Top

Tag: SolarWinds


Cybersecurity

Cyber Safety Review Board closes the book on SolarWinds while reporting on Log4j 

July 14, 2022

Via: FCW

A new public-private body within the Department of Homeland Security has said all it plans to say on the incident referred to as “SolarWinds,” under an executive order mandate. That order came in response to the intrusion event’s compromise of […]


Cybersecurity

SolarWinds hackers have a whole bag of new tricks for mass compromise attacks

December 6, 2021

Via: ArsTechnica

Almost exactly a year ago, security researchers uncovered one of the worst data breaches in modern history, if not ever: a Kremlin-backed hacking campaign that compromised the servers of network management provider SolarWinds and, from there, the networks of 100 […]


Cybersecurity

Russian Actors Behind SolarWinds Attack Hit Global Business & Government Targets

December 6, 2021

Via: Dark Reading

One year after the discovery of the 2021 SolarWinds supply chain compromise, security researchers report two clusters of suspected Russian attack activity targeting global businesses and governments. Both are associated with the group behind the SolarWinds attack campaign. The findings […]


Cybersecurity, IT Policy, Tech

Why Government Suppliers Will Struggle to Meet CMMC Requirements 

December 3, 2021

Via: Nextgov

The SolarWinds cyberattack was unprecedented in both scope and scale. The sophisticated breach saw hackers bake their exploit into a trusted software update pushed out to SolarWinds clients, including federal government agencies. This resulted in the exposure of sensitive data […]


Cybersecurity

Russian cyberspies target cloud services providers and resellers to abuse delegated access

October 27, 2021

Via: CSO Online

The group of hackers responsible for the SolarWinds software supply chain attack have continued to seek out ways of indirectly gaining access to enterprise networks by targeting IT and cloud services providers that have admin rights on their customers’ systems […]


Cybersecurity

The group that hacked SolarWinds is out with a new campaign, Microsoft says

May 28, 2021

Via: FCW

Microsoft on Thursday said it has observed the same group behind the campaign against SolarWinds using new tactics involving a wide-scale email phishing campaign to target thousands of people, and in some cases masquerading as part of the U.S. Agency […]


Cybersecurity

Colonial Pipeline take-away for CISOs: Embrace the mandates

May 17, 2021

Via: CSO Online

Many in mainstream media have characterized the DarkSide attack on Colonial Pipeline, which operates a significant portion of the nation’s critical energy infrastructure, as a wake-up call for CIOs and CISOs. If that is the case, then they are hard […]


Cybersecurity

SolarWinds: US and UK blame Russian intelligence service hackers for major cyber attack

April 15, 2021

Via: ZDnet

Hackers working for the Russian foreign intelligence service are behind the SolarWinds attack, cyber espionage campaigns targeting Covid-19 research facilities and more, according to the United States and the United Kingdom. The US accusation comes in a joint advisory by […]


Cybersecurity

US government strikes back at Kremlin for SolarWinds hack campaign

April 15, 2021

Via: ArsTechnica

US officials on Thursday formally blamed Russia for backing one of the worst espionage hacks in recent US history and imposed sanctions designed to mete out punishments for that and other recent actions. In a joint advisory, the National Security […]


Cybersecurity

Department of Homeland Security email accounts exposed in SolarWinds hack

March 30, 2021

Via: ZDnet

Email accounts belonging to US Department of Homeland Security (DHS) officials may have been compromised during the SolarWinds attack by Russian threat actors. The Associated Press reports that unauthorized intrusions occurred during the SolarWinds supply-chain attack. SolarWinds, the central point […]


Cybersecurity, IT Policy, Tech

US government calls for better information sharing in wake of SolarWinds, Exchange attacks

March 22, 2021

Via: CSO Online

As the federal government grapples with Russia and China’s widespread and damaging hacks, the Biden administration is seeking new methods for better early threat detection of these sophisticated intrusions. Both the SolarWinds espionage hack attributed to Russian operatives and the […]


Cybersecurity

Chinese hackers targeted SolarWinds customers in parallel with Russian op

March 9, 2021

Via: ArsTechnica

By now, most people know that hackers tied to the Russian government compromised the SolarWinds software build system and used it to push a malicious update to some 18,000 of the company’s customers. On Monday, researchers published evidence that hackers […]


Cybersecurity

New York issues cyber insurance framework as ransomware, SolarWinds costs mount

February 22, 2021

Via: CSO Online

On February 4, 2021, New York became the first state in the nation to issue a cybersecurity insurance risk framework to all authorized property and casualty insurers. In releasing the framework, New York’s Department of Financial Services (DFS) said that […]


Cybersecurity

Microsoft says SolarWinds hackers stole source code for 3 products

February 19, 2021

Via: ArsTechnica

The hackers behind one of the worst breaches in US history read and downloaded some Microsoft source code, but there’s no evidence they were able to access production servers or customer data, Microsoft said on Thursday. The software maker also […]


Cybersecurity

Biden administration brings expertise, new attitude to cybersecurity

February 4, 2021

Via: CSO Online

The Biden administration has hit the ground running on cybersecurity, reportedly getting ready to nominate what some have called a “world-class” cybersecurity team of officials and prioritizing efforts to tackle the worst hack in US history, the SolarWinds breach. The […]


Cybersecurity

The U.S. Spent $2.2 Million on a Cybersecurity System That Wasn’t Implemented — and Might Have Stopped a Major Hack

February 3, 2021

Via: Government Executive

As America struggles to assess the damage from the devastating SolarWinds cyberattack discovered in December, ProPublica has learned of a promising defense that could shore up the vulnerability the hackers exploited: a system the federal government funded but has never […]


Cybersecurity

Tips to harden Active Directory against SolarWinds-type attacks

January 27, 2021

Via: CSO Online

The SolarWinds/Solorigate attacks used some concerning methodologies. One of them has been what is called the Golden SAML attack process. Security Assertion Markup Language (SAML) enables the exchange of authentication and authorization information between trusted parties. The Golden SAML technique […]


Cybersecurity, Energy & Environment, Industry

US bulk energy providers must now report attempted breaches

January 11, 2021

Via: CSO Online

One of the most pernicious aspects of the far-reaching and potentially devastating SolarWinds supply chain hack is that it successfully evaded detection for at least ten months by hiding inside seemingly normal software operations. The hack of SolarWinds’ Orion product […]


Cybersecurity

DoJ says SolarWinds hackers breached its Office 365 system and read email

January 7, 2021

Via: ArsTechnica

The US Justice Department has become the latest federal agency to say its network was breached in a long and wide-ranging hack campaign that’s believed to have been backed by the Russian government. In a terse statement issued Wednesday, Justice […]


Cybersecurity

Intel, Nvidia, and Cisco among companies affected by SolarWinds hack

December 22, 2020

Via: TechSpot

Last week brought news that multiple federal government agencies, including the US Treasury and Commerce departments, had been compromised after installing a booby-trapped update for network monitoring software SolarWinds Orion. It’s believed that hackers working at the behest of the […]