SolarWinds Articles

Updated 2024-01-20

1. Microsoft ‘senior leadership’ emails accessed by Russian SolarWinds hackers (Verge)
2. GitHub (mandiant/red_team_tool_countermeasures)
3. Security Advisory (SolarWinds)
4. HAFNIUM targeting Exchange Servers with 0-day exploits (Microsoft Security Blog)
5. Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims (WIRED)
6. Move over, SolarWinds: 30,000 orgs’ email hacked via Microsoft Exchange Server flaws (Verge)
7. Customer Guidance on Recent Nation-State Cyber Attacks | MSRC Blog (Microsoft Security Response Center)
8. Hackers backed by Russian government reportedly breached US government agencies (Verge)
9. FireEye cybersecurity tools compromised in state-sponsored attack (Verge)
10. Unauthorized Access of FireEye Red Team Tools (Mandiant)

Updated 2024-01-08

1. SolarWinds Execs Targeted by SEC, CEO Vows to Fight

Updated 2023-12-06

1. CSP #78 – Solarwinds From the Inside: The Breach and the Aftermath – Tim Brown (scmedia)
2. SEC notice to SolarWinds CISO and CFO roils cybersecurity industry (CSO Online)
3. SolarWinds CISO and CFO are focus of SEC’s Orion investigation (scmedia)

Updated 2023-10-31

1. SEC Charges SolarWinds and CISO With Misleading Investors (Infosecurity Magazine)
2. SolarWinds and CISO accused of fraud, control failures (Help Net Security)
3. SEC charges SolarWinds with fraud over SUNBURST attacks (Register)
4. SolarWinds allegedly misled public on its security before Sunburst cyberattack: SEC (IT World Canada News)
5. US regulators sue SolarWinds and its security chief for alleged cyber neglect ahead of Russian hack (ABC News)
6. SEC Suit Claims SolarWinds Misled Investors On Cyber Risks (Law360)
7. SEC charges SolarWinds with fraud tied to its IPO and cybersecurity hack (Austin Business Journal)
8. SEC charges SolarWinds, top security executive with fraud in 2020 incident
9. Bob Ackerman on LinkedIn: US SEC sues SolarWinds for concealing cyber risks before massive hacking (13 comments)
10. SolarWinds Misled Public on Cyber Risk Before Hack, SEC Claims (Bloomberg)
11. IANS LIVE-US SUES SUDHAKAR RAMAKRISHNA (RUN SOLARWINDS FOR MISLEADING INVESTORS BEFORE MASSIVE HACK)
12. SEC sues SolarWinds over massive cyberattack
13. U.S. SEC sues SolarWinds and security chief for fraud (Fortune)
14. SEC Charges SolarWinds and CISO With Misleading Investors (Infosecurity Magazine)
15. SolarWinds faces SEC lawsuit after 2020 hack
16. SolarWinds, chief information security officer charged with fraud by SEC (NYSE:SWI) (Seeking Alpha)
17. SolarWinds CISO Sued for Fraud by US SEC (secblvd)
18. BREAKING: Feds Take Unprecedented Action Against CISO in SolarWinds Case
19. SEC charges SolarWinds, its CISO with fraud (Cybersecurity Dive)
20. Techmeme: The US SEC charges SolarWinds for failing to disclose alleged cybersecurity failures ahead of a breach by suspected Russian hackers that began as early as 2019 (Tim Starks/Washington Post)
21. US SEC sues SolarWinds for concealing cyber risks before massive hacking (Reuters)
22. Reuters Legal on X: "The SEC sued SolarWinds Corp and its top cybersecurity executive, saying they repeatedly misled investors and the public about a software product linked to one of biggest hackings targeting the US government https://t.co/ENR9Rioxaq ht
23. US regulators sue SolarWinds and its security chief for alleged cyber neglect ahead of Russian hack
24. What to know about the SEC’s case against SolarWinds (wapo)
25. SEC charges SolarWinds, CISO with fraud in 2020 supply chain attacks (scmedia)
26. DOJ Detected SolarWinds Breach Months Before Public Disclosure (WIRED)
27. SEC sues SolarWinds for misleading investors before 2020 hack
28. SEC charges SolarWinds CISO with fraud for misleading investors before major cyberattack
29. SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation (Cybersecurity Dive)
30. SolarWinds charged by SEC for failing to disclose cybersecurity problems (wapo)
31. SEC.gov (SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures)
32. SEC Charges SolarWinds and Its CISO With Fraud and Cybersecurity Failures (SecurityWeek)
33. US SEC sues SolarWinds for concealing cyber risks before massive hacking (Reuters)
34. SEC Sues SolarWinds Over 2020 Hack Attributed to Russians (WSJ)
35. SolarWinds Patches High-Severity Flaws in Access Rights Manager (SecurityWeek)
36. (2816) From Hexacon 2023 - A Demonstration of CVE-2022-47504: An RCE in SolarWinds NPM (YouTube)
37. SolarWinds Sunburst Attack: Lessons On Dealing With A Cyberattack
38. SolarWinds (SolarWinds CISO Tim Brown Named CISO of the Year by Globee Cybersecurity Awards)
39. SolarWinds Adviser Warned of Lax Security Years Before Hack (Bloomberg)
40. Ex (SolarWinds Adviser Warned Company of Security Issues in 2017: 'Incredibly Easy Target to Hack')
41. Austin's SolarWinds buying N.C. (based IT company for $350 million)

Updated 2023-10-24

1. Critical RCE flaws found in SolarWinds access audit solution
2. Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover

Updated 2023-08-07

1. Microsoft Signing Key Stolen by Chinese (Schneier)

Updated 2023-08-02

1. Solarwinds From the Inside: The Breach and the Aftermath – Tim Brown – CSP #78 (scmedia)

Updated 2023-08-01

1. US senator blasts Microsoft for “negligent cybersecurity practices” (ars)

Updated 2023-06-26

1. SolarWinds Execs Targeted by SEC, CEO Vows to Fight

Updated 2023-05-09

1. SolarWinds: The Untold Story of the Boldest Supply-Chain Hack (WIRED)

Updated 2023-03-10

1. SolarWinds Breach Revealed Shortcomings At CISA, DHS IG Report Shows
2. SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities (SecurityWeek)

Updated 2022-12-22

1. Layoffs at N-able came 'out of nowhere' (WRAL TechWire)

Updated 2022-11-03

1. Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply (Chain Attack)

Updated 2022-05-22

1. SolarWinds is ready to overcome violations and help customers manage them (Newjerseyupdates.com)
2. Third (Party Cyber Risk Management Primer)
3. Conditions are cooling off for troubled SolarWinds (FRN)
4. Biden administration makes inroads amid zero trust rollout (Cybersecurity Dive)
5. SonarSource Appoints Kevin Thompson on its Board of Directors
6. SolarWinds Orion Platform 2020.2.0 < 2020.2.6 Multiple Vulnerabilities - Nessus (InfosecMatter)
7. DOJ Won't Prosecute White Hat Hackers, Only Bad Cybercriminals
8. CISA exec calls SolarWinds hack a wake-up call for government cybersecurity | Secondary Sources | National (Westlaw Today)
9. The Four Horsemen of Software Supply Chain Attacks (MSSP Alert)
10. One year after Biden executive order, cyber officials defend progress (The Record by Recorded Future)
11. SolarWinds data breach lawsuit takeaways for CISOs (Security Magazine)
12. SolarWinds breach lawsuits: 6 takeaways for CISOs (CSO Online)
13. SolarWinds and the Challenges of Patching: Can We Ever Stop Dancing With the Devil?
14. Court denies SolarWinds bid to throw out breach lawsuit
15. Shareholders Seek to Hold Current and Former SolarWinds Officials Liable for Massive 2020 Security Breach (Benesch - JDSupra)
16. SolarWinds Board Sued by Pension Funds Over Cyberattack (1)
17. CVE-2021-35235 (SolarWinds Kiwi Syslog Server ASP.NET Debugging information disclosure)
18. Scientists create most detailed map of Uranus' mysterious auroras to date (Space)
19. How the SolarWinds Hack (almost) went Undetected
20. (1293) SEC-T 0x0D: Erik Hjelmvik - Hiding in Plain Sight - How the SolarWinds Hack Went Undetected (YouTube)
21. Reversing Golang used in SolarWinds : ReverseEngineering

Updated 2022-04-24

1. SCuBA gears up agencies to survive the ‘next’ SolarWinds attack (FRN)
2. The SolarWinds hack pokes holes in Defend Forward (CISSAR)
3. SolarWinds Co. (NYSE:SWI) Sees Significant Decrease in Short Interest (ETF Daily News)
4. Lessons Learned from Cyberattacks on Critical Infrastructure (Toolbox It-security)

Updated 2022-04-23

1. 60% of Healthcare Orgs Say Third (Party Risk Management Needs Improvement)
2. Secure Cloud Business Applications
3. Federal News Network: SCuBA gears up agencies to survive the ‘next’ SolarWinds attack (G2Xchange FedCiv)
4. CISA Seeks Comment on Visibility Effort Being Piloted with Cloud Service Providers (Nextgov)
5. Another Hacking Group Has Targeted SolarWinds Systems

Updated 2022-02-13

1. Hacks Bring New Urgency to Moves by Congress and Agencies to Reduce Future Cybersecurity Risks (U.S. GAO)
2. SolarWinds breach updates. Microsoft sinkholes Sunburst’s C&C domain. Facebook takes down inauthentic networks targeting Africa. (SDR News)

Updated 2022-02-12

1. GovCon Expert Dana Barnes: Reflections on White House Zero Trust Cybersecurity Plan

Updated 2022-02-11

1. Ten Questions We Hope the Cyber Safety Review Board Answers—and Three It Should Ignore (Lawfare)
2. SEC.gov (Statement on Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies)
3. DHS Launches First-Ever Cyber Safety Review Board (Homeland Security)

Updated 2022-02-09

1. NIST Suggests Agencies Accept the Word of Software Producers Per Executive Order (Nextgov)

Updated 2022-01-20

1. Microsoft: Hackers Exploiting New SolarWinds Serv (U Bug Related to Log4j Attacks)

Updated 2022-01-14

1. Statutory restrictions hindered federal response to SolarWinds, Microsoft Exchange

Updated 2021-12-26

1. SolarWinds investors allege board knew about cyber risks (Reuters)

Updated 2021-12-24

1. White House national security adviser asks software ...
2. SolarWinds breach updates. Microsoft sinkholes Sunburst's C&C domain. Facebook takes down inauthentic networks.
3. Federal CISO Clarifies Support for a Standard that Could Make Passwords History (Nextgov)
4. White House national security adviser asks software companies to discuss cybersecurity
5. White House national security adviser asks software companies to discuss cybersecurity (Reuters)
6. IT reseller challenges USDA’s ’20 (year tradition’ of sticking with Microsoft)
7. Opinion (To keep our country safe, we need a national Cyber Academy. Think of it as West Point for technology defense. - The Washington Post)
8. Federal Agencies Issue New Breach Notification Rules for Banking Organizations and Banking Service Providers (Benesch - JDSupra)
9. Harris calls for 'cyber doctrine' to address increasing attacks (hill)
10. Threat actors behind SolarWinds compromise are still active, warns Mandiant (IT World Canada News)
11. Remote code execution in SolarWinds Database Performance Analyzer (Apache Log4j component)
12. SolarWinds Trust Center Security Advisories (CVE-2021-44228)
13. CVE-2021-35248 (SolarWinds Orion Settings access control)
14. CVE-2021-35234 (SolarWinds Orion sql injection)
15. SolarWinds Orion sql injection [CVE-2021 (35234] – Yet Another News Aggregator Channel)
16. Re: Is there a tool similar to Solarwinds Network Configuration Manager for... (The Meraki Community)
17. From Cybercrime To National Security Priority: Biden’s War On Ransomware – Analysis (Eurasia Review)
18. The new PseudoManuscrypt malware puts over 35,000 PCs at risk (TheDigitalHacker)
19. Nobelium gang malware evolves one year after SolarWinds
20. EETimes (SolarWinds Fallout: When Will Breach Reporting Become Mandatory?)
21. NASA Probe Becomes First Spacecraft to Enter Sun’s Atmosphere
22. EETimes (SolarWinds Fallout: When Will Breach Reporting Become Mandatory?)
23. SolarWinds (NYSE:SWI) Downgraded by JPMorgan Chase & Co. to Neutral (MarketBeat)
24. Research: Announcement of Periodic Review: Moody's announces completion of a periodic review of ratings of SolarWinds Holdings, Inc. (Moody's)
25. Did a Russian Cyberattack Affect the Election? Officials Couldn't Be Sure
26. Massive Software Flaw With Global Reach Forces Quebec To Shut Government Websites (The Street Journal)
27. FireEye finds new malware likely linked to SolarWinds hackers - AlienVault (Open Threat Exchange)
28. New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452 (Mandiant)
29. SolarWinds Government Data Breach Leads to Securities Action (Proskauer - Corporate Defense and Disputes - JDSupra)

