SolarWinds has released a second round of patches for flaws in its Orion network monitoring platform that was targeted in a supply chain attack. Security experts say organizations need to go far beyond patching to manage the risks involved. The attack involved attackers planting a backdoor in an update of the Orion platform, which about 18,000 customers downloaded. Nine government agencies and about 100 companies were targeted for follow-on attacks, according to federal investigators. The Associated Press reported Monday that the attackers gained access to at least one email account used by Chad Wolf, who was acting secretary of the DHS.”]
Source: https://www.cuinfosecurity.com/as-solarwinds-announces-more-patches-analysts-offer-advice-a-16304