SolarWinds Articles

Note for 2021-07-17

2848 articles. We now have 70 articles with RCE with SolarWinds . Most of those are the recent one detected by MicroSoft And it is related to exposing SSH to the internet.

You may see articles that link a recently-revealed iOS vulnerability, but the only connection is that this was done by the presumed hacker that did SolarWinds. Slight confusion has ensued.

Note for 2021-07-06

2848 articles. Lots of the news is about Kaseya referencing SolarWinds. I've elected not to follow that story. There are many articles that I don't include, mostly the market analysis, along with the surprisingly frequent Take Control Not Working.

Note for 2021-07-01

The Danish National Bank is said to have the comrpomised SolarWinds vector in their systems for seven months. The Denmark Nationalbank denies these reports

A Microsoft CS agent was compromised by the SolarWinds actors, resulting in three companies being compromised

Note for 2021-06-21

The SEC is investigating several firms for failure to disclose breach.

Jake Sullivan says that US is preparing more sanctions for Russia.

Simple measures would have prevented the attack.

Note for 2021-06-19

Google develops a tool to help with SBOM called SLSA.

There is a new White House Cyber Director White House Cyber director.

Note for 2021-06-15

News today is about government staffing efforts for cybersecurity, and the possiblity of regulation

Note for 2021-06-11

The collection of articles in the legal section now has the biggest article to date, where strong claims are made, some with possible non-civil liabilities.

The claims are severe, detailed, and damning. All the claims made on the SW website about security are claimed in the lawsuit to be false--a full fabrication. Multiple people are quoted, including Ian Thornton-Trump, Costin Raui, and ten former employees.

A summary:

  1. There was no Information Security Policy
  2. SolarWinds did not follow their password policy
  3. There was no security training
  4. SolarWinds had no security team
  5. SolarWinds did not segment its network and did not limit user authorization
  6. SolarWinds did not perform background checks on its empolyees
  7. SolarWinds did not prioritize cybersecurity
  8. The lawsuit further claims that the emphasis put on increasing sales and stock prices and cutting costs at the expense of security led to personal financial gain to some named individuals.

This whole thing puts a stark emphasis on how we evaluate vendors whose software runs as root in our systems.


Updated 2021-09-10 16:07z with 2996 articles

Index by topic

    published

  1. Articles in chronological order of publication
  2. discovered

  3. Articles in chronological order of discovery
  4. searchable

  5. Articles by website, searchable
  6. Explain hack

  7. Hearings request details about hack
  8. New policies consideration
  9. Timeline of the attack
  10. Initial vector

  11. First vector of attack
  12. Best articles

  13. Best journalism regarding the attack
  14. Legal action

  15. SEC Investigation
  16. SolarWinds Stock and associated legal action
  17. Legal action or legislation
  18. Executive Order

  19. White House Executive order
  20. Technical details

  21. Remote code execution
  22. Drilldown: Detailed, low-level analysis of malware and TTP
  23. Attackers still have access to compromised servers
  24. Malware used in the attack
  25. Tools Techniques and Procedures in the attack
  26. Credentials involved in hack including SAML
  27. Indicators of Compromise
  28. Detecting the presence of the attack
  29. Active Persistent Threat
  30. The vector or vectors used in the attack
  31. Phishing
  32. DNS extraction or circumvention
  33. Cloud vector involvement
  34. Tools for detection and recovery
  35. Protection processes
  36. Vulnerabilities
  37. Removal

  38. How to remove the malware
  39. Prevention

  40. Monitoring
  41. How to prevent attacks
  42. Zero trust
  43. victims

  44. Dept of Homeland Security hackers
  45. Mimecast
  46. Identifications of the victims of the attack
  47. breach

  48. Microsoft agent breached
  49. Failure to detect
  50. Loss of information such as source code
  51. Information breached or infrastructure compromised
  52. Description of the attack
  53. Extent of attack

  54. Cost of recovery
  55. Extent of attack and recovery effort
  56. Duration of attack, recovery
  57. Impact of hack
  58. Leadership, business issues and response

  59. International implicaitons
  60. Legisltation considered
  61. Legislslation would establish cybersecurity training
  62. Investment in security
  63. Funding for remediation and prevention
  64. 60 day sprints announced
  65. Breach disclosure requirements
  66. Reactions to the attack
  67. Actions responding to attack
  68. Congressional Hearings
  69. Board reform to include security
  70. Sharing information about hacks
  71. Considerations of Surveillance
  72. Transparency regarding hack
  73. Insurance
  74. Discrete actions taken in response to the attack
  75. Retaliation
  76. response
  77. Government breach or response
  78. Leadership
  79. Who is to blame

  80. The intern did it
  81. Pointing fingers
  82. Rejoinder to vendor's claims
  83. Vendor relevance to hack
  84. Cultural aspects that lead to breaches

  85. Culture
  86. Analysis of the attack and its impact and remediation

  87. Supply Chain Risk Warning
  88. Software Bill of Materials and SLSA
  89. Reproduceable builds or parallel builds
  90. Recovery from attack
  91. History of attacks
  92. Analysis of the attack
  93. Investigation of the vector
  94. Remediation
  95. Strategy for overall remediaton and long term view
  96. Attribution of the attacking actor
  97. Marketing and alternatives

  98. Mostly Marketing
  99. Alternatives to SolarWinds
  100. Podcast

  101. Video or Audio story
  102. Entertainment

  103. astronomy