SolarWinds Articles

2024-01-19

Microsoft ‘senior leadership’ emails accessed by Russian SolarWinds hackers. And by password stuffing.

Previous notes have been moved to here

Updated 2024-01-20 05:49z with 3239 articles

Index by topic

    published

  1. Articles in chronological order of publication

    2. discovered

  2. Articles in chronological order of discovery

    3. searchable

  3. Articles by website, searchable

    4. Explain hack

  4. Duration of attack, recovery
  5. Hearings request details about hack
  6. New policies consideration
  7. Timeline of the attack

    8. Initial vector

  8. First vector of attack

    9. Best articles

  9. Best journalism regarding the attack

    10. Legal action

  10. SEC Investigation
  11. SolarWinds Stock and associated legal action
  12. Legal action or legislation

    13. Executive Order

  13. White House Executive order

    14. Technical details

  14. Remote code execution
  15. Drilldown: Detailed, low-level analysis of malware and TTP
  16. Attackers still have access to compromised servers
  17. Malware used in the attack
  18. Tools Techniques and Procedures in the attack
  19. Credentials involved in hack including SAML
  20. Indicators of Compromise
  21. Detecting the presence of the attack
  22. Active Persistent Threat
  23. The vector or vectors used in the attack
  24. Phishing
  25. DNS extraction or circumvention
  26. Cloud vector involvement
  27. Tools for detection and recovery
  28. Protection processes
  29. Vulnerabilities

    30. Removal

  30. How to remove the malware

    31. Prevention

  31. Monitoring
  32. How to prevent attacks
  33. Zero trust

    34. victims

  34. Dept of Homeland Security hackers
  35. Mimecast
  36. Identifications of the victims of the attack

    37. breach

  37. Microsoft agent breached
  38. Failure to detect
  39. Loss of information such as source code
  40. Information breached or infrastructure compromised
  41. Description of the attack

    42. Extent of attack

  42. Cost of recovery
  43. Extent of attack and recovery effort
  44. Duration of attack, recovery
  45. Impact of hack

    46. Leadership, business issues and response

  46. International implicaitons
  47. Legisltation considered
  48. Legislslation would establish cybersecurity training
  49. Investment in security
  50. Funding for remediation and prevention
  51. 60 day sprints announced
  52. Breach disclosure requirements
  53. Reactions to the attack
  54. Actions responding to attack
  55. Congressional Hearings
  56. Board reform to include security
  57. Sharing information about hacks
  58. Considerations of Surveillance
  59. Transparency regarding hack
  60. Insurance
  61. Discrete actions taken in response to the attack
  62. Retaliation
  63. response
  64. Government breach or response
  65. Leadership

    66. Who is to blame

  66. The intern did it
  67. Pointing fingers
  68. Rejoinder to vendor's claims
  69. Vendor relevance to hack

    70. Cultural aspects that lead to breaches

  70. Culture

    71. Analysis of the attack and its impact and remediation

  71. Supply Chain Risk Warning
  72. Software Bill of Materials and SLSA
  73. Reproduceable builds or parallel builds
  74. Recovery from attack
  75. History of attacks
  76. Analysis of the attack
  77. Investigation of the vector
  78. Remediation
  79. Strategy for overall remediaton and long term view
  80. Attribution of the attacking actor

    81. Marketing and alternatives

  81. Mostly Marketing
  82. Alternatives to SolarWinds

    83. Podcast

  83. Video or Audio story

    84. Entertainment

  84. astronomy