SolarWinds Articles
Updated 2024-01-20 05:49zZ
Credentials involved in hack including SAML (97 articles)
-
Microsoft ‘senior leadership’ emails accessed by Russian SolarWinds hackers (Verge)
-
Federal CISO Clarifies Support for a Standard that Could Make Passwords History (Nextgov)
-
Podcast: Why Securing Active Directory Is a Nightmare (tpost)
-
US, UK warn about Russia's brute force cyber campaign (Illinois News Today)
-
Microsoft admits to signing rootkit malware in supply-chain fiasco (Business Standard News)
-
Microsoft's CISO: Why we're trying to banish passwords forever (ZDNet)
-
How Attackers Exploit Active Directory: Lessons Learned from High-Profile Breaches (secblvd)
-
CrowdStrike breaks down 'Golden SAML' attack
-
12 Lessons Learned From The SolarWinds Breach: RSA Conference
-
Opinion: Agencies Need More Reliable Authentication To De-Weaponize Stolen Data During SolarWinds Breach (Potomac Officers Club)
-
Microsoft's new security feature locks hackers out with GPS (ZDNet)
-
Biden’s Cyber Strategy Must De-weaponize Civilian Data (Nextgov)
-
Dark Reading | Security (Protect The Business)
-
SolarWinds, Microsoft Hacks Prompt Focus on Zero-Trust Security | News (CACM)
-
Another SolarWinds lesson: Hackers are targeting Microsoft authentication servers (The Open Security)
-
Dark Reading | Security (Protect The Business)
-
Abusing Replication: Stealing AD FS Secrets Over the Network (fireeye)
-
Hackers are targeting Microsoft authentication servers
-
Well (known VPN used to steal credentials on SolarWinds servers)
-
Another top VPN is reportedly being used to spread SolarWinds hack (TechRadar)
-
CISA warns of theft of credentials via SolarWinds and PulseSecure VPN
-
CISA warns of credential theft via SolarWinds and PulseSecure VPN (Public News)
-
CISA warns of credential theft via SolarWinds and PulseSecure VPN (VentureBeat)
-
Russian Cyber Threat Defense – Now and Looking Forward (secblvd)
-
cyber.dhs.gov - Emergency Directive 21 (03: pulse secure)
-
Hackers Exploit SolarWinds, Pulse Secure For Credential Theft: Feds
-
Cybersecurity expert: If you use SolarWinds, they got you (POWERGRID International)
-
Cybercriminals get bolder as impact from SolarWinds and ransomware grows (SiliconANGLE)
-
Misuse of X.509 Certificates & Keys Involved in SolarWinds Attack
-
Revelations About Securing Hybrid Cloud Environments Post-SolarWinds (secblvd)
-
Broken trust: Lessons from Sunburst (Atlantic Council)
-
SolarWinds Attackers Manipulated OAuth App Certificates
-
Does Microsoft share blame for the SolarWinds hack? (Computerworld)
-
Three Vulnerabilities Exposed During SolarWinds Attack & How It Could Have Been Prevented (CPO Magazine)
-
CISA: ‘Identity is everything’ for cyber defense post-SolarWinds (FRN)
-
Lesson From SolarWinds Attack: It's Time to Beef Up IAM
-
CISA Official Calls for Update of Identity Management Guidance in Wake of SolarWinds Compromise (Nextgov)
-
Accusation: Microsoft failed with security in the SolarWinds hack (Born's Tech and Windows World)
-
Jeff Elder on Twitter: "SolarWinds leaders told Congress the password "solarwinds123" was a quickly fixed intern's error. Records show it was a publicly accessible software (update server with password visible for two years. A company email from 2019 notes)
-
Former SolarWinds CEO blames intern for ‘solarwinds123’ password leak (WKSM-FM)
-
Former SolarWinds CEO Blames Intern for “solarwinds123” Password Leak (FR24 News English)
-
SolarWinds’ security practices questioned by lawmakers following cyber attack
-
Microsoft failed to shore up defenses that could have limited SolarWinds hack: U.S. senator | Y100 WNCY | Your Home For Country & Fun (Green Bay, WI)
-
US senator claims Microsoft failed to fix cloud holes before SolarWinds hack - Security (iTnews)
-
SolarWinds Hackers Targeted Cloud Services as a Key Objective (AI Trends)
-
Paramount Defenses Opens Online Store to Empower Organizations Worldwide
-
SolarWinds hackers studied Microsoft source code for authentication and email (Reuters)
-
CyberArk Virtual Event - (The Anatomy of the SolarWinds Attack)
-
The Hack Roundup: White House Says Neuberger Leading Federal Response (Nextgov)
-
SolarWinds security to-do list post hack (Utility Dive)
-
A Key Step in Preventing a Future SolarWinds (Just Security)
-
Microsoft: No Evidence SolarWinds Was Hacked Via Office 365
-
Microsoft warns of increasing OAuth Office 365 phishing attacks
-
Microsoft: Office 365 Was Not SolarWinds Initial Attack Vector
-
Multiple new SolarWinds vulnerabilities have been uncovered (TechRadar)
-
SolarWinds CEO Confirms Office 365 Email ‘Compromise’ Played Role In Broad (Based Attack)
-
Hackers Lurked in SolarWinds Email System for at Least 9 Months, CEO Says (WSJ)
-
Tips to harden Active Directory against SolarWinds-type attacks (CSO Online)
-
Mimecast Breach Linked To SolarWinds Hack, Allowed Cloud Services Access
-
SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm
-
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
-
Hackers abusing Mimecast certs to target Microsoft 365 users
-
Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender (MS Security)
-
Mimecast breach investigators probe possible SolarWinds connection (CyberScoop)
-
Mimecast hit by “sophisticated threat actor”
-
Miscreants Manipulate Mimecast Certificate -> Microsoft 365 Exchange Web Services: Welcome To The Pew Pew (secblvd)
-
Mimecast: Hackers Compromised A Digital Certificate (My TechDecisions)
-
Mimecast compromised by a threat actor | 2021-01-13 (Security Magazine)
-
Mimecast Certificate Hacked in Supply-Chain Attack (tpost)
-
Hackers Compromise Mimecast Certificate For Microsoft Authentication
-
SolarWinds Hackers' Attack on Email Security Company Raises New Red Flags (MarketScreener)
-
Important Update from Mimecast (Mimecast Blog)
-
Email security firm Mimecast says hackers hijacked its products to spy on customers (Reuters)
-
CISA: SolarWinds hackers also used password guessing to breach targets (ZDNet)
-
A Golden SAML Journey: SolarWinds Continued (Splunk)
-
CISA discovers token abuse around SolarWinds hack, calls for full rebuild of affected networks (scmedia)
-
CISA: Hackers access to federal networks without SolarWinds - (FCW)
-
CISA: SolarWinds Hackers Got Into Networks by Guessing Passwords (Nextgov)
-
Azure-Sentinel/ADFSDomainTrustMods.yaml at master · Azure/Azure (Sentinel · GitHub)
-
SolarWinds hack poses risk to cloud services' API keys and IAM identities
-
Golden SAML Revisited: The Solorigate Connection (secblvd)
-
VU#843464 (SolarWinds Orion API authentication bypass allows remote command execution)
-
Cloud infrastructure is not immune from the SolarWinds Orion breach (secblvd)
-
SolarWinds Campaign Focuses Attention on 'Golden ...
-
NSA on Authentication Hacks (Related to SolarWinds Breach) (Schneier)
-
Sygnia Advisory: Detection of Golden SAML attacks
-
GitHub (cyberark/shimit: A tool that implements the Golden SAML attack)
-
Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps
-
We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext' (Register)
-
How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication (Schneier)
-
SolarFlare Release: Password Dumper for SolarWinds Orion :: malicious.link — welcome
-
GitHub (mubix/solarflare: SolarWinds Orion Account Audit / Password Dumping Utility)
-
SolarFlare Release: Password Dumper for SolarWinds Orion (secblvd)
-
SolarWinds, GitHub Leaks and Securing the Software Supply Chain (BluBracket)
-
Agencies Need to Improve Implementation of Federal Approach to Securing Systems and Protecting against Intrusions
-
Find cloud account credentials
-
CJ03 Solar Flare Pulling apart SolarWinds ORION Rob Fuller (YouTube)