediate fixed we are still waiting for the official announcement from the Engineering regarding full details. -
-
-
-
