SolarWinds Sunburst attack

3 Likes

Well, on the bright side, the SolarWinds Sunburst attack will spur the cybersecurity field to evolve all over again

1 Like

SolarWinds releases known attack timeline but new data suggests hackers may have done a dummy run last year

2 Likes

Trump administration says Russia behind SolarWinds hack. Trump himself begs to differ

4 Likes
5 Likes

5 Likes
2 Likes
4 Likes

This is the best summary I’ve seen so far:

the Guardian – 23 Dec 20

The US has suffered a massive cyberbreach. It’s hard to overstate how bad it…

This is a security failure of enormous proportions – and a wake-up call. The US must rethink its cybersecurity protocols

Although updates continue to come in:

U.S. – 24 Dec 20

Suspected Russian hackers used Microsoft vendors to breach customers

The suspected Russian hackers behind the worst U.S. cyber attack in years leveraged reseller access to Microsoft Corp services to penetrate targets that had no compromised network software from SolarWinds Corp, investigators said.

My oh-so-humble opinion on this one is that there is no substitute for knowing your s**t. Outsource at your own risk, because this is war, and the the bad guys are playing to kill.

2 Likes

Sounds like the rats are in every corner of the ship… :roll_eyes:

Microsoft Internal Solorigate Investigation Update
MSRC / By MSRC Team / December 31, 2020 / Investigation, SolarWinds, Solorigate

We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.

4 Likes

SolarWinds mess that flared in the holidays: Biz confirms malware targeted crocked Orion product

U.S. intelligence agencies say Russia likely behind hacking of government agencies

1 Like

[…]
The lawsuit also points out that SolarWinds’ update server was at one time only protected by the insanely bad password solarwinds123, which was not a great indication of security being taken seriously.
[…]

1 Like

US courts system fears SolarWinds snafu could have let state hackers poke about in sealed case documents

The SolarWinds hack exposed sealed US court documents – which could have a serious effect on Western sanctions against state-backed hackers.
[…]

1 Like

SolarWinds takes a leaf out of Zoom’s book, hires A-Team of Stamos and Krebs to sort out its security woes

[…]
On Friday the news broke that Chris Krebs, formerly the head of the US government’s Cybersecurity and Infrastructure Security Agency (CISA) until he was fired by presidential tweet for saying the American election wasn’t hacked, has started a consultancy with former Facebook and Yahoo ! security chief Alex Stamos. The two say that they have already been hired by SolarWinds and it’s a long-term contract.
[…]