Updated 2021-12-09

1. House Passes NDAA Without Cyber Incident Reporting Legislation (Nextgov)
2. Breach reporting requirement sputters as House passes NDAA (scmedia)
3. Reviewing the Biggest Data Breaches of 2021 (secblvd)
4. A Year After the SolarWinds Hack, Supply Chain Threats Still Loom (WIRED)
5. SolarWinds hack may have been more damaging than previously thought (TechRadar)
6. SolarWinds Attackers Spotted Using New Tactics, Malware (tpost)
7. Rules Committee Print 117 (21; Text of House Amendment to S. 1605)
8. You can’t stop the ‘next SolarWinds’—but you can slow it down (Opera News)
9. You can't stop the 'next SolarWinds' -- but you can slow it down (VentureBeat)
10. Cybersecurity for Idiots (Lawfare)
11. Microsoft says it identified 40+ victims of the SolarWinds hack | #microsoft | #hacking (#cybersecurity - NATIONAL CYBER SECURITY NEWS TODAY)
12. Part of Earth’s Water Came from the Sun, New Study Suggests (Sci-News.com)
13. SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks (tpost)
14. DOJ to Federal Contractors: Report Cyberattacks or Face the False Claims Act (Lexology)
15. Microsoft Says Russia Behind Over 50% Of State (Sponsored Cyber Hacks)
16. Nobelium Makes Russia Leader in Cyberattacks (BankInfoSecurity)
17. Microsoft: Russia Behind 58% of Detected State (Backed Hacks)
18. SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor (tpost)
19. VA found ‘no evidence’ of compromise in SolarWinds hack: CISO Cunningham

Updated 2021-12-08

1. The Microsoft paradox: Contributing to cyber threats and monetizing the cure (Fortune)
2. Mandiant: SolarWinds Attackers Continue to Innovate
3. SolarWinds hackers have been quietly targeting governments, cloud providers (scmedia)
4. Russian Actors Behind SolarWinds Attack Hit Global Business & Government Targets
5. Suspected Russian Activity Targeting Government and Business Entities Around the Globe (Mandiant)
6. SolarWinds hackers kept busy in the year since the seminal hack, Mandiant finds
7. Russian group behind SolarWinds incident ramping up hacking efforts, analysis says (hill)
8. SolarWinds hackers have been quietly targeting governments, cloud providers (scmedia)
9. SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat

Updated 2021-12-07

1. SolarWinds hackers have a whole bag of new tricks for mass compromise attacks (ars)

Updated 2021-11-15

1. Warning as Microsoft malware attack 'creates backdoor for hackers' to enter servers
2. TSA to issue regulations to secure rail, aviation groups against cyber threats (hill)
3. The SolarWinds hack may have been more damaging than previously thought
4. Biden signs bill to strengthen K-12 school cybersecurity (hill)
5. Microsoft Digital Defense Report and Security Intelligence Reports
6. Hackers in SolarWinds breach stole data on U.S. sanctions policy, intelligence probes -sources (Nasdaq)
7. Microsoft: Russia is behind 58% of detected state-sponsored hacks (Fortune)
8. Hackers in SolarWinds breach stole data on U.S. sanctions policy, intelligence probes -sources (National Post)
9. Russian hackers behind SolarWinds hack trying to infiltrate US and European government networks - WRCBtv.com | #government | #hacking (#cyberattack - National Cyber Security News Today)
10. Senate Committee Passes Major FISMA Changes—Including a New Definition of ‘Major Incident’  (Nextgov)
11. Lawmakers advocate for establishment of standalone House and Senate cyber panels (hill)
12. Mandiant Is Back: What to Expect From ‘Part Deux’ (SDxCentral)
13. Senate Panel Advances FISMA Reform Bill (MeriTalk)
14. Russian hackers behind SolarWinds hack are trying to infiltrate US and European government networks (CNNPolitics)
15. Kevin Mandia: Coordination, Tech Among Keys to Cybersecurity Advancement (ExecutiveBiz)
16. DOJ to go after government contractors that fail to report breaches (hill)
17. Mandia Alerted NSA on FireEye’s SolarWinds Breach
18. HILL TECH & CYBER BRIEFING: Senators Weigh Cyber Reporting Mandate
19. Lawmakers introduce bill to identify and protect critical groups from cyber threats (hill)
20. solarwinds serv (u vulnerabilities and exploits)

Updated 2021-11-04

1. Known Exploited Vulnerabilities Catalog (CISA)

Updated 2021-11-01

1. Insurance carriers scrutinize cybersecurity controls (Crain's Cleveland Business)
2. Hospital ransomware attack led to infant's death, lawsuit alleges (Healthcare IT News)
3. White House to convene 30-country cybersecurity meeting (ZDNet)
4. New Tomiris Backdoor Found Linked to Hackers Behind SolarWinds Cyberattack
5. Tomiris backdoor and its connection to Sunshuttle and Kazuar (Securelist)
6. House passes legislation to strengthen federal cybersecurity workforce (hill)
7. ‘Tomiris’ Backdoor Linked to SolarWinds Malware (tpost)
8. Nearly all third-party containers deployed in the cloud harbor known vulnerabilities (scmedia)
9. How one red team exercise averted a new SolarWinds (style attack)
10. Russia (Linked Nobelium Deploying New 'FoggyWeb' Malware)
11. Microsoft Details FoggyWeb Backdoor Used by SolarWinds Hackers (SecurityWeek.Com)
12. SolarWinds hackers Nobelium spotted using a new backdoor
13. New malware from SolarWinds attackers leaves behind a backdoor (TechRadar)
14. Microsoft warning: This malware creates a 'persistent' backdoor for hackers (ZDNet)
15. SolarWinds attackers drop 'FoggyWeb' backdoor on AD SSO servers - Security - Software (iTnews)
16. Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers
17. A multi-party data breach creates 26x the financial damage of single-party breach (Help Net Security)
18. Autodesk reveals it was targeted by Russian SolarWinds hackers | #computerhacking (#hacking - National Cyber Security News Today)
19. SolarWinds CEO talks about protecting IT in the wake of a sunburst (Fuentitech)
20. EU 'denounces' Russian malicious cyber activity aimed at member states (hill)
21. EETimes (SolarWinds Fallout: Cloud Security is the Weak Link)
22. SolarWinds CEO Says Attackers Gained Entry, Began Recon in January 2019 (Opera News)
23. Leading Cyber Officials Favor Fines Over Subpoenas to Enforce Incident Reporting (Nextgov)

Updated 2021-10-08

1. Hackers of SolarWinds stole data on U.S. sanctions policy, intelligence probes (Reuters)

Updated 2021-10-04

1. APT focus: ‘Noisy’ Russian hacking crews are among the world’s most sophisticated (The Daily Swig)

Updated 2021-10-03

1. SolarWinds CEO: Breach transparency 'painful' but necessary
2. Venafi Survey: Execs Say Companies Negligent in Protecting Security Software Build Environments Should Face Clear Consequences (bizwire)
3. The SEC gets tough on cybersecurity disclosure controls (Lexology)
4. SolarWinds Attack Spurring Additional Federal Investigations
5. Eight US investment firms fined over inadequate cyber security policies (IT PRO)
6. Autodesk reveals it was targeted by Russian SolarWinds hackers – Techtwiddle (Technology News and Kicks)
7. Industry lobbies Congress to extend notification timeline after cybersecurity incidents (hill)
8. House panel mulls mandatory disclosure bill - (FCW)
9. OMB directs agencies to increase log sharing to combat cyber incidents
10. Zero trust is not enough: The case for continuous control validation - (GCN)
11. Microsoft, Google Among Tech Giants Pledging Big Money to Cybersecurity (eSecurityPlanet)
12. An Update on Recent Major Breaches (Cyber Security Hub)
13. What’s Up With Apple: National Security, Google Pays Up, and More (24/7 Wall St.)
14. SolarWinds and the Holiday Bear Campaign: A Case Study for the Classroom (Lawfare)
15. Suing the CISO: SolarWinds Fires Back
16. Earnings are growing at SolarWinds (NYSE:SWI) but shareholders still don't like its prospects (Simply Wall St News)

Updated 2021-09-26

1. Most IT executives fear nation-state hacking tools will be used on them (IT PRO)
2. Sights and sounds of a Venus flyby
3. Microsoft touts role in meeting Biden's order to fend off major hacks on the US (ZDNet)
4. 2 million government records exposed online in 'no-fly' watchlist, researcher says (CNET)
5. Hackers Linked to SolarWinds Return With Phishing Attack, Microsoft Says | #cybersecurity (#cyberattack - National Cyber Security News Today)
6. Senators will vote for amendments to the infrastructure bill as the recess approaches.National news (Pennsylvania News Today)
7. Experts Uncover Several C&C Servers Linked to WellMess Malware (News Nation USA)
8. SolarWinds and the Challenges of Patching: Can We Ever Stop Dancing With the Devil?

Updated 2021-09-13

1. First on CNN Business: Moody's is spending $250 million to measure the risk of America's biggest companies getting hacked
2. The imperative of the U.S. government’s Zero Trust measures (Digital Journal)
3. Wide-ranging SolarWinds probe sparks fear in Corporate America - Security - Software (iTnews)
4. Exclusive: Wide-ranging SolarWinds probe sparks fear in Corporate America (Reuters)
5. Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack (News Nation USA)
6. EarthSky (Jupiter’s energy crisis solved: Auroras roast upper atmosphere)
7. Infosec Community Increasingly Concerned about SolarWinds Breach, Four Months In

Updated 2021-09-10

1. Corporate Execs Fear SEC's SolarWinds Probe Will Expose Unreported Cybersecurity Incidents - by Cynthia Brumfield (Metacurity)
2. This Week In Security: Ghoscript In Imagemagick, Solarwinds, And DHCP Shenanigans (Hackaday)
3. Exclusive: Wide-ranging SolarWinds probe sparks fear in Corporate America (CBNC)
4. SolarWinds Hack: Extensive SEC Probes Cause Terror in Enterprise America (Fuentitech)
5. SolarWinds Hack: A wide-ranging SEC investigation has triggered fear in the US corporate world (Technology Shout)
6. EXCLUSIVE- Wide-ranging SolarWinds probe sparks fear in Corporate America (Nasdaq)
7. EXCLUSIVE Wide-ranging SolarWinds probe sparks fear in Corporate America (Reuters)
8. Wide (ranging SolarWinds investigation sparks panic in U.S. business Reuters – Business Press, Business News Portal)
9. SEC Advances Broad Theory of Required Disclosures of Security Incidents
10. Congress Weighs Bills Requiring Firms to Report Cyberattacks (The Crime Report)
11. Congress May Require Some Companies to Report Cyber Attacks
12. Microsoft's $20 billion plan for cybersecurity's big spending problem
13. Lawmakers question impact of SolarWinds hack on US attorneys' offices (hill)
14. Inside the response to the massive Russian SolarWinds hack (Axios)
15. Congress seeks to compel infrastructure operators to report cyberattacks | National (union-bulletin.com)
16. Microsoft Reveals The Real Culprits Behind SolarWinds Serv-U SSH-0 Day Attack (Cyberintel Magazine)
17. SolarWinds CEO Sudhakar Ramakrishna on 2020's Massive Hack (Time)
18. Autodesk Says Company Was Targeted by SolarWinds Attackers - Latest Hacking News Today (HakTechs)
19. Autodesk Disclosed it was Targeted in SolarWinds Hack (IT Security News)
20. Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack (The Cyber Security News)
21. Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0 (Day Attack)
22. Attacks against SolarWinds Serv (U SW were possible due to the lack of ASLR mitigationSecurity Affairs)
23. A deep-dive into the SolarWinds Serv-U SSH vulnerability (Microsoft Security Blog)
24. SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy and Commerce Departments

Updated 2021-08-14

1. Senate includes over $1.9 billion for cybersecurity in infrastructure bill (hill)
2. Serendipitous double flyby of Venus provides unprecedented science opportunity | Imperial News (Imperial College London)
3. SolarWinds (NYSE:SWI) Shares Gap Down After Analyst Downgrade (MarketBeat)
4. CISA's Easterly Unveils Joint Cyber Defense Collaborative
5. Lawmakers roll out bipartisan bill to help track cyber crimes (hill)
6. DOJ states that Russians detained in SolarWinds have hacked federal prosecutors: NPR (Eminetra)
7. Bitglass Security Spotlight: Ransomware Developments, Additional SolarWinds Victims, and More Data Breaches
8. SolarWinds: Russian hackers broke into email accounts at US attorney offices
9. Microsoft blames a Chinese hacker group for the new SolarWinds attack (List23: Latest U.S. News & Breaking World News)
10. DOJ says SolarWinds hack impacted 27 US attorneys' offices (The Record by Recorded Future)
11. SolarWinds hackers accessed over two dozen federal prosecutors' offices: DOJ (hill)
12. US bids 'do svidaniya' to Russian staff at Moscow embassy
13. Justice Department says Russians hacked federal prosecutors
14. Russian hackers continue with attacks despite Biden warning | National (union-bulletin.com)
15. Russian Hackers Continue With Attacks Despite Biden Warning (Bloomberg)
16. SolarWinds releases security advisory after Microsoft discovers vulnerability (ZDNet)

Updated 2021-07-31

1. Biden to Sign Cyber Security Executive Order (nyt)
2. Podcast: Why Securing Active Directory Is a Nightmare (tpost)

Updated 2021-07-26

1. SolarWinds Corporation Loss Submission Form | Levi & Korsinsky, LLP (Securities Class Action Attorneys)
2. DHS cybersecurity chief confirmed amid fallout from another ransomware attack (News Nation USA)

