I wasn’t originally going to cover this at all, however, I recently subscribed to a podcast called “Cyber Wire Daily” which releases podcasts every day on the goings on in the Cyber Security industry.
While I need to catch up with this podcast, one of the recent podcasts listed covers this so I thought I should better cover this. CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise is the entire title of this and is linked here for you.
There are links throughout that might be of interest to boot, so go ahead and check it out and see if there is something you need to know about within this linked item.
I read a lot of this, however, I’m not really sure how to cover this on a podcast since I don’t know people specifically effected.
There are two items that caught my attention when I initially read this.
- Federal agencies without evidence of adversary follow-on activity on their networks that accept the risk of running SolarWinds Orion in their enterprises
should rebuild or upgrade, in compliance with hardening steps outlined in the Supplemental Guidance, to at least SolarWinds Orion Platform version 2020.2.1
HF2. The National Security Agency (NSA) examined this version and verified it eliminates the previously identified malicious code. This version also includes
updates to fix un-related vulnerabilities, including vulnerabilities that SolarWinds has publicly disclosed. - Federal agencies with evidence of follow-on threat actor activity on their networks should keep their affected versions disconnected, conduct forensic
analysis, and consult with CISA before rebuilding or reimaging affected platforms and host operating systems.
There might be something you need to pass on to your superiors who deal with this, so please check this out and see if it applies to you.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.