SolarWinds Officials Blame Intern for ‘solarwinds123’ Password
If it was, then that’s worse… so much worse…
Interns never touch critical s**t. Interns get coffee (but I never make them pay for it, of course), proof read documentation, and if they’re really good, maybe write some unit tests.
If it’s a University of Waterloo co-op student, they might get to write a proof-of-concept from a research paper for me… 
…as long as the coffee’s kept hot…
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
Who knew Uncle Sam had strike teams for SolarWinds, Exchange flaws? Well, anyway, they are disbanded
US markets watchdog the Securities and Exchanges Commission (SEC) has begun a probe into last year’s SolarWinds cyberattack, in a bid to find out who else might have been compromised.
[…]
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
SolarWinds urges US judge to toss out crap infosec sueball: We got pwned by actual Russia, give us a break
SolarWinds is urging a US federal judge to throw out a lawsuit brought against it by aggrieved shareholders who say they were misled about its security posture in advance of the infamous Russian attack on the business.
Insisting that it was “the victim of the most sophisticated cyberattack in history” in a court filing, SolarWinds described a lawsuit from some of its smaller shareholders as an attempt to “convert this sophisticated cyber-crime” into an unrelated securities fraud court case.
[…]
Insisting that it was “the victim of the most sophisticated cyberattack in history”
They left a server unprotected and someone who actually knew a bit of coding, not just a script kiddie, walked in. They weren’t that good or they wouldn’t have gotten caught.
Russia’s SVR spy agency made off with information about US counterintelligence investigations in the wake of the SolarWinds hack, according to people familiar with the American government cleanup operation.
[…]
Just a coincidence.
SolarWinds attacker on the move: Russia’s Nobelium crew has trebled attacks targeting MSPs, cloud resellers, says Microsoft
Phishing and password spraying on the up
https://www.theregister.com/2021/10/25/nobelium_russia_svr_msp_warning_microsoft/
Russia’s Nobelium group – fingered as being a Russian state actor by both the United States and Britain – has massively ramped up phishing and password spraying attempts against managed service providers (MSPs) and cloud resellers, Microsoft’s security arm has warned.
[…]
the number that were hacked by Russia’s Cozy Bear was about 100.
I think that’s a wild under-estimate. I know two, relatively small, organizations were affected where my immediate family work. Neither would show up on El Reg’s radar. Both cases facilitated probable identity theft that likely affects thousands of young people.