Updated 2021-07-23

1. House GOP calls for Biden to sanction China over hacks
2. SolarWinds Stock Flies Higher after Completing Spin-Off (Millennial Money)
3. After failing to dissuade cyber-attacks, America looks to its friends for help (The Economist)
4. NIST Publishes 'Critical Software' Security Guidance
5. Blunt, Colleagues Introduce Bipartisan Cyber Reporting Bill Following SolarWinds and Colonial Hacks (U.S. Senator Roy Blunt of Missouri)
6. SolarWinds spins off enterprise unit into new firm, N-able (News)
7. Senators introduce bill requiring some critical groups to report cybersecurity incidents (hill)
8. New bill would make some companies report cyberattacks to government
9. SolarWinds Shares Rise, N-able Falls After Spinoff Completed (MarketWatch)
10. SolarWinds Corp. (SWI) Stock Plummets Following Announcement of Completion of Spin-Off Business (Stocks Telegraph)
11. Solarwinds Corp 2021 Current Report 8 (K)
12. SEC Reportedly Probing SolarWinds Breach (Hacking - nativenewspost)
13. Biden Administration Blames Hackers Tied to China for Microsoft Cyberattack Spree (WSJ)
14. US and allies accuse Chinese government of masterminding Microsoft Exchange cyberattack (Sports Grind Entertainment)
15. US and allies accuse China of hacking campaign
16. Cyber leaders officially join the ranks as White House grapples with remediation (Utility Dive)
17. U.S., allies say Chinese intelligence service behind massive Microsoft hack (Washington Times)
18. Biden administration to blame hackers tied to China for Microsoft cyberattack spree
19. US puts trade restrictions on six Russian organisations (IT PRO)
20. Senate appoints former NSA official as head of US cybersecurity agency (Engadget - News Nation USA)
21. Video - A Documentary on The SolarWinds Hack (MalwareTips Community)
22. Microsoft suspects hacker attacks on SolarWinds in another country

Updated 2021-07-17

1. According to Microsoft, Chinese hackers used a SolarWinds exploit to carry out attacks
2. Daily Roundup: SolarWinds Patches Critical Zero-Day Bug (Opera News)
3. Microsoft: SolarWinds cyberattack operated by hackers from China: Microsoft, IT Security News, ET CISO
4. Chinese hackers behind new SolarWinds software attack: Microsoft
5. 'Chinese hackers behind SolarWinds attack' Says Microsoft (Sentinelassam)
6. Chinese Attack Group Exploiting SolarWinds Zero Day (Decipher)
7. CVE-2021-35211 (SolarWinds Serv-U Managed File Transfer buffer overflow)
8. Microsoft links SolarWinds hacker group to China
9. SolarWinds Cyberattack: Chinese Hackers Behind SolarWinds Attack, Says Microsoft
10. SolarWinds Patches Critical Zero-Day Bug Amid Targeted Attacks (SDxCentral)
11. Chinese threat actor exploited zero-day SolarWinds (ExBulletin)
12. Chinese hackers behind SolarWinds attack: Microsoft
13. Microsoft says new SolarWinds zero-day was exploited by China (based threat actor)
14. Microsoft attributes new SolarWinds attack to a Chinese hacker group (NewsBeezer)
15. Zero (Trust Implementation Using WHOIS, IP, and DNS Data)
16. Microsoft: Chinese Hackers Use Zero-Day to Exploit SolarWinds Software (Tech Times)
17. SolarWinds Releases Patch for Active Vulnerability in Serv (U Software – Computer – News)
18. Microsoft Says SolarWinds Serv-U Zero-Day Exploited by Chinese Group (SecurityWeek.Com)
19. Chinese hacking group DEV-0322 behind Solarwinds Serv (U 0day attacksSecurity Affairs)
20. New SolarWinds vulnerability under attack: RCE in Serv (U file sharing tool)
21. SolarWinds 0-day gave Chinese hackers privileged access to customer servers (ars)
22. Microsoft links Serv-U zero-day attacks to Chinese hacking group (The Record by Recorded Future)
23. New CISA Director Confirmed, W.H. Gains Cyber-Director (tpost)
24. SolarWinds, Alerted By Microsoft, Patches Serv-U Vulnerability (MSSP Alert)
25. A New Critical SolarWinds Zero-Day Vulnerability Reported (Cyberintel Magazine)
26. SolarWinds Issues Hotfix for Zero-Day Flaw Under Active Attack (tpost)
27. SolarWinds Identifies, Patches Critical Vulnerability in Serv-U (My TechDecisions)
28. SolarWinds Zero-Day Critical New Vulnerability Under Active Attack – . (FR24 News English)
29. BreachExchange: SolarWinds Confirms New Zero (Day Flaw Under Attack)
30. SolarWinds patches sensitive Serv-U Vulnerability used in the Wild (Xiarch Solutions Private Limited)
31. SolarWinds Issues Patches in Wake of Zero (Day Attacks – Threat.Technology)
32. SolarWinds released security advisory for critical Serv-U vulnerability (Cloud7 News)
33. SolarWinds patches critical Serv-U vulnerability (July 2021) (Born's Tech and Windows World)
34. Microsoft warns SolarWinds customers that Serv-U is under attack (TechCentral.ie)
35. Remote code execution in SolarWinds Serv (U)
36. SolarWinds issues yet another emergency patch after hackers strike again (TechRadar)
37. Solarwinds Serv-U Zero-Day Vulnerability: Dataprise Defense Digest (Dataprise)
38. SolarWinds warns of ‘targeted’ breach by hackers exploiting new software flaw (MarketWatch)
39. SolarWinds releases patch for actively exploited zero (day vulnerability)
40. SolarWinds Serv-U FTP and Managed File Transfer CVE-2021-35211: What You Need to Know (Rapid7 Blog)
41. SolarWinds issues software update – one it wrote for a change (to patch hole exploited in the wild • The Register)
42. SolarWinds releases security advisory after Microsoft discovers vulnerability (ZDNet)
43. Another zero-day vulnerability in SolarWinds Serv (U product exploited by cyber criminals)
44. SolarWinds Discloses Zero (Day Under Active Attack)
45. SolarWinds says unknown hackers exploited newly discovered software flaw (Reuters)
46. Microsoft detects critical SolarWinds zero (day during active attack)
47. SolarWinds Discloses Zero-Day Under Active Attack (NewsOpener)
48. Microsoft Discovers SolarWinds Critical Zero-Day Under Active Attack (Insider Voice)
49. SolarWinds fixes critical Serv-U zero (day exploited in the wildSecurity Affairs)
50. Chris Inglis formally sworn in as national cyber director (hill)
51. Senate confirms Jen Easterly as head of U.S. cyber agency (POLITICO)
52. Rosen Leads Bipartisan Call to Provide $10 Million in Funding for Cybersecurity Education and Training (Senator Jacky Rosen)
53. Microsoft discovers critical SolarWinds zero-day under active attack (ars)
54. SolarWinds patches critical Serv (U vulnerability exploited in the wild – News Block)
55. SolarWinds patches critical Serv (U vulnerability exploited in the wild)
56. SolarWinds Trust Center Security Advisories (CVE-2021-35211)

Updated 2021-07-12

1. Microsoft Is Said to Be Buying Cybersecurity Company RiskIQ (Bloomberg)
2. U.S. Cyber Chief in Limbo During REVil Attacks Set to Start Work
3. Biden Tells Putin Russia Must Crack Down on Cybercriminals (Military.com)
4. Biden warns Putin on Russian ransomware attacks (hill)
5. Another Cybersecurity Attack: State Department in Russian Crosshairs This Time (ClearanceJobs)

Updated 2021-07-09

1. Russia (linked ‘Cozy Bear’ Hackers Breach Republican Party Computer Systems From Harlem To Harare)
2. 4 key takeaways from Biden’s Executive Order on cybersecurity (secblvd)
3. GOP allegedly hacked by APT29, known as Cozy Bear | 2021-07-08 (Security Magazine)
4. Three new security plunders: Microsoft said it’s the same group behind SolarWinds hack
5. FERC and NERC Publish Whitepaper on SolarWinds and Related Supply Chain Compromise (Akin Gump Strauss Hauer & Feld LLP - JDSupra)
6. Cyber Command lawyer calls for military operations against hackers (hill)
7. SolarWinds and Related Supply Chain Compromise
8. FERC, NERC whitepaper warns of supply (chain risk)
9. SolarWinds and Related Supply Chain Compromise (Federal Energy Regulatory Commission)
10. The fencing built around the Capitol after the Jan. 6 riot is coming down. (nyt)
11. Russian Hacker Group Cozy Bear Behind GOP Cyberattack: Reports (Tech Times)
12. Attempted to hack RNC and Russian ransomware attack test Biden (Eminetra)
13. A cyberattack on the R.N.C. was likely carried out by Russians, posing a challenge for Biden. (nyt)
14. Attempted Hack of R.N.C. and Russian Ransomware Attack Test Biden (nyt)
15. CRN
16. RNC says contractor breached in hack, GOP data secure (hill)
17. Russian hackers targeted Republican National Committee last week, reports say (The Independent)
18. Republican National Committee Hack: Russian Cozy Bear Group Breached Computers (Bloomberg)
19. Russia ‘Cozy Bear’ Breached GOP as Ransomware Attack Hit (wapo)
20. Solarwinds Serv-U 15.2.3 Share URL XSS (CVE-2021-32604) (Trustwave)
21. US, UK warn about Russia's brute force cyber campaign (Illinois News Today)
22. N-able Reveals Sales Hit From SolarWinds Hack Amid Spin (Off)

Updated 2021-07-06

1. CISA sees zero trust adoption coming into focus under cyber executive order (FRN)
2. The Hope spacecraft records the aurora borealis of Mars in the most detailed images so far (science and health)
3. SolarWinds hack exposes Denmark’s central bank (IceNews - Daily News)
4. Denmark's central bank affected by SolarWinds compromise. Notes from the underground. (Publicnewsportal)
5. Debate Heats Up as Senator Prepares to Introduce Incident-Reporting Legislation (Nextgov)
6. Understanding Zero Trust in the Cyber Executive Order for Federal Agencies (MeriTalk)
7. China Likely Outed Soon For Exchange Hacks - Breaking Defense Breaking Defense (Defense industry news, analysis and commentary)
8. The Countdown Towards Zero Trust and MFA (Infosecurity Magazine)
9. Solar Winds Hackers Continue To Cause Grief (Cyber Security Hub)
10. Microsoft Customers Warned of Targeted Scams by NOBELLIUM (Data Privacy + Cybersecurity Insider)
11. SolarWinds hackers had access to Denmark’s central bank for months
12. Microsoft admits certifying a driver loaded with rootkit malware, says 'small number' of customers compromised by SolarWinds hackers (HITBSecNews)

Updated 2021-07-01

1. Hackers Had Secret Access to Danish National Bank for Seven Months After SolarWinds Attack – Report (SGT Report)
2. NSA discloses hacking methods it says are used by Russia (The Seattle Times)
3. SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers (NY Press News)
4. SolarWinds Investigation Leads Microsoft to Another Security Breach Discovery (FindBiometrics)
5. Danish central bank denies suffering breach in SolarWinds hack (Central Banking)
6. Senators propose bill to help private sector defend against hackers (hill)
7. Danmarks Nationalbank’s comments on media reports about SolarWinds
8. Denmark’s Central Bank Compromised by SolarWinds Cyber Attack: Media Report
9. SEC Conducts Sweep Of Customers Impacted By SolarWinds Cyber Breach - Corporate/Commercial Law (United States)
10. SolarWinds hackers remained in Denmark's central bank for monthsSecurity Affairs
11. Russian hackers had months (long access to Denmark's central bank)
12. Microsoft: malicious cyber group Nobelium tried to attack entities in 36 countries (Israel Defense)
13. SolarWinds Hackers Continue Assault With a New Microsoft Breach (Forbes Alert)
14. Hackers Disguise Rootkit as Microsoft Drivers
15. Denmark's Central Bank hacked through SolarWinds vulnerability
16. Cybersecurity Survey: SolarWinds Attack Costs Impacted Enterprises On Average $ 12 Million (Fuentitech)
17. Administration to release attribution for Microsoft vulnerabilities in 'coming weeks' (hill)
18. Denmark's central bank exposed in SolarWinds hack, media report says (Reuters)
19. BreachExchange: SolarWinds hackers breach Microsoft support agent to target customers
20. The Impact of the SolarWinds Cost Companies 11% of Their Annual Revenue
21. Major Danish bank was attacked by SolarWinds (NewsLine)
22. Denmark's central bank exposed in SolarWinds hack, media report says
23. Nobelium, After SolarWinds, Has Now Hit Microsoft (Cyberintel Magazine)
24. Details of basic customers attacked by Microsoft support agents and SolarWinds attackers (Fuentitech)
25. SolarWinds hack: Microsoft says new breach discovered during SolarWinds hack probe (The Economic Times)
26. Microsoft Signed Malware That Spreads Through Gaming (tpost)
27. Microsoft uncovers new breach while investigating SolarWinds hackers, Digital News (AsiaOne)
28. The SolarWinds hackers are attacking again. (Aluria Tech)
29. Microsoft customer support hacked in new campaign by APT29
30. Investigating and Mitigating Malicious Drivers (Microsoft Security Response Center)
31. Microsoft accidentally approved malware that could spy on Windows users
32. Lawmaker, Tech Companies Clash on Software Transparency Requirements (Nextgov)
33. IT services firms shoulder undue amount of security risk
34. Microsoft Tracks Attack Campaign Against Customer ...
35. Bipartisan Bill Aims to Strengthen Federal Cyber Workforce (MeriTalk)
36. Microsoft support agent and some basic customer details hit by SolarWinds attackers (ZDNet)
37. Hassan, Cornyn float bill to create new federal cybersecurity training programs - (FCW)
38. Russian hackers breached Microsoft customer support to try phishing targets in 36 countries
39. Cybersecurity study: SolarWinds attack cost affected companies an average of $12 million (TechRepublic)
40. Microsoft’s customer support targeted by SolarWinds hackers
41. Microsoft Discovers New Attacks by SolarWinds Group, Including One Against Its Own Agent - by Cynthia Brumfield (Metacurity)
42. Microsoft says hackers who compromised SolarWinds breached three new victims
43.  New Research Finds the SolarWinds Cyber Attack Cost Affected Companies in Key Sectors 11% of Total Annual Revenue on Average
44. Cybersecurity study: SolarWinds attack cost affected companies an average of $12 million (TechRepublic)
45. SolarWinds hackers attack Microsoft, shocking security analysts (Techzine Europe)
46. Microsoft says new breach discovered in probe of suspected SolarWinds hackers (The Star Phoenix)
47. Microsoft says new breach discovered in probe of suspected SolarWinds hackers (Regina Leader Post)
48. Microsoft (NASDAQ:MSFT) customers compromised in a cyberattack
49. Microsoft support agent and some basic customer details hit by SolarWinds attackers (ZDNet)
50. SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers (The Cyber Security News)
51. Microsoft says new breach was discovered in probe by suspected SolarWinds hackers by Reuters (My Blog)
52. Microsoft says its own customer support tools were compromised by SolarWinds hackers (TechNewsBoy.com)
53. SolarWinds hackers breach new victims, including a Microsoft support agent (HITBSecNews)
54. Microsoft Says SolarWinds Hackers Attacked Three in New Breach (usnewsmail)
55. SolarWinds hackers break into new victims, including Microsoft support agents (Fuentitech)
56. SolarWinds Hackers Accessed Microsoft Customer Service Tools (Teller Report)
57. Microsoft Corporation (NASDAQ:MSFT) - Microsoft Says Its Customer Support Tools, Users' Information Were Exploited By The Hackers Behind SolarWinds (Benzinga)
58. SolarWinds clients say they will face an investigation from the USSEC over disclosure of cyber breaches (Fuentitech)
59. Microsoft says a new breach was discovered in a suspected investigation into SolarWinds hackers (India News Republic)
60. Microsoft admits to signing rootkit malware in supply-chain fiasco (Business Standard News)
61. SolarWinds hackers attack new victims, including Microsoft support agent – . (FR24 News English)
62. SolarWinds hackers breach new victims, including a Microsoft support agent – Ars Technica (Million Dollar Business Blog)
63. SolarWinds Hackers Breach New Victims, Including Microsoft Support Agent (Salesground)
64. SolarWinds hackers breach new victims, together with a Microsoft help agent (EAUC News)
65. SEC FORM 3
66. Microsoft claims its own customer support tools have been compromised by SolarWinds hackers – . (FR24 News English)
67. Microsoft says new breach discovered in probe of suspected SolarWinds hackers (Netscape Money & Business)
68. Microsoft Discloses New Customer Hack Linked to SolarWinds Cyberattackers (WSJ)
69. SolarWinds hackers breach new victims, including a Microsoft support agent (ars)
70. Microsoft: Russia (linked SolarWinds hackers breached three new entitiesSecurity Affairs)
71. Microsoft reports previously undetected security breach while investigating SolarWinds hack — RT USA News
72. Microsoft says its own customer support tools were compromised by SolarWinds hackers (Sports Grind Entertainment)
73. SolarWinds backdoor gang pwns Microsoft support agent to turn sights on customers (Register)
74. Senators propose bill to help tackle cybersecurity workforce shortage (hill)
75. SolarWinds : Cyberattack Generates Recent Widespread SEC Enforcement Requests (MarketScreener)
76. Microsoft says its own customer support tools were compromised by SolarWinds hackers (Verge)
77. Bipartisan Legislation Would Establish Cybersecurity Literacy Campaign
78. Microsoft says SolarWinds hacking group has breached three new victims (The Record by Recorded Future)
79. Microsoft says new breach discovered in probe of suspected SolarWinds hackers (Reuters)
80. SEC Conducts Sweep of Customers Impacted by SolarWinds Cyber Breach (Securities Litigation and Regulatory Enforcement)

Updated 2021-06-30

1. SolarWinds hackers had access to Denmark's central bank for 7 months, report says (CyberScoop)

Updated 2021-06-25

1. SEC “Sweep” of Public Companies’ & Registrants’ Responses to the SolarWinds Cyberbreach (Faegre Drinker Biddle & Reath LLP - JDSupra)
2. SEC Reportedly Investigating SolarWinds Disruption (Breaking into - The Rv Article)
3. SEC “Sweep” of Public Companies’ & Registrants’ Responses to the SolarWinds Cyberbreach
4. SolarWinds Cyberattack Generates Recent Widespread SEC Enforcement Requests (Troutman Pepper - JDSupra)
5. SEC.gov (In the Matter of Certain Cybersecurity-Related Events (HO-14225) FAQs)
6. Open Source Security: Google Has New Plans to Stop Software Supply Chain Attacks (Texas News Today)
7. Key Lawmaker Calls on Pentagon Leadership to Act on Cyber Certification Program (Nextgov)
8. CMMC: The Dramatic Year of the Pentagon’s Contractor Cybersecurity Program (Nextgov)
9. House lawmakers introduce bill to increase American awareness of cyber threats (hill)
10. Energy wants $201 million to bolster cybersecurity in wake of attacks
11. US SEC probing clients of SolarWinds over cyber (breach)
12. The SEC is reportedly investigating SolarWinds breaches (Hacking - Fuentitech)
13. Federal Agencies Could Have Neutralized SolarWinds Breach, CISA Says
14. SEC Reportedly Probing SolarWinds Breach (Hacking - newsbinding)
15. CISA believes SolarWinds attack could have been prevented with simple countermeasures (Cyber Reports Cybersecurity News & Information)
16. Recent SEC Enforcement Requests Related to SolarWinds Cyberattack (Skadden, Arps, Slate, Meagher & Flom LLP - JDSupra)
17. Did Companies Fail to Disclose Being Affected by SolarWinds Breach? (The Cyber Post)
18. CISA: No organization in the public or private sector could’ve prevented SolarWinds breach (FRN)
19. CISA believes SolarWinds attack could have been prevented with simple countermeasures | 2021-06-23 (Security Magazine)
20. SEC Reportedly Probing SolarWinds Breach | Hacking (TechNewsWorld)
21. CISA: Firewall Rules Could Have Blunted SolarWinds Malware
22. SEC Investigates If Companies Did Not Disclose Effects of SolarWinds Cyber ​​Breach (UK Time News)
23. SolarWinds customers asked to face investigation from US SEC over cyber breach disclosure (Indian Lekhak)
24. Politics: Cyber agency says SolarWinds hack could have been deterred by simple security measures - PressFrom (US)
25. Total Solar Eclipses Shed Light on the Temperature of Solar Winds and Sun's Corona (Science Times)
26. US SEC Investigates SolarWinds Clients for Cyber ​​Breach: Report (Economy and Business News - Insider Voice)
27. The US Securities and Exchange Commission is investigating SolarWinds clients for hacking detection - Sources by Reuters (Asia Pacific Live Update)
28. Hillicon Valley: Cyber agency says SolarWinds hack could have been deterred | Civil rights groups urge lawmakers to crack down on Amazon's 'dangerous' worker surveillance (Manchin-led committee puts forth sprawling energy infrastructure proposal - The Ne)
29. Could better cyber hygiene have prevented the SolarWinds attack?
30. SolarWinds Clients Said to Face US SEC Probe Over Cyberattack Disclosures (News Update)
31. SolarWinds hackers could have been waylaid by simple countermeasure – U.S. officials (102.5 Duke FM)
32. US SEC investigates SolarWinds clients over cyber breach disclosures (The Cyber Security News)
33. U.S. SEC has begun probe of cyber breach by SolarWinds – sources
34. Rethinking US Federal network defenses. Mandatory reporting laws. International CyberCrime Prevention Act, RICO, and money laundering.
35. US SEC investigates SolarWinds clients over cyber breach disclosures (IT PRO)
36. Government-mandated SBOMs to throw light on software supply chain security (CSO Online)
37. The Cybersecurity 202: Defense contractors are yet another sector highly vulnerable to hacking, study finds (wapo)
38. SolarWinds hackers may have been thwarted by simple security measures, officials say (Fuentitech)
39. SolarWinds Hackers Could Have Been Waylaid by Simple Countermeasure -US Officials - Latest Tweet by Reuters (LatestLY)
40. Software bills of materials (SBOM) could help improve cybersecurity (CNX Software)
41. Mandatory Cyber Reporting Within 24 Hours: Sen. Warner Bill - Breaking Defense Breaking Defense (Defense industry news, analysis and commentary)
42. Cyber agency says SolarWinds hack could have been deterred by simple security measures
43. ‎World Business Report: Update: US authorities open probe into SolarWinds' cyber breach on Apple Podcasts
44. U.S. SEC probing SolarWinds clients over cyber breach disclosures -sources (Reuters)
45. US SEC Requests Information from SolarWinds Customers in Cyber ​​Attack Investigation (RB Tech Inc)
46. SolarWinds’ Breach Disclosures Being Painstakingly Examined by U.S. SEC (Byte News)
47. U.S. SEC probing SolarWinds clients over cyber breach disclosures (sources)
48. U.S. SEC seeks information from SolarWinds clients in cyber breach probe (Regina Leader Post)
49. Hillicon Valley: Cyber agency says SolarWinds hack could have been deterred | Civil rights groups urge lawmakers to crack down on Amazon's 'dangerous' worker surveillance | Manchin-led committee puts forth sprawling energy infrastructure proposal (TheHil)
50. US Seizes Domains Used by SolarWinds Hackers in Cyber Espionage Attacks (News Nation USA)

Updated 2021-06-23

1. SP 800-216 (Draft), Recommendations for Federal Vulnerability Disclosure Guidelines (CSRC)
2. SEC still digging into SolarWinds fallout, nudges undeclared victims (Register)

Updated 2021-06-21

1. SolarWinds hackers could have been waylaid by simple countermeasure -US officials (Reuters)
2. SEC Investigating Companies’ Handling of SolarWinds Attack (Bloomberg)
3. US SEC officials say government agencies have begun investigating SolarWinds cyber infringement (Texas News Today)
4. U.S. SEC probing SolarWinds clients over cyber breach disclosures -sources (Reuters)
5. Biden’s executive order on cybersecurity should include behavior transparency (TechCrunch)
6. Jake Sullivan: U.S. preparing more sanctions for Russia
7. SolarWinds hackers could have been waylaid by simple countermeasure -US officials (National Post)

Updated 2021-06-20

1. Cybersecurity Rule Could Prompt DoD Supplier Fallout (EE Times)

Updated 2021-06-19

1. Senators Draft a Federal Breach Notification Bill
2. Google’s latest framework aims to prevent SolarWinds (like supply chain attacks)
3. The Cybersecurity 202: The race is on to make hacked companies more accountable to government. (wapo)
4. Systemic cyberattacks trigger response from insurers (Insurance Business)
5. Cybersecurity Rule Could Prompt DoD Supplier Fallout (EE Times)
6. Google dishes out homemade SLSA, a recipe to thwart software supply (chain attacks • The Register)
7. Critical cyber targets: You can't touch this (again), Biden tells Putin
8. Binary Authorization for Borg: how Google verifies code provenance and implements code identity
9. Open-source security: Google has a new plan to stop software supply chain attacks (ZDNet)
10. Senate confirms first White House cyber director
11. Senate bill proposes requiring cyber incident notification to feds within 24 hours (CyberScoop)
12. SolarWinds response team recounts early days of attack
13. What Microsoft officials know about Russian phishing hacks aimed at USAID (Illinois News Today)
14. Britain blames Putin's spies for massive SolarWinds cyber attack (Daily Mail Online)

Updated 2021-06-17

1. Microsoft's CISO: Why we're trying to banish passwords forever (ZDNet)
2. Tonya Ugoretz: FBI Needs Industry Cooperation to Address Cyber Incidents
3. Is an Attacker Living Off Your Land?
4. NSA cyber director discusses US response, approach to apparent espionage operation
5. Cyber EO May Move Software Supply Chain Security From Neutral to Highway Speed (MeriTalk)
6. SolarWinds hackers are attempting phishing attacks targeting 150 organizations, Microsoft said. (Illinois News Today)

Updated 2021-06-16

1. How FireEye attributed the SolarWinds hacking campaign to Russian spies (CyberScoop)
2. Biden Signs Executive Order Intended to Improve the Federal Government's Cybersecurity (Troutman Pepper - JDSupra)
3. Federal CISO forecasts one of toughest tasks in sweeping Biden cyber executive order
4. A New Kind of Trust Root. Announcing the Sigstore Root Key… | by Dan Lorenc | Jun, 2021 (sigstore)
5. How LF communities enable security measures required by the US Executive Order on Cybersecurity (Linux Foundation)
6. Cyber EO response will involve leaders from every agency, Federal CISO says (FedScoop)
7. Federal Register :: Software Bill of Materials Elements and Considerations
8. Preventing Supply Chain Attacks like SolarWinds (Linux Foundation)

Updated 2021-06-15

1. Bank of America spends over $1 billion per year on cybersecurity
2. DHS poised to remake federal hiring in September to confront cybersecurity gap - (FCW)
3. Key Senator Wants Biden to Raise SolarWinds in International Negotiations (Nextgov)
4. Cyber ​​regulation could come after a series of hacks and ransomware attacks (Voice of America - Texas News Today)
5. Federal cyber spending to drive an M&A surge, analyst says (Washington Business Journal)
6. Biden Signs Executive Order Aimed at Improving the Federal Government’s Cybersecurity (Troutman Pepper - JDSupra)
7. Notification no (nos: What to avoid when alerting customers of a breach)
8. Form DEF 14C SolarWinds Corp For: Jun 11
9. Solarwinds Corp 2021 Definitive information statements DEF 14C

Updated 2021-06-11

1. DOJ Seizes Millions in Ransom Paid to Colonial Pipeline Hackers (Kramer Levin Naftalis & Frankel LLP - JDSupra)
2. How Attackers Exploit Active Directory: Lessons Learned from High-Profile Breaches (secblvd)
3. Understanding the Biden Administration’s Cybersecurity Executive Order (ABA Banking Journal)
4. We Already Know How to Stop SolarWinds (Like Hacks)
5. Time (lapse Video and Photos of Michigan's 2021 Solar Eclipse)
6. Sen. Warner teases bipartisan bill requiring some companies to report cyberattacks
7. Biden moves closer to filling critical cyber roles as administra (WENY News)
8. US Cyber Command wants more money for network defense

Updated 2021-06-10

1. Consolidated Complaint for Violations of the Federal Securities Laws
2. SolarWinds Corporation (Bernstein Litowitz Berger & Grossmann LLP)

Updated 2021-06-08

1. CISA launches platform to let hackers report security bugs to US federal agencies (TechCrunch)
2. Zero Trust is the Only Way: President Biden’s Executive Order Simplified (secblvd)
3. DOJ recovers most of ransom Colonial Pipeline paid to DarkSide hackers | News (coloradopolitics.com)
4. Security clearance demands are exploding and government must keep up - (FCW)
5. Russian SolarWinds hackers have launched a new campaign using their USAID email address, Microsoft said. (Illinois News Today)
6. SolarWinds lawsuit claims private equity owners ‘sacrificed cybersecurity to boost short-term profits’ (The Open Security)
7. FireEye CEO Kevin Mandia On Ransomware: Businesses Must ‘Try To Reduce The Blast Radius’ Of Attacks
8. FireEye CEO: 'We are getting sucker (punched in cyberspace')
9. SolarWinds lawsuit expands to include private equity owners
10. Biden prepping cybersecurity executive order in response to SolarWinds attack

Updated 2021-06-07

1. America must repel and punish cyber-attackers | Editorials (mtexpress.com)
2. Energy secretary backs ban on ransomware payments: 'You are encouraging the bad actors'
3. India's Cybersecurity Breach Reporting Law: Time for an Overhaul? (Illinois News Today)
4. Strengthening US Cybersecurity: Impacts of the Executive Order (NAVEX Global - JDSupra)
5. Meatpacking giant JBS believes Russia behind hack that hit plants - Raw Story (Celebrating 17 Years of Independent Journalism)

Updated 2021-06-04

1. New Executive Order Issued on Improving Nation’s Cybersecurity (Lexology)
2. Biden Warns Businesses of Increased Cybersecurity Threat
3. Russia's Nobelium uses USAID's email system for hacking, according to Microsoft (Illinois News Today)
4. Biden weighs direct action against Russian targets following cyberattacks (WHAM)
5. will over solarwinds latest massive phishing

Updated 2021-06-02

1. U.S. seizes domains used in USAID hack (UPI)
2. US SolarWinds hackers seize domains used in cyber espionage attacks (Jioforme)
3. SolarWind Attackers Launch New Wave Of Phishing Attacks
4. Cyberattack On World's Biggest Meat Company 'Likely Based In Russia'
5. SolarWinds lawsuit claims private equity owners ‘sacrificed cybersecurity to boost short-term profits’ (The Cyber Security News)
6. Senate Hearing Considers CMMC, and Ability to Stop a SolarWinds-Type Attack (PubKGroup)
7. Feds seize two domains used by SolarWinds intruders for malware spear (phishing op • The Register)
8. US seizes 2 domain names used in cyberespionage campaign (The Seattle Times)
9. Justice Department seizes domains used in Nobelium-USAID phishing campaign (ZDNet)
10. NobleBaron (New Poisoned Installers Could Be Used In Supply Chain Attacks - SentinelLabs)
11. Poisoned Installers Found in SolarWinds Hackers Toolkit (Flizzyy News)
12. SolarWinds Threat Actors Behind New Email Attack Campaign
13. Meatpacking giant JBS hit by cyberattack; believes Russia involved
14. Here Are Some Of The Major Hacks The U.S. Blamed On Russia In The Last Year
15. Cybersecurity for U.S. critical infrastructure a ‘national (security imperative,’ NSC official says – Urgent Comms)
16. SolarWinds Attackers Launch New Wave Of Nobelium Attacks - Malware News (Malware Analysis, News and Indicators)
17. New Wave of Phishing Attacks: SolarWinds Hackers Target Government and NGOs
18. New sophisticated email-based attack from NOBELIUM (MS Security)

Updated 2021-06-01

1. U.S. seizes two domains used in cyberattacks that mimicked USAID communications (Nasdaq)
2. JBS cyber attack: 1/5 of beef production wiped out in massive hack (Axios)
3. SolarWinds hackers launch phishing attack - (GCN)
4. Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber
5. Cyberattacks on Companies' IP Threaten the Global Order (Barron's)
6. The Line in the Sand: How We Respond Today Impacts Our Security Tomorrow (secblvd)
7. GISEC 2021: SolarWinds CEO to deliver a keynote address titled SolarWinds: Secure by Design on June 2 (Enterprise Channels MEA)
8. Biden's $6T budget includes cybersecurity, broadband infrastructure (Healthcare IT News)
9. New breach by hackers behind SolarWinds 'mostly unsuccessful', says Microsoft (Secure books)
10. Russian SolarWinds Hacker Launches New Phishing Campaign-Security (Illinois News Today)
11. How SolarWinds Hackers ‘Nobelium’ Used Constant Contact in Mass Phishing Campaign
12. Russian hackers of SolarWinds back on the attack
13. US Proposes $750m For Federal SolarWinds Response (IT Security News)
14. Nobelium: The SolarWinds Hackers is Back With Another Cyber Attack (secblvd)
15. Solarwinds: 150 companies massively targeted by APT29
16. SolarWinds Engineer's Toolset vs. Splunk Enterprise vs. Terabit Security Comparison
17. SolarWinds Attack Ongoing U.S. Sets Aside $750 Million to Respond   (USA Herald)
18. Another Nobelium Cyberattack (Microsoft On the Issues)
19. SolarWinds Hackers Return, Launch Phishing Campaign Using Compromised Account of US Foreign Aid Agency (CPO Magazine)
20. Fireeyye - [Report] M (Trends 2021)

Updated 2021-05-31

1. Implications Of Russian Solarwinds Hackers New Email Attack On Government Agencies (Information Security Buzz)
2. SolarWinds Hackers Have Not Returned, They Have Never Been Removed (J99news)
3. Keith Alexander Warns About Cyberattacks Linked to Russia
4. The SolarWinds hackers aren’t back—they never went away (ars)
5. Gen. Alexander Says Russian Cyber Attacks Escalating, 'More Blatant' (Newsmax.com)
6. Gen. Alexander Says Russian Cyber Attacks Escalating, ‘More Blatant’ (News Talk WBAP-AM)
7. Microsoft warns that Russian hackers used US agency to mount huge cyberattack (CNET)
8. Hackers are using Trump’s election fraud conspiracy to break into U.S. government agencies
9. SolarWinds attacker Nobelium targets over 150 companies in new mass email campaign (CSO Online)
10. Kremlin says has no information on U.S. cyber attack, directs questions to Microsoft (The Star Phoenix)
11. SolarWinds hackers using NativeZone backdoor against 24 countries
12. Russian Hackers Of SolarWinds Back On The Attack
13. MSFT warns group behind SolarWinds cyberattack's returned to target over 150 organizations
14. Khanna, Mace introduce bill to strengthen federal cyber workforce following major hacks (hill)
15. New York And Illinois Regulators Recommend Third Party Cybersecurity Review For Specific Vulnerabilities - Technology (United States)
16. Microsoft says SolarWinds hackers have struck again at the US and other countries (CNN)
17. Microsoft says group behind SolarWinds hack now targetting government agencies, NGOs (Regina Leader Post)
18. SolarWinds hackers are at it again, targeting 150 organizations, Microsoft warns
19. Russian gang behind SolarWinds hack returns with phishing attack disguised as mail from US aid agency (Register)
20. Microsoft: SolarWinds hackers target 150 orgs with phishing | Govt. & Politics (yorknewstimes.com)
21. Microsoft says group behind SolarWinds hack now targeting government agencies, NGOs (Reuters)
22. SolarWinds hack: Microsoft says SolarWinds hackers now targeting US agencies, NGOs (The Economic Times)
23. Microsoft: SolarWinds hackers target 150 orgs with phishing
24. Microsoft Catches NOBELIUM's Email Malware Plans, Also Known for its Part in SolarWinds' Attack (Tech Times)
25. SolarWinds attacker Nobelium targets almost 3,000 emails (ARN)
26. Microsoft Says SolarWinds Hackers Are Back, USAID Breached
27. Biden’s Cybersecurity EO: The Wrong Issues (tpost)
28. SolarWinds prevention, avoiding a cyber security disaster (CyberTalk)
29. Microsoft has discovered yet more SolarWinds malware | #microsoft | #hacking (#cybersecurity - National Cyber Security News Today)
30. Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach | #microsoft | #hacking (#cybersecurity - National Cyber Security News Today)
31. US agencies lack supply chain best practices post (SolarWinds)
32. (16) Dimon: Cyberattacks are getting worse. DC must do more
33. Written Sttement of jamie Dimon to Senate Banking Committee
34. Hackers targeted SolarWinds faster than previously known (Florida News Times)
35. 14 Alternatives To SolarWinds Network Bandwidth Analyzer, Pros, Cons & Questions (Hackers Pad)
36. FireEye Mandiant M (Trends 2021 report)
37. Annual FireEye Mandiant M (Trends Report Reveals Global Statistics and Insights From Hundreds of Diverse Intrusions)

Updated 2021-05-26

1. White House taps Matt Olsen, Uber security boss and former NSA lawyer, to lead key DOJ division
2. SolarWinds hack 'a big wakeup call,' NASA's human spaceflight chief says (Space)
3. SolarWinds, Exchange attacks revive calls for mandatory breach notification, better information sharing (R Street)
4. VIDEO: Congress Holds Joint Hearing On SolarWinds Hack And Cybersecurity (LiveTube)
5. DoJ, FBI, IC reviewing supply chain threats posed by Russian companies (FRN)
6. United States House of Representatives : Chairman Foster Opening Statement for Hearing on SolarWinds and Improving the Cybersecurity of Software Supply Chains
7. Turn the Tables: Supply Chain Defense Needs Some ...
8. It's Time for Congress to Push Companies to Come Forward on Hacks (Just Security)
9. Colonial ransomware hack spurs first-ever cybersecurity regulations for pipeline industry (wapo)
10. Biden urged by tech firms to embrace commercial software

Updated 2021-05-24

1. 'Early recon activities' for SolarWinds hack may have started in early 2019 ⋅ Windows Global

Updated 2021-05-23

1. Cybersecurity Legal Task Force

Updated 2021-05-22

1. SolarWinds CEO: Hackers Were Doing "Early Recon" As Early As January 2019 (My TechDecisions)
2. Veterans Affairs says no evidence of data loss from SolarWinds hack (FRN)
3. Solar Storm Coming to Earth at 2.1 Million km per Hour: How Dangerous Is It? (Nature World News)
4. SimuLand: Understand adversary tradecraft and improve detection strategies (MS Security)
5. Hackers targeted SolarWinds earlier than previously known (Arab News)
6. The UK’s Approach to Russian Cyber Operations Shows No Signs of Changing (RUSI)
7. N-able Announces New Chief Security Officer and General Counsel to Its Executive Leadership Team (N-able)
8. President Biden Announces Sweeping New Cybersecurity Reforms (Pillsbury Winthrop Shaw Pittman LLP - JDSupra)
9. SolarWinds hackers had earlier access than previously thought; Russia denies role (Seeking Alpha)
10. CMMC is not as scary as you think (secblvd)
11. The 3 elements of a sound threat intelligence program (TechRepublic)
12. SolarWinds hack: Nation-state attackers could have launched supply chain attack nine months before previously thought (The Daily Swig)
13. What to do? GSA cyber advisor offers tips on supply chain risk management. (scmedia)
14. CISA and NIST Guidance on Software Supply Chain Attacks
15. Hackers targeted SolarWinds earlier than previously known (Inside Telecom)
16. New Bill Proposes that Americans Should Be Able to Sue Foreign Hackers (Faegre Drinker Biddle & Reath LLP - JDSupra)
17. Hackers targeted SolarWinds earlier than previously known (Arab News PK)
18. CrowdStrike breaks down 'Golden SAML' attack
19. 12 Lessons Learned From The SolarWinds Breach: RSA Conference
20. How to Avoid Another Cybersecurity Disaster Like SolarWinds
21. How 2 New Executive Orders May Reshape ...
22. SolarWinds CEO extends hack timeline, rethinks intern blame (Cybersecurity Dive)
23. Hackers targeted SolarWinds earlier than previously known
24. Dave MacKinnon takes over as CSO of N-able (formerly SolarWinds MSP) | 2021-05-21 (Security Magazine)
25. SECURITY ALERT - SolarWinds CEO: Attack Began Much Earlier Than Previously Thought (MalwareTips Community)
26. SolarWinds CEO Apologizes For Blaming An Intern
27. Hackers targeted SolarWinds earlier than previously known
28. Hackers Targeted Solarwinds Earlier than Previously Known (VOA)
29. UPDATE 1 (SolarWinds CEO says hackers may have struck months earlier than thought)
30. Is it time to test the limits -- and potential -- of expanding CMMC? - (Defense Systems)
31. SolarWinds CEO: Attack Began Much Earlier Than Previously Thought (NewsOpener)
32. Hackers targeted SolarWinds earlier than previously known (WDHN - DothanFirst.com)
33. Would CMMC compliance block a SolarWinds-style attack? - (FCW)
34. Parsing Biden’s Cybersecurity Order (secblvd)
35. Senate Homeland Security and Governmental Affairs Hearing on Cybersecurity (UPI)
36. Plurilock Issues Statement Following U.S. Executive Order to Increase Cybersecurity Defenses

Updated 2021-05-20

1. To avoid insider threats, security strategies call for behavioral profiling and anomaly comparison | 2021-05-20 (Security Magazine)
2. The Negligence behind the Colonial Pipeline Hack | Business (stltoday.com)
3. House Panel Passes Bill to Explore Bringing State and Local Cybersecurity Workers into CISA (Nextgov)
4. President Biden's Executive Order to Improve Cybersecurity Issued (King & Spalding - JDSupra)
5. SolarWinds: A Harbinger For a National Data Breach Reporting Law (Decipher)
6. President Biden’s Recent Cybersecurity Executive Order Will Increase Compliance Obligations on the Private Sector (Lexology)
7. President Biden’s Cybersecurity Order Takes Security Seriously (Lowndes - JDSupra)
8. SolarWinds CEO says hackers may have struck months earlier than thought (Reuters)
9. #RSAC: SolarWinds CEO Provides New Details into Attack and Response (The Cyber Security News)
10. #RSAC: SolarWinds CEO Provides new details on attack and response (Jioforme)
11. SolarWinds: The Detailed Account of the Incident Response (RSA)
12. SolarWinds CEO says hackers may have struck months earlier than thought (Nasdaq)
13. SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern
14. SolarWinds CEO apologizes for blaming an intern, says attack may have started in January 2019 (The Record by Recorded Future)
15. SolarWinds CEO says hackers may have struck months earlier ...
16. CEO: SolarWinds Attack Dates Back to at Least January 2019 (PCMag)
17. How CISA limited the impact of the SolarWinds attack (FRN)
18. Biden calls for $22 billion in cyber security funding (IT PRO)
19. SolarWinds CEO says hackers may have struck in January 2019, months earlier than thought (Reuters)
20. Microsoft Corporation (NASDAQ:MSFT), Solarwinds, Inc. (NYSE:SWI) - Biden Administration Prioritizes Cybersecurity Funding Following Multiple Hacks (Benzinga)

Updated 2021-05-19

1. Biden EO Has Teeth, But May Prove Difficult to Implement (secblvd)
2. Biden administration eyes cybersecurity funding after hacks
3. #RSAC: Anne Neuberger Sets Out Biden Administration’s Plan to Modernize US Cyber-defenses (Infosecurity Magazine)
4. Legislation to secure critical systems against cyberattacks moves forward in the House (hill)
5. Gibson Dunn (President Biden Issues Executive Order to Enhance U.S. Cybersecurity in the Wake of Major Cyber Incidents)
6. False Claims Act is a Weapon against Breaches and Whistlenlowers
7. Nearly 40 defense companies were impacted in SolarWinds breach (FedScoop)
8. CISA Issues Guidance on Evicting Adversaries from Networks Following SolarWinds Attacks
9. Biden Proposes Billions for Cybersecurity After Wave of Attacks (Regina Leader Post)
10. CISA’s EINSTEIN had a chance to be great, but it’s more than good enough (FRN)
11. Cyber Defense Isn't a Niche Issue Anymore (Bloomberg)
12. CISA releases Eviction Guidance for SolarWinds, Microsoft O365 compromises
13. Biden administration eyes cybersecurity funding after attacks | The Mighty 790 KFGO (KFGO)
14. Cybersecurity for All: President Biden Issues Sweeping Cybersecurity Executive Order (Holland & Knight LLP - JDSupra)

Updated 2021-05-18

1. Russian spy chief denies SVR was behind Solarwinds cyber ...
2. Zero trust moves from vision to reality - (GCN)
3. Can NTSB-style oversight work for cybersecurity? - (FCW)
4. CISA: Disconnect Internet for 3-5 Days to Evict SolarWinds Hackers From Network (SecurityWeek.Com)
5. Russia Sanctioned For Role In SolarWinds Supply Chain Attack - Technology (United States)
6. CISA releases Eviction Guidance for SolarWinds Orion, Microsoft Office365 users (Industrial Cyber)
7. Biden Administration Issues Cybersecurity Executive Order
8. Voyager 1 discovers faint plasma 'hum' in interstellar space (Space)
9. Biden's cyber order lays foundation for securing government - (Defense Systems)
10. SolarWinds breach exposes hybrid multicloud security weaknesses (Public News)
11. DOD Zero Trust Reference Architecture
12. Solarwinds : Security vulnerabilities

Updated 2021-05-17

1. CISA Eviction Guide for SolarWinds, Microsoft O365 Compromises
2. How Hackers Infiltrated U.S. Government Servers Through A Texas (Based Company)
3. 1 - Unpacking the SolarWinds Breach: Now What? | Infrastructure Anywhere: A Podcast Series from CPP Associates | Podcasts on Audible (Audible.com)
4. Subscribe to read (FT)

Updated 2021-05-16

1. SolarWinds breach exposes hybrid multicloud security weaknesses (DNyuz)
2. The SolarWinds and Zero Trust Conversation You've Been Waiting For | The Well Aware Security Show | Podcasts on Audible (Audible.com)
3. President Biden pens Executive Order to boost US cybersecurity
4. SolarWinds breach exposes hybrid multicloud security weaknesses (VentureBeat)
5. National Cyber Defense Is a "Wicked" Problem: Why the Colonial Pipeline Ransomware Attack and the SolarWinds Hack Were All but Inevitable
6. Biden issues order to strengthen nationwide cyber defenses
7. Congress to Speed up Efforts on Pushing out Hack Reporting Law (KMJ-AF1)
8. UK and US confirm Russian responsibility for SolarWinds attack - Industry (update.com)
9. Why the Colonial Pipeline Ransomware Attack and the SolarWinds Hack Were All but Inevitable (California News Times)

Updated 2021-05-15

1. Security News in Review: Biden Administration Aims to Disrupt Ransomware Gangs (secblvd)
2. In EO, federal security provides impetus for far reaching cyber implications
3. Former head of U.S. cybersecurity Christopher Krebs on “The Takeout” - 5/14/2021 (CBS News)
4. President Biden outlines new software policy following recent cyberattacks (TechRadar)
5. Cybersecurity: Why the new White House executive order is a major turning point (Fortune)
6. Cybersecurity Executive Order: Can automation fix the nation’s misconfiguration problem? (secblvd)
7. White House cybersecurity order lands with a plea for private sector help (Utility Dive)
8. Biden signs executive order to bolster US cyber security following pipeline attack
9. Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise: Risk decisions for Leaders
10. Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise (CISA)
11. CISA Publishes Eviction Guidance for Networks Affected by SolarWinds and AD/M365 Compromise (CISA)
12. Opinion: Agencies Need More Reliable Authentication To De-Weaponize Stolen Data During SolarWinds Breach (Potomac Officers Club)
13. Responding With Strength To The SolarWinds Attack - Technology (United States)
14. Former CISA chief says Biden order on cybersecurity is "dramatic game change" (CBS News)
15. iTWire (New cyber rules will be judged by their efficacy: Tenable chief)
16. US sanctions 10 Pakistani individuals and companies for meddling in 2020 presidential election - World (Business Recorder)
17. Biden's Cybersecurity Order Likely To Reach Beyond Gov't (Law360)
18. Linux and open-source communities rise to Biden's cybersecurity challenge (ZDNet)
19. Microsoft Could Get $150 Million in US Cyber Spending Despite Recent Hacks (English Bulletin)
20. Lawmakers introduce bill to protect critical infrastructure against cyberattacks (hill)
21. Biden signs executive order to modernize cyberdefenses
22. Biden Takes Executive Action to Strengthen National Cybersecurity, Secure Supply Chains
23. Joe Biden Signs Executive Order to Boost Cybersecurity
24. Biden Order Aims To Tighten Software Security Practices - (Redmondmag.com)
25. Cyber EO lays a foundation for securing government - (GCN)
26. Supply Chain Cybersecurity Risks: What the SolarWinds Breach Should Teach Us (BTB Security)
27. The politics and policy of SolarWinds (CSO Online)
28. President Biden signs cybersecurity executive order (SD Times)
29. Biden's Cybersecurity Order Benefits CrowdStrike, Dragos: Experts
30. Biden Says Gov't To Disrupt Pipeline Ransomware Hackers (Law360)
31. Executive Order on Improving the Nation's Cybersecurity (The White House)
32. Cybersecurity Execs Weigh In On Biden Executive Order (SDxCentral)

Updated 2021-05-14

1. Biden Signs Executive Order On Cybersecurity In Wake Of Pipeline Hack (WXXI News)
2. Cyber Response Bill Advances in Senate (Nextgov)
3. Rapid7 says attacker accessed its source code in Codecov supply chain hack
4. Education CISO Discusses Zero Trust, Automation Going Hand-in (Hand – MeriTalk)
5. Senator Proposes Cyber 'Academy' to Attract More to National Service (Military.com)
6. Biden's Cybersecurity Executive Order: 4 Key Takeaways
7. Everything You Need to Know about the New Executive Order on Cybersecurity (Lawfare)
8. Biden Executive Order on Cybersecurity Calls for Enhanced Software Supply Chain Security (secblvd)
9. Biden Executive Order Mandates MFA, Zero Trust Model and Standardized Incident Reporting
10. Joe Biden signs executive order to beef up federal cyber defenses following pipeline hack - ABC11 Raleigh (Durham)
11. Biden signs cybersecurity executive order, though rules wouldn't (WENY News)

Updated 2021-05-13

1. Bahamas must ‘step up game’ on cyber security (The Tribune)
2. Biden says Colonial Pipeline hackers based in Russia, but not government-backed (hill)
3. President Biden signs executive order to strengthen U.S. cybersecurity defenses | 2021-05-13 (Security Magazine)
4. Cybersecurity executive order or fire drill? (FRN)
5. Microsoft's new security feature locks hackers out with GPS (ZDNet)
6. SolarWinds Hacking Claim a 'False Flag' by US Intelligence Seeking More Funding, Moscow Says (Sputnik)
7. Biden Signs Executive Order to Bolster Federal Government’s Cybersecurity (nyt)
8. Biden’s Cyber Strategy Must De-weaponize Civilian Data (Nextgov)
9. Biden cybersecurity order tackles software risks in energy, other sectors following Colonial hack (Utility Dive)
10. Biden's Executive Order Will Not Stop Cyber Attacks (LinkedIn)
11. Biden Executive Order Follows Recent Cyberattacks : NPR
12. Biden signs executive order aimed at boosting cybersecurity
13. Biden signs security (focused executive order meant to accelerate breach reporting, boost software standards)
14. Biden signs cybersecurity executive order in the wake of pipeline shutdown
15. Biden cybersecurity order mandates new rules for govt ...
16. Biden Signs Cybersecurity Executive Order Following Colonial Pipeline Hack : NPR
17. Biden signs executive order to improve federal cybersecurity (hill)
18. How Biden's new executive order plans to prevent another SolarWinds attack (The Record by Recorded Future)
19. Biden signs order to improve federal cybersecurity
20. Biden signs cybersecurity executive order after ransomware attack on fuel pipeline (CBS 42)
21. Biden orders federal cyber upgrade after barrage of hacks (POLITICO)
22. Biden Orders IT Gov't Contractors To Report Data Breaches (Law360)
23. Biden issues executive order following mounting cyberattacks (Axios)
24. Biden signs executive order aiming to prevent future cybersecurity disasters (Verge)
25. Biden cyber executive order reignites push to cloud, zero trust
26. Biden signs order to beef up federal cyber defenses (LV Sun)
27. FACT SHEET: President Signs Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Networks (The White House)
28. House lawmakers roll out bill to invest $500 million in state and local cybersecurity (hill)
29. Biden signs much-anticipated cybersecurity executive order - (FCW)
30. Biden Signs Order to Boost Cybersecurity After Pipeline Hack (Bloomberg)
31. Biden signs executive order to strengthen cybersecurity after Colonial Pipeline hack
32. Moscow Cuts U.S. Embassy Staff Marking Latest Decline In U.S. (Russia Relationship)
33. Dark Reading | Security (Protect The Business)
34. Mark Warner calls for mandatory reporting of hacks after Colonial Pipeline attack
35. Russia must do more to tackle cyber criminals operating from within its borders, says UK (ZDNet)
36. Supply chain penetration: Here’s how you can protect yourself (HT Tech)
37. CISA to pilot secure cloud instance in response to SolarWinds attack (FRN)
38. Biden Signs Executive Order to Bolster Federal Government’s Cybersecurity (nyt)
39. SolarWinds CEO describes overhauled Orion build system after that 'very small, unique' security breach • The Register (SecuritNEWS)
40. Statemtnt of Ryan A Higgins, CISO Dept Commerce reporting to DHS
41. SolarWinds CEO describes overhauled Orion build system after that ‘very small, unique’ security breach (IT Security News)
42. Federal SolarWinds Recovery : FedNet
43. Lawmakers eye tightening law to get more details on cyberattacks (Roll Call)
44. RSAC insights: SolarWinds hack illustrates why software builds need scrutiny — at deployment (secblvd)
45. Senate committee holds hearing on cybersecurity after massive SolarWinds hack (The Global Herald)
46. Senators Cite Colonial Pipeline Hack in Calling for Cyber Response and Recovery Fund (Nextgov)
47. Senators Want FISMA Changes on Cyberattack Reporting (MeriTalk)
48. Senators discuss federal cybersecurity following SolarWinds hack (WYTV)
49. Biden Plans Order to Strengthen U.S. Cyberattack Defenses (nyt)
50. How SolarWinds cyber-attack forced US to sanction Russia - CRN (India)

