There have been multiple news reports about the US Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) confirming that malicious threat actors have been and are actively exploiting vulnerabilities in SolarWinds Orion products, primarily by leveraging the SUNBURST malware.
SolarWinds Orion is an IT monitoring solution.
Rosenthal & Rosenthal does not now, nor have we ever used any SolarWinds products. As a result, our clients’ information is not vulnerable to these exploits.
We strongly advise our enterprise clients who may be using the Orion platform to review available firewall updates to keep your internal systems secure. As always, we stand ready to assist in assessing the overall security of your network infrastructure.
More information (including CVE links) may be found on the CISA page.