>eventually found her way into California House Rep Eric Swalwell's circle
always the butt of the joke
SolarWinds, the company which provided the software for these agencies, says it’s working with the FBI and law enforcement to get to the bottom of the breach.
“We are aware of a potential vulnerability which, if present, is currently believed to be related to updates which were released between March and June 2020 to our Orion monitoring products,” SolarWinds President and CEO Kevin Thompson said in a statement. “We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state.”
Under the Homeland Security Act, CISA can authorize emergency guidance to federal departments using the software to disconnect the software from their server.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” CISA Acting Director Brandon Wales said in a statement Sunday. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
>“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” CISA Acting Director Brandon Wales said in a statement Sunday. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
https://www.cisa.gov/news/2020/12/13/cisa-issues-emergency-directive-mitigate-compromise-solarwinds-orion-network
CISA Issues Emergency Directive to Mitigate the Compromise of Solarwinds Orion Network Management Products
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) tonight issued Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors. This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
This is the fifth Emergency Directive issued by CISA under the authorities granted by Congress in the Cybersecurity Act of 2015. All agencies operating SolarWinds products should provide a completion report to CISA by 12pm Eastern Standard Time on Monday December 14, 2020.