June 30, 2023
Via: InformationWeekIn 2020, software company SolarWinds was hit with a cyberattack that compromised its Orion supply chain software. The attack impacted thousands of victims. Three years later, the US Securities and Exchange Commission (SEC) is continuing its investigation into the attack. […]
July 14, 2022
Via: FCWA new public-private body within the Department of Homeland Security has said all it plans to say on the incident referred to as “SolarWinds,” under an executive order mandate. That order came in response to the intrusion event’s compromise of […]
December 6, 2021
Via: ArsTechnicaAlmost exactly a year ago, security researchers uncovered one of the worst data breaches in modern history, if not ever: a Kremlin-backed hacking campaign that compromised the servers of network management provider SolarWinds and, from there, the networks of 100 […]
December 6, 2021
Via: Dark ReadingOne year after the discovery of the 2021 SolarWinds supply chain compromise, security researchers report two clusters of suspected Russian attack activity targeting global businesses and governments. Both are associated with the group behind the SolarWinds attack campaign. The findings […]
Cybersecurity, IT Policy, Tech
December 3, 2021
Via: NextgovThe SolarWinds cyberattack was unprecedented in both scope and scale. The sophisticated breach saw hackers bake their exploit into a trusted software update pushed out to SolarWinds clients, including federal government agencies. This resulted in the exposure of sensitive data […]
October 27, 2021
Via: CSO OnlineThe group of hackers responsible for the SolarWinds software supply chain attack have continued to seek out ways of indirectly gaining access to enterprise networks by targeting IT and cloud services providers that have admin rights on their customers’ systems […]
May 28, 2021
Via: FCWMicrosoft on Thursday said it has observed the same group behind the campaign against SolarWinds using new tactics involving a wide-scale email phishing campaign to target thousands of people, and in some cases masquerading as part of the U.S. Agency […]
May 17, 2021
Via: CSO OnlineMany in mainstream media have characterized the DarkSide attack on Colonial Pipeline, which operates a significant portion of the nation’s critical energy infrastructure, as a wake-up call for CIOs and CISOs. If that is the case, then they are hard […]
April 15, 2021
Via: ZDnetHackers working for the Russian foreign intelligence service are behind the SolarWinds attack, cyber espionage campaigns targeting Covid-19 research facilities and more, according to the United States and the United Kingdom. The US accusation comes in a joint advisory by […]
April 15, 2021
Via: ArsTechnicaUS officials on Thursday formally blamed Russia for backing one of the worst espionage hacks in recent US history and imposed sanctions designed to mete out punishments for that and other recent actions. In a joint advisory, the National Security […]
March 30, 2021
Via: ZDnetEmail accounts belonging to US Department of Homeland Security (DHS) officials may have been compromised during the SolarWinds attack by Russian threat actors. The Associated Press reports that unauthorized intrusions occurred during the SolarWinds supply-chain attack. SolarWinds, the central point […]
Cybersecurity, IT Policy, Tech
March 22, 2021
Via: CSO OnlineAs the federal government grapples with Russia and China’s widespread and damaging hacks, the Biden administration is seeking new methods for better early threat detection of these sophisticated intrusions. Both the SolarWinds espionage hack attributed to Russian operatives and the […]
March 9, 2021
Via: ArsTechnicaBy now, most people know that hackers tied to the Russian government compromised the SolarWinds software build system and used it to push a malicious update to some 18,000 of the company’s customers. On Monday, researchers published evidence that hackers […]
February 22, 2021
Via: CSO OnlineOn February 4, 2021, New York became the first state in the nation to issue a cybersecurity insurance risk framework to all authorized property and casualty insurers. In releasing the framework, New York’s Department of Financial Services (DFS) said that […]
February 19, 2021
Via: ArsTechnicaThe hackers behind one of the worst breaches in US history read and downloaded some Microsoft source code, but there’s no evidence they were able to access production servers or customer data, Microsoft said on Thursday. The software maker also […]
February 4, 2021
Via: CSO OnlineThe Biden administration has hit the ground running on cybersecurity, reportedly getting ready to nominate what some have called a “world-class” cybersecurity team of officials and prioritizing efforts to tackle the worst hack in US history, the SolarWinds breach. The […]
February 3, 2021
Via: Government ExecutiveAs America struggles to assess the damage from the devastating SolarWinds cyberattack discovered in December, ProPublica has learned of a promising defense that could shore up the vulnerability the hackers exploited: a system the federal government funded but has never […]
January 27, 2021
Via: CSO OnlineThe SolarWinds/Solorigate attacks used some concerning methodologies. One of them has been what is called the Golden SAML attack process. Security Assertion Markup Language (SAML) enables the exchange of authentication and authorization information between trusted parties. The Golden SAML technique […]
Cybersecurity, Energy & Environment, Industry
January 11, 2021
Via: CSO OnlineOne of the most pernicious aspects of the far-reaching and potentially devastating SolarWinds supply chain hack is that it successfully evaded detection for at least ten months by hiding inside seemingly normal software operations. The hack of SolarWinds’ Orion product […]
January 7, 2021
Via: ArsTechnicaThe US Justice Department has become the latest federal agency to say its network was breached in a long and wide-ranging hack campaign that’s believed to have been backed by the Russian government. In a terse statement issued Wednesday, Justice […]