An Interest In:
Web News this Week
- April 4, 2024
- April 3, 2024
- April 2, 2024
- April 1, 2024
- March 31, 2024
- March 30, 2024
- March 29, 2024
Some of Our Sources
- Simplebits
- Spoon Graphics
- Abduzeedo
- Naldz Graphics
- Fudge Graphics
- CSS Globe
- Spyre Studios
- Design Modo
- Web Resource Source
- TechPowerUp
Help Webnuz
Referal links:
December 31, 2020 02:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/CJ1kKgE3o9k/cisa-updates-solarwinds-guidance-tells-us-govt-agencies-to-update-right-away
CISA Updates SolarWinds Guidance, Tells US Govt Agencies To Update Right Away
The US Cybersecurity and Infrastructure Security Agency has updated its official guidance for dealing with the fallout from the SolarWinds supply chain attack. From a report: In an update posted late last night, CISA said that all US government agencies that still run SolarWinds Orion platforms must update to the latest 2020.2.1HF2 version by the end of the year. Agencies that can't update by that deadline are to take all Orion systems offline, per CISA's original guidance, first issued on December 18. The guidance update comes after security researchers uncovered a new major vulnerability in the SolarWinds Orion app over the Christmas holiday. Tracked as CVE-2020-10148, this vulnerability is an authentication bypass in the Orion API that allows attackers to execute remote code on Orion installations. This vulnerability was being exploited in the wild to install the Supernova malware on servers where the Orion platform was installed, in attacks separate from the SolarWinds supply chain incident.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/CJ1kKgE3o9k/cisa-updates-solarwinds-guidance-tells-us-govt-agencies-to-update-right-away
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot