SolarWinds Articles

Updated 2024-01-20 05:49zZ

Credentials involved in hack including SAML (97 articles)

  1. Microsoft ‘senior leadership’ emails accessed by Russian SolarWinds hackers (Verge)
  2. Federal CISO Clarifies Support for a Standard that Could Make Passwords History (Nextgov)
  3. Podcast: Why Securing Active Directory Is a Nightmare (tpost)
  4. US, UK warn about Russia's brute force cyber campaign (Illinois News Today)
  5. Microsoft admits to signing rootkit malware in supply-chain fiasco (Business Standard News)
  6. Microsoft's CISO: Why we're trying to banish passwords forever (ZDNet)
  7. How Attackers Exploit Active Directory: Lessons Learned from High-Profile Breaches (secblvd)
  8. CrowdStrike breaks down 'Golden SAML' attack
  9. 12 Lessons Learned From The SolarWinds Breach: RSA Conference
  10. Opinion: Agencies Need More Reliable Authentication To De-Weaponize Stolen Data During SolarWinds Breach (Potomac Officers Club)
  11. Microsoft's new security feature locks hackers out with GPS (ZDNet)
  12. Biden’s Cyber Strategy Must De-weaponize Civilian Data (Nextgov)
  13. Dark Reading | Security (Protect The Business)
  14. SolarWinds, Microsoft Hacks Prompt Focus on Zero-Trust Security | News (CACM)
  15. Another SolarWinds lesson: Hackers are targeting Microsoft authentication servers (The Open Security)
  16. Dark Reading | Security (Protect The Business)
  17. Abusing Replication: Stealing AD FS Secrets Over the Network (fireeye)
  18. Hackers are targeting Microsoft authentication servers
  19. Well (known VPN used to steal credentials on SolarWinds servers)
  20. Another top VPN is reportedly being used to spread SolarWinds hack (TechRadar)
  21. CISA warns of theft of credentials via SolarWinds and PulseSecure VPN
  22. CISA warns of credential theft via SolarWinds and PulseSecure VPN (Public News)
  23. CISA warns of credential theft via SolarWinds and PulseSecure VPN (VentureBeat)
  24. Russian Cyber Threat Defense – Now and Looking Forward (secblvd)
  25. cyber.dhs.gov - Emergency Directive 21 (03: pulse secure)
  26. Hackers Exploit SolarWinds, Pulse Secure For Credential Theft: Feds
  27. Cybersecurity expert: If you use SolarWinds, they got you (POWERGRID International)
  28. Cybercriminals get bolder as impact from SolarWinds and ransomware grows (SiliconANGLE)
  29. Misuse of X.509 Certificates & Keys Involved in SolarWinds Attack
  30. Revelations About Securing Hybrid Cloud Environments Post-SolarWinds (secblvd)
  31. Broken trust: Lessons from Sunburst (Atlantic Council)
  32. SolarWinds Attackers Manipulated OAuth App Certificates
  33. Does Microsoft share blame for the SolarWinds hack? (Computerworld)
  34. Three Vulnerabilities Exposed During SolarWinds Attack & How It Could Have Been Prevented (CPO Magazine)
  35. CISA: ‘Identity is everything’ for cyber defense post-SolarWinds (FRN)
  36. Lesson From SolarWinds Attack: It's Time to Beef Up IAM
  37. CISA Official Calls for Update of Identity Management Guidance in Wake of SolarWinds Compromise (Nextgov)
  38. Accusation: Microsoft failed with security in the SolarWinds hack (Born's Tech and Windows World)
  39. Jeff Elder on Twitter: "SolarWinds leaders told Congress the password "solarwinds123" was a quickly fixed intern's error. Records show it was a publicly accessible software (update server with password visible for two years. A company email from 2019 notes)
  40. Former SolarWinds CEO blames intern for ‘solarwinds123’ password leak (WKSM-FM)
  41. Former SolarWinds CEO Blames Intern for “solarwinds123” Password Leak (FR24 News English)
  42. SolarWinds’ security practices questioned by lawmakers following cyber attack
  43. Microsoft failed to shore up defenses that could have limited SolarWinds hack: U.S. senator | Y100 WNCY | Your Home For Country & Fun (Green Bay, WI)
  44. US senator claims Microsoft failed to fix cloud holes before SolarWinds hack - Security (iTnews)
  45. SolarWinds Hackers Targeted Cloud Services as a Key Objective  (AI Trends)