Updated 2021-05-12

1. SolarWinds CEO describes overhauled Orion build system after that 'very small, unique' security breach (Register)

Updated 2021-05-11

1. SolarWinds Opened the Door for Cybersecurity Culture Overhaul at DHS
2. Watch live: Acting CISA director testifies on cybersecurity following SolarWinds hack (hill)
3. Mandatory Breach Notification Requirements Are Coming For Government Contractors - Technology (United States)
4. SolarWinds Says Hackers Probably Stole Data from Email Accounts — GigaLaw
5. US spy agencies review software suppliers' ties to Russia following SolarWinds hack

Updated 2021-05-10

1. Russia targeting these 11 vulnerabilities, US, UK cyber agencies
2. State (Sponsored Cyberattacks Aren’t Going Away — Here’s How To Defend Your Organization)
3. The Cybersecurity 202: Biden's new CISA director will confront a host of complex challenges (wapo)
4. SolarWinds Shares More Information on Cyberattack Impact, Initial Access Vector (SecurityWeek.Com)
5. NIST and CISA Release Guidelines for Organizations and Vendors To Defend Against Software Supply Chain Attacks (CPO Magazine)
6. SolarWinds Says Russian Group Likely Took Data During Cyber-Attack (HITBSecNews)
7. Hackers accessed SolarWinds' Office 365 since early 2019 - Security - Channel Meets (CRN Australia)
8. U.S., U.K. Reveal Code Flaws Abused by SolarWinds Hackers
9. Defending Against Software Supply Chain Attacks

Updated 2021-05-08

1. DHS, DOC to Testify Tuesday at SolarWinds Hearing
2. Lawmakers push for increased cybersecurity funds in annual appropriations (hill)
3. SolarWinds Believes Russian Group Took Data During Cyber-Attack (Bloomberg)
4. Joint advisory: Further TTPs associated with SVR cyber actors (NCSC.GOV.UK)
5. An Investigative Update of the Cyberattack (Orange Matter)
6. SolarWinds: Hackers Accessed Our Office 365 Since Early 2019
7. US-UK Gov Warning: SolarWinds Attackers Add Open-Source PenTest Tool to Arsenal (SecuritNEWS)
8. Fact Sheet: Russian SVR Activities Related to SolarWinds Compromise
9. US spy agencies review software suppliers' ties to Russia following SolarWinds hack (CyberScoop)
10. Further TTPs associated with SVR cyber actors
11. NSA: Connecting OT to the net can lead to "indefensible levels of risk"
12. CISA used new subpoena power to contact US companies vulnerable to hacking
13. NYDFS recommends critical new practices to reduce supply chain risk in wake of SolarWinds attack (Lexology)
14. CISA has a better understanding of critical software post (SolarWinds hack)

Updated 2021-05-05

1. Stopping the Next SolarWinds Requires Doing ...

Updated 2021-05-03

1. Administration drafting EO to help U.S. Gov’t secure digital supply chain
2. Security News in Review: Emotet Uninstalled Worldwide; Babuk “Goes Dark” (secblvd)
3. APT actors increasingly turn to exploits to launch attacks (TahawulTech.com)
4. Tips on Enhancing Supply Chain Security (DataBreachToday)
5. NSA: OT Security Guidance in Wake of SolarWinds Attack

Updated 2021-05-01

1. A Tale of Two Hacks: From SolarWinds to Microsoft Exchange (tpost)
2. NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses (Alston & Bird - JDSupra)
3. CISA: 5 Agencies Using Pulse Secure VPNs Possibly Breached
4. Survey Finds Broad Concern Over Third (Party App ...)
5. Biden Order To Require New Cybersecurity Standards In Response To SolarWinds Attack (Georgia Public Broadcasting)
6. NYDFS Issues Report on SolarWinds (Robinson+Cole Data Privacy + Security Insider - JDSupra)
7. Biden Order To Require New Cybersecurity Standards In Response To SolarWinds Attack Morning Edition podcast
8. The Ticking Time Bomb in Every Company's Code
9. Stop Malicious Cyber Activity Against Connected Operational Technology
10. US Cuts Visa Services in Moscow Embassy as Russia Squeezes Embassy (Bloomberg)
11. Warner says Senate committee working on bill to require mandatory reporting for cyber threats (FRN)
12. NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses (Alston & Bird Privacy, Cyber & Data Strategy Blog)
13. Biden Order Will Require New Cybersecurity Standards In Response To SolarWinds Attack (88.5 WFDD)
14. Sidechannel Interview with Alex Stamos and Chris Krebs by Kim Zetter - Zero Day (Free Listening on SoundCloud)
15. Supply Chain Security Hinges on Zero Trust, Partnerships: A MeriTV Discussion (MeriTalk)

Updated 2021-04-30

1. ‘Accelerate change or lose’: Applying Gen. Brown’s action orders to cyberspace education and training
2. More US agencies potentially hacked, this time with Pulse Secure exploits (ars)
3. NYDFS Issues Report on SolarWinds Response and Recommends Critical Cybersecurity Measures (Practical Law)
4. Microsoft weighs revamping flaw disclosures after suspected leak (Pittsburgh Post-Gazette)
5. Hunting Hackers: Reducing the Time to Discovery (CSO Online)
6. Top US military intelligence official says Russian military pose (WENY News)
7. New York State Department of Financial Services Releases Report on SolarWinds Cyber Espionage Attack

Updated 2021-04-29

1. SolarWinds : Biden Administration Issues New Sanctions On Russia In Connection With SolarWinds And Election Interference Efforts (MarketScreener)
2. NIST, CISA Share Software Supply Chain Attack Defense Guidance
3. Biden Order Will Require New Cybersecurity Standards In Response To SolarWinds Attack (Public Radio Tulsa)
4. Biden Order Will Require New Cybersecurity Standards In Response To SolarWinds Attack (VPM)
5. Biden Order To Require New Cybersecurity Standards In Response To SolarWinds Attack (Flipboard)
6. CISA & NIST Publish Recommendations for IT Admins to Defend Against the Next ‘SolarWinds’ Event (HOTforSecurity)
7. New York: NYDFS issues report on investigation of SolarWinds cyberattack | News post (DataGuidance)
8. Lawmakers introduce legislation to create civilian reserve program to fight hackers (hill)
9. SolarWinds Supply Chain Attack: How to Protect Your Business
10. With sanctions, let’s offer Russia incentives, too (The Seattle Times)
11. US poised to impose anti-Russian sanctions over cyberattacks, election meddling — media - World (TASS)
12. In Wake of Recent Breaches, FAA Wants to Up Cybersecurity of National Airspace System (Nextgov)
13. GCHQ calls for more UK investment in cybersecurity. US Senate considering information (sharing bill. CISA and NIST offer supply chain security guidance.)
14. Biden Order To Require New Cybersecurity Standards In Response To SolarWinds Attack (WFSU News)
15. The Cybersecurity 202: Lawmakers want to create a reserve corps of cybersecurity experts to respond to the next SolarWinds (R Street)
16. SolarWinds, Microsoft Hacks Prompt Focus on Zero-Trust Security | News (CACM)

Updated 2021-04-28

1. New York Warns of Supply Chain Attack Dangers in Recent SolarWinds Report
2. Another top VPN is reportedly being used to spread the SolarWinds hack
3. What Is Steganography? (Built In)
4. Another SolarWinds lesson: Hackers are targeting Microsoft authentication servers (The Open Security)
5. Dark Reading | Security (Protect The Business)
6. The Cybersecurity 202: Lawmakers want to create a reserve corps of cybersecurity experts to respond to the next SolarWinds (wapo)
7. APT actors increasingly turn to exploits to launch attacks (ITProPortal)
8. Report: As result of SolarWinds breach, U.S. military concerned about updating software platforms (Israel Defense)
9. Another SolarWinds lesson: Hackers are targeting Microsoft authentication servers (All Tech News)
10. Senate Intelligence panel working on legislation around mandatory cyber breach notification (hill)
11. Anatomy of the SolarWinds Hack: Who What Where When How
12. An APT Group Exploits VPN to Deploy Supernova on SolarWinds Orion (Cyware Alerts - Hacker News)
13. Russia accelerates its de-dollarization policy, chooses to settle exports in euro over dollar (Kitco News)

Updated 2021-04-27

1. Cybersecurity roundup: U.S. agencies warn of Russian hacks, Australian hospitals struggle to get back online (Healthcare IT News)
2. House Solarium Commission Members Press for More CISA Funding (Nextgov)
3. ‘Mandatory’ Cyber Info Sharing Bill Coming, Says Senate Intel Chair Warner « Breaking Defense (Defense industry news, analysis and commentary)
4. Abusing Replication: Stealing AD FS Secrets Over the Network (fireeye)
5. Hackers are targeting Microsoft authentication servers
6. Lawmakers Seek to Expand CISA's Role (GovInfoSecurity)
7. New York State Department of Financial Services Issues Report On The Solarwinds Supply Chain Attack - Report Finds That DFS-regulated Companies Responded Quickly to the Attack (Report Identifies Key Cybersecurity Measures to Reduce Supply Chain Risk)
8. Well (known VPN used to steal credentials on SolarWinds servers)
9. SolarWinds, Microsoft hacks prompt focus on zero-trust security (Samachar Central)
10. The FireEye/SolarWinds cyber attack | Ivanti Insights | Podcasts on Audible (Audible.com)
11. A Contrarian View on SolarWinds (SANS Institute)
12. Supply Chain Compromise (CISA)
13. SolarWinds, Microsoft hacks prompt focus on zero (trust security)
14. SolarWinds, Microsoft Hack Quick Focus on Zero Trust Security (India News Republic)
15. SolarWinds hack analysis reveals 56% boost in command server footprint (ZDNet)
16. Before SolarWinds, US officials say SVR began stealthily targeting cloud services in 2018
17. Lawmakers call for increasing the budget of key federal cybersecurity agency (hill)
18. New bill would task CISA with infrastructure risk assessments - (FCW)
19. Another top VPN is reportedly being used to spread SolarWinds hack (TechRadar)
20. Major US breaches, SolarWinds, prompts focus on zero trust model

Updated 2021-04-26

1. Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders (CISA)
2. 'Cock.li' Admin Says He's Not Surprised Russian Intelligence Uses His Site
3. SolarWinds, Microsoft Hacks Prompt Focus on Zero-Trust Security (WSJ)
4. SolarWinds hack and security - What is a software bill of materials? (JAXenter)
5. CISA warns of theft of credentials via SolarWinds and PulseSecure VPN
6. Report: Russia 'likely' kept access to US networks after SolarWinds hack (Çukute)
7. http.title:solarwinds http.favicon.hash:-1776962843 (Shodan Search)
8. CISA warns of credential theft via SolarWinds and PulseSecure VPN (Public News)

