SolarWinds Articles
Updated 2024-01-20 05:49zZ
Detecting the presence of the attack (132 articles)
-
To avoid insider threats, security strategies call for behavioral profiling and anomaly comparison | 2021-05-20 (Security Magazine)
-
CISA’s EINSTEIN had a chance to be great, but it’s more than good enough (FRN)
-
State (Sponsored Cyberattacks Aren’t Going Away — Here’s How To Defend Your Organization)
-
The Ticking Time Bomb in Every Company's Code
-
‘Accelerate change or lose’: Applying Gen. Brown’s action orders to cyberspace education and training
-
Hunting Hackers: Reducing the Time to Discovery (CSO Online)
-
NSA: OT Security Guidance in Wake of SolarWinds Attack
-
Supply Chain Compromise (CISA)
-
New analysis uncovers extensive SolarWinds attack infrastructure (TechRadar)
-
Researchers Find Additional Infrastructure Used By SolarWinds Hackers
-
More SolarWinds command and control hacking servers found - Security (iTnews)
-
5 signs a trucking company has been hacked (Commercial Carrier Journal)
-
Feds Find More Malware Tied to SolarWinds Supply Chain Compromise
-
Malware Wants to Phone Home. Trinity Cyber Doesn’t Try to Block It
-
Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? (secblvd)
-
Snort Blog: Snort rule update for April 15, 2021
-
Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? (Krebs on Security)
-
Biden's cyber executive order to include new rules for federal agencies, contractors
-
cyber.dhs.gov - Emergency Directive 21 (02)
-
The Fortune 500 Companies That Want To Be Hacked (The Tennessee Tribune)
-
Blackberry Jarvis
-
Microsoft Safety Scanner Download - Windows security (Microsoft Docs)
-
CHIRP Tool to Detect SolarWinds Malicious Activity
-
SolarWinds compromise leaves Senate questioning agency cyber defenses (Utility Dive)
-
CISA releases CHIRP, a tool to detect SolarWinds malicious activity (TerabitWeb Blog)
-
CISA releases CHIRP, a tool to detect SolarWinds malicious activitySecurity Affairs
-
Using CHIRP to Detect Post-Compromise Threat Activity in On-Premises Environments (CISA)
-
Did you get burned by the SolarWinds attack?US Releases Tools for Post-Infringement Detection (Texas News Today)
-
U.S. cyber agency releases tool to help SolarWinds Orion defenders (IT World Canada News)
-
CISA Releases New Tool To Scan For SolarWinds Compromise Activity (My TechDecisions)
-
GitHub (cisagov/CHIRP: A forensic collection tool written in Python.)
-
Burnt by SolarWinds attack? US releases tool for post-compromise detection (ZDNet)
-
SolarWinds compromise leaves Senate questioning agency cyber defenses (Cybersecurity Dive)
-
Why the SolarWinds Attack Easily Slipped by All EDR/EPP Solutions (secblvd)
-
TTP Table for Detecting APT Activity Related to SolarWinds and Active Directory/M365 Compromise (Homeland Security Today)
-
Capitol Hill angry over Microsoft’s security upcharge (POLITICO)
-
White House Weighs New Cybersecurity Approach After Failure to Detect Hacks (nyt)
-
SolarWinds, SUNBURST, and supply chain security.
