SolarWinds Articles

Updated 2024-01-20 05:49zZ

Detecting the presence of the attack (132 articles)

  1. To avoid insider threats, security strategies call for behavioral profiling and anomaly comparison | 2021-05-20 (Security Magazine)
  2. CISA’s EINSTEIN had a chance to be great, but it’s more than good enough (FRN)
  3. State (Sponsored Cyberattacks Aren’t Going Away — Here’s How To Defend Your Organization)
  4. The Ticking Time Bomb in Every Company's Code
  5. ‘Accelerate change or lose’: Applying Gen. Brown’s action orders to cyberspace education and training
  6. Hunting Hackers: Reducing the Time to Discovery (CSO Online)
  7. NSA: OT Security Guidance in Wake of SolarWinds Attack
  8. Supply Chain Compromise (CISA)
  9. New analysis uncovers extensive SolarWinds attack infrastructure (TechRadar)
  10. Researchers Find Additional Infrastructure Used By SolarWinds Hackers
  11. More SolarWinds command and control hacking servers found - Security (iTnews)
  12. 5 signs a trucking company has been hacked (Commercial Carrier Journal)
  13. Feds Find More Malware Tied to SolarWinds Supply Chain Compromise
  14. Malware Wants to Phone Home. Trinity Cyber Doesn’t Try to Block It
  15. Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? (secblvd)
  16. Snort Blog: Snort rule update for April 15, 2021
  17. Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? (Krebs on Security)
  18. Biden's cyber executive order to include new rules for federal agencies, contractors
  19. cyber.dhs.gov - Emergency Directive 21 (02)
  20. The Fortune 500 Companies That Want To Be Hacked (The Tennessee Tribune)
  21. Blackberry Jarvis
  22. Microsoft Safety Scanner Download - Windows security (Microsoft Docs)
  23. CHIRP Tool to Detect SolarWinds Malicious Activity
  24. SolarWinds compromise leaves Senate questioning agency cyber defenses (Utility Dive)
  25. CISA releases CHIRP, a tool to detect SolarWinds malicious activity (TerabitWeb Blog)
  26. CISA releases CHIRP, a tool to detect SolarWinds malicious activitySecurity Affairs
  27. Using CHIRP to Detect Post-Compromise Threat Activity in On-Premises Environments (CISA)
  28. Did you get burned by the SolarWinds attack?US Releases Tools for Post-Infringement Detection (Texas News Today)
  29. U.S. cyber agency releases tool to help SolarWinds Orion defenders (IT World Canada News)
  30. CISA Releases New Tool To Scan For SolarWinds Compromise Activity (My TechDecisions)
  31. GitHub (cisagov/CHIRP: A forensic collection tool written in Python.)
  32. Burnt by SolarWinds attack? US releases tool for post-compromise detection (ZDNet)
  33. SolarWinds compromise leaves Senate questioning agency cyber defenses (Cybersecurity Dive)
  34. Why the SolarWinds Attack Easily Slipped by All EDR/EPP Solutions (secblvd)
  35. TTP Table for Detecting APT Activity Related to SolarWinds and Active Directory/M365 Compromise (Homeland Security Today)
