Rantburg

Today's Front Page   View All of Fri 05/03/2024 View Thu 05/02/2024 View Wed 05/01/2024 View Tue 04/30/2024 View Mon 04/29/2024 View Sun 04/28/2024 View Sat 04/27/2024
2020-12-14 Cyber
BREAKING BIG: CISA Emergency Directive Calls on ALL Federal Civilian Agencies to Review Compromise and Disconnect or Power Down SolarWinds Orion Products Immediately
[Gateway Pundit]
Via the Cybersecurity and Infrastructure Security Agency.

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) tonight issued Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors. This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.

“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”

This is the fifth Emergency Directive issued by CISA under the authorities granted by Congress in the Cybersecurity Act of 2015. All agencies operating SolarWinds products should provide a completion report to CISA by 12pm Eastern Standard Time on Monday December 14, 2020.


The liberal media is blaming the attack and breach on the Russians.
Posted by JohnQC 2020-12-14 10:04|| || Front Page|| [10 views ]  Top

#1 Wonder who is compromising our systems? China?

Many agencies in our government use Solar Winds. Not sure what to make of this at this time.

https://www.solarwinds.com/company/customers
Posted by JohnQC 2020-12-14 10:09||   2020-12-14 10:09|| Front Page Top

#2 Epoch Times is reporting: US Cybersecurity Agency Issues Emergency Directive Over SolarWinds Hack.

https://www.theepochtimes.com/dominion-voting-systems-uses-firm-that-was-hacked_3617507.html
Being reported at Clarion News as well.

A company that provides voting systems in 28 states uses an Internet technology firm that was hacked.

Posted by JohnQC 2020-12-14 10:24||   2020-12-14 10:24|| Front Page Top

#3 Dominion Voting Systems uses Solar Winds which was hacked.
Posted by JohnQC 2020-12-14 10:26||   2020-12-14 10:26|| Front Page Top

#4 BREAKING: Michigan judge orders RELEASE of audit report on Dominion voting machines

Dec 14 - Moments ago, Michigan state judge Kevin Elensheimer ordered the release of a redacted report on the results of an examination of the Dominion voting machines in Antrim County, Michigan.

The results had been shielded by a protective order, but this morning, Judge Elensheimer removed that order, clearing the way for the audit results to go public.

The judge further ordered that the case move to the discovery phase and mentioned the case could go to trial by April of 2021.
Posted by Frank G 2020-12-14 10:27||   2020-12-14 10:27|| Front Page Top

#5 Fire-eye hints at Russian actors due to the sophistication of the attack.
Posted by DarthVader 2020-12-14 10:29||   2020-12-14 10:29|| Front Page Top

#6 We [Solar Winds] are a leading provider of powerful and affordable IT infrastructure management software. Our products give organizations worldwide, regardless of type, size or IT infrastructure complexity, the power to monitor and manage the performance of their IT environments, whether on-premises, in the cloud, or in hybrid models.

You'd think a wide-ranging, multi-tentacled outfit like that would be really hard to hack. And it's not a NASA project, either!
Posted by Bobby 2020-12-14 10:58||   2020-12-14 10:58|| Front Page Top

#7 Same topic at GreatGameIndia

SolarWinds Hacked Orion Platform Used In Dominion Voting Systems

Somebody knows something.

Posted by Besoeker 2020-12-14 12:13||   2020-12-14 12:13|| Front Page Top

#8 Hacked or did somebody open a back door? Got any Chinamen working for that company?
Posted by Abu Uluque 2020-12-14 12:31||   2020-12-14 12:31|| Front Page Top

#9 I mean, most breaches involve physical access obtained by people who are allowed inside the facilities.
Posted by Abu Uluque 2020-12-14 12:32||   2020-12-14 12:32|| Front Page Top

#10 That is what I am thinking Abu. The main cert used to authenticate the malware was made 3/20 and inserted into the update/patch. That screams inside job. The weakest link in security is always the people.
Posted by DarthVader 2020-12-14 12:37||   2020-12-14 12:37|| Front Page Top

#11 Future CNN Headline
(Humor)

Today, Rep. Adam Schiff (LSD-CA), the Chairman of the House Permanent Select Committee on Intelligence, sent a letter to AG Hillary Clinton strongly requesting she close the meaningless Dominion/DNC/China Special Council investigation that was appointed by Trump. Since all the files were burned up with a 747 crash into the evidence file storage location. Which prompted the former Special Council suddenly to hang himself after being shot stabbed and run-over on the SCOTUS steps at 2am.

AG Clinton was directed to use all available resources including the Media to look into the Trump / SolarWinds Orion / Russian connection.


Acting President K. Harris at the CHINA/IRAN/USSA summit agreed with this recommendation. "Stating that we must explore all means of convicting Trump before the 2024 Election roll around to avoid a repeat of Voters nearly actually picking their Congressional electors."

Posted by NN2N1 2020-12-14 13:13||   2020-12-14 13:13|| Front Page Top

#12 Was on a call with CISA where they gave info. Top points if any administrative ranters need them:


  • Orion Platform software versions 2019.4 through 2020.2.1 HF 1

  • Full admin rights from these systems allowed attackers to move laterally through the network

  • APT is installed throughout the infected networks
    Very widespread

  • If your network used the Orion version, reformat of all systems to be expected
    Change administrator or service accounts that SolarWinds used

  • Assume breach if you don’t see the listed dlls in the blog post. Malicious actors have been known to clean up behind them.

  • Block all C&C IPs listed in blogpost

Posted by DarthVader 2020-12-14 16:39||   2020-12-14 16:39|| Front Page Top

#13 "I wonder who is compromising our systems? China?"

No, you don't wonder, #1 John; I suspect you know, just like the rest of us.

I have no doubt the DemoncRats are involved, helping their masters. >:-(

Posted by Barbara 2020-12-14 19:03||   2020-12-14 19:03|| Front Page Top

#14 Best way to tell if the Democrats are involved? See if the press buries this, and the House refuses to hold any hearings.
Posted by Deadeye Jaiting7534 2020-12-14 21:56||   2020-12-14 21:56|| Front Page Top

09:21 USN, Ret.
09:21 Grom the Reflective
09:18 Raj
09:18 Procopius2k
09:15 Raj
09:14 ed in texas
09:10 Skidmark
09:09 Elmaper+McGurque1612
09:09 M. Murcek
09:06 Elmaper+McGurque1612
09:05 M. Murcek
09:04 SteveS
09:03 Elmaper+McGurque1612
09:02 M. Murcek
09:01 Skidmark
09:01 M. Murcek
08:59 Elmaper+McGurque1612
08:59 M. Murcek
08:57 Skidmark
08:56 Skidmark
08:36 Woozle Grinemble8805
08:34 Huputle+Cherelet4131
08:32 M. Murcek
08:30 MikeKozlowski









Paypal:
Google
Search WWW Search rantburg.com