-
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
-
Microsoft opens CodeQL queries to public after SolarWinds hack
-
SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020 (TI Forense)
-
SolarWinds Orion Web Performance Monitor (WPM) Remote Detection (Tenable®)
-
Sai Huda’s best-selling book Next Level Cybersecurity reveals signals missed in world’s largest hacks such as SolarWinds (EIN Presswire)
-
MSFT Stock - Microsoft makes CodeQL queries public post SolarWinds attack (Fintech Zoom - World Finance)
-
Microsoft makes CodeQL queries public post SolarWinds attack
-
Microsoft releases open (source CodeQL queries to assess Solorigate compromiseSecurity Affairs)
-
Microsoft: We've open-sourced this tool we used to hunt for code by SolarWinds hackers (ZDNet)
-
SolarWinds Plans Cybersecurity Investment After Supply Chain Compromise (ExecutiveBiz)
-
Microsoft shares tool to hunt for compromise in SolarWinds breach (CyberScoop)
-
Microsoft Releases Queries for SolarWinds Attack Detection
-
Microsoft failed to shore up defenses that could have limited SolarWinds hack: U.S. senator | Y100 WNCY | Your Home For Country & Fun (Green Bay, WI)
-
Microsoft Releases Free Tool for Hunting SolarWinds ...
-
IDX Introduces Cybersecurity Healthcheck to Identify Security...
-
Ex-NSA chief: No idea how badly SolarWinds hack harmed security (The Jerusalem Post)
-
Microsoft Releases Free Tool for Hunting SolarWinds ...
-
Microsoft shares CodeQL queries to scan code for SolarWinds (like implants)
-
Detecting and Responding to SolarWinds Infrastructure Attack with Cisco Secure Analytics (Cisco Blogs)
-
SolarWinds Orion Network Performance Monitor Installed (Windows) (Tenable®)
-
FireEye CEO on how the SolarWinds hack was discovered (CNN Video)
-
Apiiro Releases Industry’s First Solution That Detects and Prevents the Attack Used Against Solarwinds
-
SolarWinds Hacked From Inside U.S., 100+ Orgs Compromised
-
Microsoft: SolarWinds attack took more than 1,000 engineers to create (ZDNet)
-
VirusTotal
-
VirusTotal
-
GitHub (cisagov/Sparrow: Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.)
-
Azure-Sentinel/RareProcbyServiceAccount.yaml at master · Azure/Azure (Sentinel · GitHub)
-
Most Tools Failed to Detect the SolarWinds Malware. Those That Did Failed Too (CoFR)
-
Azure-Sentinel/MailPermissionsAddedToApplication.yaml at master · Azure/Azure (Sentinel · GitHub)
-
Azure-Sentinel/FirstAppOrServicePrincipalCredential.yaml at master · Azure/Azure (Sentinel · GitHub)
-
GitHub - fireeye/Mandiant-Azure-AD (Investigator)
-
Cyber Threat Intel Analysis and Expansion of SolarWinds Identified IoCs
-
Sunburst Malware Information (FireEye)
-
Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender (MS Security)
-
Cybersecurity Pioneer Cyemptive Technologies Cautions Entities About the Depth and Breadth of the Recent SolarWinds Cyber Incident; Provides First Reliable Solution to Address Such Invasive Attacks (bizwire)
-
Top SolarWinds risk assessment resources for Microsoft 365 and Azure (CSO Online)
-
Cisco Event Response: SolarWinds Orion Platform Software Attack
-
SolarWinds Malware Arsenal Widens with Raindrop (tpost)
-
Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments (CISA)
-
CISA: SolarWinds hackers also used password guessing to breach targets (ZDNet)
-
FireEye's Mandia: 'Severity (Zero Alert' Led to ...)