  46. Paramount Defenses Opens Online Store to Empower Organizations Worldwide
  47. SolarWinds hackers studied Microsoft source code for authentication and email (Reuters)
  48. CyberArk Virtual Event - (The Anatomy of the SolarWinds Attack)
  49. The Hack Roundup: White House Says Neuberger Leading Federal Response (Nextgov)
  50. SolarWinds security to-do list post hack (Utility Dive)
  51. A Key Step in Preventing a Future SolarWinds (Just Security)
  52. Microsoft: No Evidence SolarWinds Was Hacked Via Office 365
  53. Microsoft warns of increasing OAuth Office 365 phishing attacks
  54. Microsoft: Office 365 Was Not SolarWinds Initial Attack Vector
  55. Multiple new SolarWinds vulnerabilities have been uncovered (TechRadar)
  56. SolarWinds CEO Confirms Office 365 Email ‘Compromise’ Played Role In Broad (Based Attack)
  57. Hackers Lurked in SolarWinds Email System for at Least 9 Months, CEO Says (WSJ)
  58. Tips to harden Active Directory against SolarWinds-type attacks (CSO Online)
  59. Mimecast Breach Linked To SolarWinds Hack, Allowed Cloud Services Access
  60. SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm
  61. Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
  62. Hackers abusing Mimecast certs to target Microsoft 365 users
  63. Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender (MS Security)
  64. Mimecast breach investigators probe possible SolarWinds connection (CyberScoop)
  65. Mimecast hit by “sophisticated threat actor”
  66. Miscreants Manipulate Mimecast Certificate -> Microsoft 365 Exchange Web Services: Welcome To The Pew Pew (secblvd)
  67. Mimecast: Hackers Compromised A Digital Certificate (My TechDecisions)
  68. Mimecast compromised by a threat actor | 2021-01-13 (Security Magazine)
  69. Mimecast Certificate Hacked in Supply-Chain Attack (tpost)
  70. Hackers Compromise Mimecast Certificate For Microsoft Authentication
  71. SolarWinds Hackers' Attack on Email Security Company Raises New Red Flags (MarketScreener)
  72. Important Update from Mimecast (Mimecast Blog)
  73. Email security firm Mimecast says hackers hijacked its products to spy on customers (Reuters)
  74. CISA: SolarWinds hackers also used password guessing to breach targets (ZDNet)
  75. A Golden SAML Journey: SolarWinds Continued (Splunk)
  76. CISA discovers token abuse around SolarWinds hack, calls for full rebuild of affected networks (scmedia)
  77. CISA: Hackers access to federal networks without SolarWinds - (FCW)
  78. CISA: SolarWinds Hackers Got Into Networks by Guessing Passwords (Nextgov)
  79. Azure-Sentinel/ADFSDomainTrustMods.yaml at master · Azure/Azure (Sentinel · GitHub)
  80. SolarWinds hack poses risk to cloud services' API keys and IAM identities
  81. Golden SAML Revisited: The Solorigate Connection (secblvd)
  82. VU#843464 (SolarWinds Orion API authentication bypass allows remote command execution)
  83. Cloud infrastructure is not immune from the SolarWinds Orion breach (secblvd)
  84. SolarWinds Campaign Focuses Attention on 'Golden ...
  85. NSA on Authentication Hacks (Related to SolarWinds Breach) (Schneier)
  86. Sygnia Advisory: Detection of Golden SAML attacks
  87. GitHub (cyberark/shimit: A tool that implements the Golden SAML attack)
  88. Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps
  89. We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext' (Register)
  90. How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication (Schneier)
  91. SolarFlare Release: Password Dumper for SolarWinds Orion :: malicious.link — welcome
  92. GitHub (mubix/solarflare: SolarWinds Orion Account Audit / Password Dumping Utility)
  93. SolarFlare Release: Password Dumper for SolarWinds Orion (secblvd)
  94. SolarWinds, GitHub Leaks and Securing the Software Supply Chain (BluBracket)
  95. Agencies Need to Improve Implementation of Federal Approach to Securing Systems and Protecting against Intrusions
  96. Find cloud account credentials
  97. CJ03 Solar Flare Pulling apart SolarWinds ORION Rob Fuller (YouTube)