Well, on the bright side, the SolarWinds Sunburst attack will spur the cybersecurity field to evolve all over again
SolarWinds releases known attack timeline but new data suggests hackers may have done a dummy run last year
Trump administration says Russia behind SolarWinds hack. Trump himself begs to differ
This is the best summary I’ve seen so far:
This is a security failure of enormous proportions – and a wake-up call. The US must rethink its cybersecurity protocols
Although updates continue to come in:
The suspected Russian hackers behind the worst U.S. cyber attack in years leveraged reseller access to Microsoft Corp services to penetrate targets that had no compromised network software from SolarWinds Corp, investigators said.
My oh-so-humble opinion on this one is that there is no substitute for knowing your s**t. Outsource at your own risk, because this is war, and the the bad guys are playing to kill.
Sounds like the rats are in every corner of the ship…
We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.
SolarWinds mess that flared in the holidays: Biz confirms malware targeted crocked Orion product
U.S. intelligence agencies say Russia likely behind hacking of government agencies
The lawsuit also points out that SolarWinds’ update server was at one time only protected by the insanely bad password solarwinds123, which was not a great indication of security being taken seriously.
US courts system fears SolarWinds snafu could have let state hackers poke about in sealed case documents
The SolarWinds hack exposed sealed US court documents – which could have a serious effect on Western sanctions against state-backed hackers.
SolarWinds takes a leaf out of Zoom’s book, hires A-Team of Stamos and Krebs to sort out its security woes
On Friday the news broke that Chris Krebs, formerly the head of the US government’s Cybersecurity and Infrastructure Security Agency (CISA) until he was fired by presidential tweet for saying the American election wasn’t hacked, has started a consultancy with former Facebook and Yahoo ! security chief Alex Stamos. The two say that they have already been hired by SolarWinds and it’s a long-term contract.