  36. Capitol Hill angry over Microsoft’s security upcharge (POLITICO)
  37. White House Weighs New Cybersecurity Approach After Failure to Detect Hacks (nyt)
  38. SolarWinds, SUNBURST, and supply chain security.
  39. Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
  40. Microsoft opens CodeQL queries to public after SolarWinds hack
  41. SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020 (TI Forense)
  42. SolarWinds Orion Web Performance Monitor (WPM) Remote Detection (Tenable®)
  43. Sai Huda’s best-selling book Next Level Cybersecurity reveals signals missed in world’s largest hacks such as SolarWinds (EIN Presswire)
  44. MSFT Stock - Microsoft makes CodeQL queries public post SolarWinds attack (Fintech Zoom - World Finance)
  45. Microsoft makes CodeQL queries public post SolarWinds attack
  46. Microsoft releases open (source CodeQL queries to assess Solorigate compromiseSecurity Affairs)
  47. Microsoft: We've open-sourced this tool we used to hunt for code by SolarWinds hackers (ZDNet)
  48. SolarWinds Plans Cybersecurity Investment After Supply Chain Compromise (ExecutiveBiz)
  49. Microsoft shares tool to hunt for compromise in SolarWinds breach (CyberScoop)
  50. Microsoft Releases Queries for SolarWinds Attack Detection
  51. Microsoft failed to shore up defenses that could have limited SolarWinds hack: U.S. senator | Y100 WNCY | Your Home For Country & Fun (Green Bay, WI)
  52. Microsoft Releases Free Tool for Hunting SolarWinds ...
  53. IDX Introduces Cybersecurity Healthcheck to Identify Security...
  54. Ex-NSA chief: No idea how badly SolarWinds hack harmed security (The Jerusalem Post)
  55. Microsoft Releases Free Tool for Hunting SolarWinds ...
  56. Microsoft shares CodeQL queries to scan code for SolarWinds (like implants)
  57. Detecting and Responding to SolarWinds Infrastructure Attack with Cisco Secure Analytics (Cisco Blogs)
  58. SolarWinds Orion Network Performance Monitor Installed (Windows) (Tenable®)
  59. FireEye CEO on how the SolarWinds hack was discovered (CNN Video)
  60. Apiiro Releases Industry’s First Solution That Detects and Prevents the Attack Used Against Solarwinds
  61. SolarWinds Hacked From Inside U.S., 100+ Orgs Compromised
  62. Microsoft: SolarWinds attack took more than 1,000 engineers to create (ZDNet)
  63. VirusTotal
  64. VirusTotal
  65. GitHub (cisagov/Sparrow: Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.)
  66. Azure-Sentinel/RareProcbyServiceAccount.yaml at master · Azure/Azure (Sentinel · GitHub)
  67. Most Tools Failed to Detect the SolarWinds Malware. Those That Did Failed Too (CoFR)
  68. Azure-Sentinel/MailPermissionsAddedToApplication.yaml at master · Azure/Azure (Sentinel · GitHub)
  69. Azure-Sentinel/FirstAppOrServicePrincipalCredential.yaml at master · Azure/Azure (Sentinel · GitHub)
  70. GitHub - fireeye/Mandiant-Azure-AD (Investigator)
  71. Cyber Threat Intel Analysis and Expansion of SolarWinds Identified IoCs
  72. Sunburst Malware Information (FireEye)
  73. Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender (MS Security)
  74. Cybersecurity Pioneer Cyemptive Technologies Cautions Entities About the Depth and Breadth of the Recent SolarWinds Cyber Incident; Provides First Reliable Solution to Address Such Invasive Attacks (bizwire)
  75. Top SolarWinds risk assessment resources for Microsoft 365 and Azure (CSO Online)
  76. Cisco Event Response: SolarWinds Orion Platform Software Attack
  77. SolarWinds Malware Arsenal Widens with Raindrop (tpost)
  78. Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments (CISA)