-
Gossamer tool aims to defend open source projects against SolarWinds-style supply chain attacks (The Daily Swig)
-
Implications of Russian Hacking of SolarWinds
-
DoJ says SolarWinds hackers breached its Office 365 system and read email (ars)
-
Azure-Sentinel/ADFSDomainTrustMods.yaml at master · Azure/Azure (Sentinel · GitHub)
-
SolarWinds Orion: Fixes Aim to Block Sunburst and Supernova
-
CISA releases Azure, Microsoft 365 malicious activity detection tool
-
Using Microsoft 365 Defender to protect against Solorigate (MS Security)
-
Q:CYBER spots lateral movement as used in the SolarWinds (Sunburst) calamity | State (insidenova.com)
-
SolarWinds (Understanding & Detecting the SUPERNOVA Webshell Trojan - SentinelLabs)
-
How we protect our users against the Sunburst backdoor (Securelist)
-
CrowdStrike Launches Free Tool to Identify & Mitigate Risks in Azure Active Directory (CrowdStrike)
-
Sunburst Malware Optics Rules
-
Qualys Researchers Identify 7+ Million Vulnerabilities Associated with SolarWinds/FireEye Breach by Analyzing Anonymized Vulnerabilities across Worldwide Customer Base (secblvd)
-
SolarWinds Orion/SUNBURST – Armis Can See Impacted Devices & Attacks (secblvd)
-
Anexinet Exec: Lack Of Monitoring In SolarWinds Hack Is ‘Scary’
-
Advice for incident responders on recovery from systemic identity compromises (MS Security)
-
Continue Clean (up of Compromised SolarWinds Software)
-
Solorigate AzureAd IOCs
-
Azure-Sentinel/SolarWindsPostCompromiseHunting.json at master · Azure/Azure (Sentinel · GitHub)
-
Massive SolarWinds hack has big businesses on high alert (CNN)
-
SolarWinds SUNBURST Backdoor: Inside the APT Campaign (SentinelLabs)
-
GitHub (fireeye/sunburst_countermeasures)
-
Datto Offers All MSPs Free Scanner To Find Signs Of FireEye, SolarWinds Hack
-
Sygnia Advisory: Detection of Golden SAML attacks
-
OODA Loop (Microsoft says it found malicious software in its systems)
-
SolarWinds Hack ‘One Of The Worst In The Last Decade’: Analyst
-
Microsoft says it was hit in SolarWinds attack, but customer data safe (BI)
-
Nuclear weapons agency breached amid massive cyber onslaught (POLITICO)
-
Exclusive-Suspected Russian hacking spree reached into Microsoft -sources (Reuters)
-
Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations (CISA)
-
Trend data on the SolarWinds Orion compromise
-
SolarWinds Post-Compromise Hunting with Azure Sentinel (Microsoft Tech Community)
-
InfoSec Handlers Diary Blog
-
(1) Itay Cohen on Twitter: "The attackers behind the #SUNBURST malware put a lot of effort into trying to avoid detection by analysts and security vendors. Not only this, but they also tried to make sure to stay under the radar of #SolarWinds develope
-
How suspected Russian hackers outed their massive cyberattack (POLITICO)
-
Suspected Russia SolarWinds Hack Exposed After FireEye Cybersecurity Firm Found 'Backdoor'
-
Suspected Russian Hack Said to Have Gone Undetected for Months (WSJ)
-
SolarWinds attack explained: And why it was so hard to detect (CSO Online)
-
FireEye Malware Optics Rules
-
SolarWinds Breach Used to Infiltrate Customer Networks (Solarigate)
-
GitHub (fireeye/sunburst_countermeasures)
-
SolarWinds CyberAttack and FireEye Red Team Tools Coverage
-
Customer Guidance on Recent Nation (State Cyber Attacks – Microsoft Security Response Center)
-
Important steps for customers to protect themselves from recent nation-state cyberattacks (Microsoft On the Issues)
-
cyber.dhs.gov - Emergency Directive 21 (01)
-
Behavior:Win32/Solorigate.C!dha threat description (Microsoft Security Intelligence)
-
Unauthorized Access of FireEye Red Team Tools (fireeye)
-
Azure-Sentinel/ProcessEntropy.yaml at master · Azure/Azure (Sentinel · GitHub)
-
U.S. Cyber Command Expands Operations to Hunt Hackers From Russia, Iran and China (nyt)
-
Securing Active Directory: Performing an Active Directory Security Review
-
Create a Log Analytics workspace in the Azure portal - Azure Monitor (Microsoft Docs)
-
Azure-Sentinel/uncommon_processes.yaml at master · Azure/Azure (Sentinel · GitHub)