  79. CISA: SolarWinds hackers also used password guessing to breach targets (ZDNet)
  80. FireEye's Mandia: 'Severity (Zero Alert' Led to ...)
  81. Gossamer tool aims to defend open source projects against SolarWinds-style supply chain attacks (The Daily Swig)
  82. Implications of Russian Hacking of SolarWinds
  83. DoJ says SolarWinds hackers breached its Office 365 system and read email (ars)
  84. Azure-Sentinel/ADFSDomainTrustMods.yaml at master · Azure/Azure (Sentinel · GitHub)
  85. SolarWinds Orion: Fixes Aim to Block Sunburst and Supernova
  86. CISA releases Azure, Microsoft 365 malicious activity detection tool
  87. Using Microsoft 365 Defender to protect against Solorigate (MS Security)
  88. Q:CYBER spots lateral movement as used in the SolarWinds (Sunburst) calamity | State (insidenova.com)
  89. SolarWinds (Understanding & Detecting the SUPERNOVA Webshell Trojan - SentinelLabs)
  90. How we protect our users against the Sunburst backdoor (Securelist)
  91. CrowdStrike Launches Free Tool to Identify & Mitigate Risks in Azure Active Directory (CrowdStrike)
  92. Sunburst Malware Optics Rules
  93. Qualys Researchers Identify 7+ Million Vulnerabilities Associated with SolarWinds/FireEye Breach by Analyzing Anonymized Vulnerabilities across Worldwide Customer Base (secblvd)
  94. SolarWinds Orion/SUNBURST – Armis Can See Impacted Devices & Attacks (secblvd)
  95. Anexinet Exec: Lack Of Monitoring In SolarWinds Hack Is ‘Scary’
  96. Advice for incident responders on recovery from systemic identity compromises (MS Security)
  97. Continue Clean (up of Compromised SolarWinds Software)
  98. Solorigate AzureAd IOCs
  99. Azure-Sentinel/SolarWindsPostCompromiseHunting.json at master · Azure/Azure (Sentinel · GitHub)
  100. Massive SolarWinds hack has big businesses on high alert (CNN)
  101. SolarWinds SUNBURST Backdoor: Inside the APT Campaign (SentinelLabs)
  102. GitHub (fireeye/sunburst_countermeasures)
  103. Datto Offers All MSPs Free Scanner To Find Signs Of FireEye, SolarWinds Hack
  104. Sygnia Advisory: Detection of Golden SAML attacks
  105. OODA Loop (Microsoft says it found malicious software in its systems)
  106. SolarWinds Hack ‘One Of The Worst In The Last Decade’: Analyst
  107. Microsoft says it was hit in SolarWinds attack, but customer data safe (BI)
  108. Nuclear weapons agency breached amid massive cyber onslaught (POLITICO)
  109. Exclusive-Suspected Russian hacking spree reached into Microsoft -sources (Reuters)
  110. Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations (CISA)
  111. Trend data on the SolarWinds Orion compromise
  112. SolarWinds Post-Compromise Hunting with Azure Sentinel (Microsoft Tech Community)
  113. InfoSec Handlers Diary Blog
  114. (1) Itay Cohen on Twitter: "The attackers behind the #SUNBURST malware put a lot of effort into trying to avoid detection by analysts and security vendors. Not only this, but they also tried to make sure to stay under the radar of #SolarWinds develope
  115. How suspected Russian hackers outed their massive cyberattack (POLITICO)
  116. Suspected Russia SolarWinds Hack Exposed After FireEye Cybersecurity Firm Found 'Backdoor'
  117. Suspected Russian Hack Said to Have Gone Undetected for Months (WSJ)
  118. SolarWinds attack explained: And why it was so hard to detect (CSO Online)
  119. FireEye Malware Optics Rules
  120. SolarWinds Breach Used to Infiltrate Customer Networks (Solarigate)
  121. GitHub (fireeye/sunburst_countermeasures)
  122. SolarWinds CyberAttack and FireEye Red Team Tools Coverage
  123. Customer Guidance on Recent Nation (State Cyber Attacks – Microsoft Security Response Center)
  124. Important steps for customers to protect themselves from recent nation-state cyberattacks (Microsoft On the Issues)
  125. cyber.dhs.gov - Emergency Directive 21 (01)
  126. Behavior:Win32/Solorigate.C!dha threat description (Microsoft Security Intelligence)
  127. Unauthorized Access of FireEye Red Team Tools (fireeye)
  128. Azure-Sentinel/ProcessEntropy.yaml at master · Azure/Azure (Sentinel · GitHub)
  129. U.S. Cyber Command Expands Operations to Hunt Hackers From Russia, Iran and China (nyt)
  130. Securing Active Directory: Performing an Active Directory Security Review
  131. Create a Log Analytics workspace in the Azure portal - Azure Monitor (Microsoft Docs)
  132. Azure-Sentinel/uncommon_processes.yaml at master · Azure/Azure (Sentinel · GitHub)