Updated 2021-04-25

1. Report: Russia 'likely' kept access to US networks after SolarWinds hack (My Droll)
2. Report: Russia likely retained access to US network after SolarWinds hack (News Chant USA)
3. Report: Russia 'likely' kept access to US networks after SolarWinds hack (Engadget)
4. Report: Russia 'likely' kept access to US networks after SolarWinds hack
5. Report: Russia 'likely' kept access to US networks after SolarWinds hack
6. CISA warns of credential theft via SolarWinds and PulseSecure VPN (VentureBeat)
7. Two sources close to the SolarWinds breach investigation say Russian intelligence agency SVR hackers are likely still maintaining access to U.S. networks (CNN) (Inverse Zone)
8. Microsoft in the hot seat due to SolarWinds hacking campaign (Compsmag)
9. SolarWinds hacking campaign puts Microsoft in the hot seat (Columbia Basin Herald)
10. SolarWinds executive explains their ‘security by design’ concept (TahawulTech.com)
11. Exclusive: Sources familiar with the investigation of SolarWinds breach say hackers from Russia's SVR intelligence agency likely still maintain access to US networks (CNN) (Last Bulletin)
12. Top White House cyber official says action taken so far not enough to deter further Russia cyberattacks (CNNPolitics)
13. Top White House cyber official says action taken so far not enou (WENY News)
14. Federal CISO DeRusha Cites SolarWinds Response as Promising ‘Use Case’ (MeriTalk)
15. SUPERNOVA malware discovered on SolarWinds Orion server (Malware Devil)
16. SOLARWINDS INVESTIGATION INITIATED by Former Louisiana Attorney General: Kahn Swick & Foti, LLC Investigates the Officers and Directors of SolarWinds Corporation - SWI (bizwire)
17. SOLARWINDS INVESTIGATION INITIATED by Former Louisiana Attorney General: Kahn Swick & Foti, LLC Investigates the Officers and Directors of SolarWinds Corporation (SWI)
18. Senators introduce legislation to protect critical infrastructure against attack (hill)
19. New analysis uncovers extensive SolarWinds attack infrastructure (TechRadar)
20. Researchers Find Additional Infrastructure Used By SolarWinds Hackers
21. The SolarWinds Sunburst Attack: How to Protect Yourself from 5th Generation Cyberattacks (Secure Ops)

Updated 2021-04-24

1. New analysis uncovers extensive SolarWinds attack infrastructure (TechRadar)
2. Supernova Malware Actors Masqueraded as Remote ...
3. Researchers Find New Chunk of SolarWinds Attackers' Infrastructure (Decipher)

Updated 2021-04-23

1. Supernova Attack Leveraged SolarWinds, Pulse Secure
2. SolarWinds hacking campaign puts Microsoft in the hot seat (WFTV)
3. SolarWinds hacking campaign puts Microsoft in the hot seat
4. Hackers exploit SolarWinds, Pulse Secure for credential theft: Feds - Security (CRN Australia)
5. Analysts Uncover More Servers Used in SolarWinds Attack
6. Supernova Attack Leveraged SolarWinds, Pulse Secure
7. Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion (IT Security News)
8. APT abused Pulse Secure, SolarWinds appliances to plant Supernova webshell on enterprise network
9. When a Ripple Becomes a Wave: Cyberattack Fallout (secblvd)
10. Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion (Times News Express)
11. The SolarWinds Attack: The Story Behind The Hack » RJR Empires
12. CISA Finds New Attacker Using Supernova Malware on SolarWinds Orion (Decipher)
13. CISA Discovers Advanced Malware In VPN Device (Potomac Officers Club)
14. New analysis uncovers extensive SolarWinds attack infrastructure (TechRadar)
15. The Cybersecurity 202: Biden's pick for White House cyber director wants to see better relationship building with the private sector (wapo)
16. Researchers shed more light on APT29 activity during SolarWinds attacks (Fuentitech)
17. U.S. Announces Sweeping New Sanctions Targeting Russia (Cozen O'Connor - JDSupra)
18. Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion
19. HAFNIUM Exploits Live On (secblvd)
20. SolarWinds Hack Imparted Lessons to Work Across Silos and Not ‘Victim Blame,’ Says Federal CISO (Homeland Security Today)
21. USA: Would CMMC have prevented SolarWinds? | Insights (DataGuidance)
22. Russian Cyber Threat Defense – Now and Looking Forward (secblvd)
23. cyber.dhs.gov - Emergency Directive 21 (03: pulse secure)
24. Cisco CEO Chuck Robbins: Moving To The Cloud Alone Isn’t A Security Cure (All)
25. US agencies assess Pulse Secure VPN exploitation. New Sunburst infestation found. Facebook shuts down Paletinian spy groups.
26. Why indict foreign cyber operators? IoT security regulation in the UK. Anti (ransomware measures and surveillance limitations in the US.)
27. Hackers Exploit SolarWinds, Pulse Secure For Credential Theft: Feds
28. Analysts Estimate SolarWinds (SWI) to Report a Decline in Earnings: What to Look Out for
29. More SolarWinds command and control hacking servers found - Security (iTnews)

Updated 2021-04-22

1. Cybersecurity expert: If you use SolarWinds, they got you (POWERGRID International)
2. SolarWinds juggles stakeholders involved in response, recovery to level out business (Cybersecurity Dive)
3. Ex-NSA top lawyer: Here's how to block next SolarWinds mega hack (The Jerusalem Post)
4. Researchers shed more light on APT29 activity during SolarWinds attack
5. CISA Identifies SUPERNOVA Malware During Incident Response (CISA)
6. U.S. takes steps to protect electric system from cyberattacks (Chattanooga Times Free Press)
7. Ex-Sen. Saxby Chambliss lobbying for SolarWinds (LegiStorm)
8. Biden Administration Announces Expansion Of Sanctions Against Russia And Signals Potential Additional Restrictions Following SolarWinds Cyber-Attack - International Law (United States)
9. New cyber (hardening mandates may be coming for defense firms)
10. Democracy in The Daily: Russia against the West (The Tufts Daily)
11. House Passes State Department Cybersecurity Legislation (KMJ-AF1)
12. Research Uncovers New Command Servers Used in SolarWinds Campaign (Zero Day)
13. SolarWinds: Advancing the Story (RiskIQ Community Edition)
14. SolarWinds: Illuminating the Hidden Patterns That Advance the Story (RiskIQ)
15. SolarWinds security chief: ‘We ran a pretty good shop’ (The Record by Recorded Future)
16. Russia Sanctioned For Role In SolarWinds Supply Chain Attack (Alston & Bird Privacy, Cyber & Data Strategy Blog)
17. Former SolarWinds CEO Kevin Thompson to be the new CEO of Tricentis, a Mountain View software test company (Silicon Valley Business Journal)
18. CISA Ties SUPERNOVA Malware to Pulse Secure, SolarWinds Exploits
19. Sanctioned Firm Accused of Helping Russian Intelligence Was Part of Microsoft’s Early Vuln Access Program — MAPP (Zero Day)

Updated 2021-04-21

1. In Tit-For (Tat Move, Russia Expels 10 U.S. Embassy Workers In Moscow)
2. SUNBURST: Reflections to Secure By (secblvd)
3. New cyber (hardening mandates may be coming for defense firms)
4. Russia Sanctioned For Role In SolarWinds Supply Chain Attack (Alston & Bird - JDSupra)
5. United States sanctions six Russian companies for aiding Russia's cyber (attacks against the US)
6. Nakasone deflects senators' invitations to seek domestic spying powers - (Defense Systems)
7. SolarWinds : New US Sanctions Targeting Russia's "Harmful Foreign Activities," Including Restrictions On Dealings In Russian Sovereign Debt (MarketScreener)
8. Biden administration sanctions Russia over 2020 election interference, SolarWinds hack (FoxBiz)
9. The Danger of Treating SolarWinds as a Russia Cyber Attack
10. House passes legislation to elevate cybersecurity at the State Department (hill)
11. Russia’s Positive Technologies responds to US Treasury sanctions. US Government stands down its SolarWinds and Microsoft Exchange task forces. FCC security priorities charted.
12. UK and US call out Russia for SolarWinds compromise
13. The SolarWinds Attack: The Story Behind The Hack (Delaware First Media)
14. DISA and JFHQ-DODIN's Orchestrated Response to SolarWinds (SIGNAL Magazine)
15. White House Winds Down SolarWinds, Exchange Cyber Teams « Breaking Defense (Defense industry news, analysis and commentary)
16. Biden Administration Ratchets Up Russia Sanctions (Michael Volkov - JDSupra)
17. White House Scales Back Response to SolarWinds & ...
18. White House 'Stands Down' SolarWinds, Exchange Response Groups

Updated 2021-04-20

1. 5 signs a trucking company has been hacked (Commercial Carrier Journal)
2. White House stands down SolarWinds, Microsoft Exchange cyber response groups - (GCN)
3. Biden Administration Imposes Sanctions on Russia for SolarWinds (Schneier)
4. Feds Find More Malware Tied to SolarWinds Supply Chain Compromise
5. From the attack on Alexei Navalny to SolarWinds hack, every Russian move under scrutiny as NATO Allies support US action plan on Russia's 'destabilising activities' (IBTimes India)
6. A new direction in response to cyberespionage? Co (opting criminal gangs as instruments of state policy.)
7. SolarWinds (NYSE:SWI) Upgraded at Zacks Investment Research (MarketBeat)
8. Exploring three more serious flaws in SolarWinds Orion products (TechNative)
9. The SolarWinds Attack: The Story Behind The Hack : NPR
10. SolarWinds hacking campaign puts Microsoft in the hot seat
11. The Biden Administration has officially responded to the SolarWinds attack! by Nick Espinosa | Security Fanatics (Free Listening on SoundCloud)
12. The SolarWinds Breach and CMMC - What’s the Impact? (Pivot Point Security)
13. UK, US say Russian hackers carried out SolarWinds attack
14. Supply chain risk: Addressing a multitude of single points of failure - (FCW)
15. Statement by Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger on SolarWinds and Microsoft Exchange Incidents (The White House)
16. Cyberattacks and Security Breach Disclosures: U.S. Federal Law Coming? (MSSP Alert)
17. Investigation announced for Long (Term Investors in shares)
18. US Senator Mark Warner calls for urgent transatlantic cooperation on cybersecurity (POLITICO)
19. President Biden Signs New Executive Order Escalating US Sanctions Against Russia (WilmerHale - JDSupra)
20. Malware Wants to Phone Home. Trinity Cyber Doesn’t Try to Block It
21. Great Power Cyber Party (War on the Rocks)
22. SolarWinds affair. Russia expels US, Polish diplomats in counterretaliation. Codecov compromise. Big data gangs.
23. Positive Technologies denies involvement in SolarWinds attack (TechRadar)
24. What Hack? Top SolarWinds Executives Made $65 Million Last Year
25. SolarWinds: A Catalyst for Change & a Cry for ...
26. Russia sanctioned over SolarWinds, election interference -- even as cyber espionage continues - (GCN)
27. White House stands down groups tackling SolarWinds, Microsoft Exchange - (FCW)
28. Sun starts to set on SolarWinds attack as White House scales back efforts (Windows Central)
29. Russia Will Expel 10 Diplomats In Response To US Sanctions (Law360)
30. Utility Regulator Says SolarWinds Backdoor Was Downloaded by 1/4 of Electric Utilities on the North American Power Grid (CPO Magazine)
31. solarwinds stock price chart (Unese.campusquotient.org)
32. SolarWinds cyberattack: How SolarWinds cyberattack forced US to sanction Russia, Telecom News, ET Telecom

Updated 2021-04-19

1. Poland supports allies' response to aggressive politics of Russia (The First News)
2. Increasing Demand of Database Monitoring Software Market 2027 (Datadog,Solarwinds,PRTG Network Monitor – The Courier)
3. Samir on Twitter: "if you see an instance of dwDrvInst.exe (unsigned by Solarwinds) running with cmdline like "smartcard -install" that could be a sign of successful RCE exploitation of CVE-2019 (3980 https://t.co/FyZvQ2IYVj https://t.co/8OIarbbqeQ" / Twit)
4. Company officials, victims, experts, and intel officials discuss the SolarWinds hack, which successfully compromised ~100 companies and a dozen govt. agencies (Dina Temple-Raston/NPR) (The Global Valley)
5. U.S. sanctions Russian government, security company for SolarWinds violations, election interference (Eminetra New Zealand)
6. United States imposes sanctions on Russia for SolarWinds Cyber Attack

Updated 2021-04-18

1. SolarWinds execs earned US$65M in 2020 despite hack - Security (CRN Australia)
2. Australia: Cyber insurance adoption rates see steady increases
3. US imposes sanctions on Russia over cyber (attacks)
4. Biden agencies could find key lawmakers in accord on hack-attack alerts (Newsday)
5. Russia expels 10 US diplomats as part of retaliation for sanctions
6. SolarWinds hacking campaign puts Microsoft in hot seat (News, Sports, Jobs - Tribune Chronicle)
7. Some White House Officials Reportedly Asked Biden Not to Tie New Sanctions to SolarWinds Hack (Sputnik)
8. In Punishing Russia for SolarWinds, Biden Upends U.S. Convention on Cyber Espionage
9. SolarWinds : Russia Russia Russia! The Biden Administration Imposes Tough Sanctions On Russia (MarketScreener)
10. OODA Loop (Cyber Retaliation Needs to Be Decisive, Swift, and Meaningful)
11. Macron says international community must draw “clear red lines” with Russia (Sandhills Express)
12. The Story of the SolarWinds Hack (Hacker News)
13. Russia announces expulsion of 10 U.S. diplomats and ban some U.S. officials (Sandhills Express)
14. SolarWinds hacking campaign puts Microsoft in the hot seat (ABC News)
15. Swinburne University confirms over 5,000 individuals affected in data breach (Bestgamingpro)
16. Solarwinds, Inc. (NYSE:SWI) - White House Holds Russia's SVR Responsible For SolarWinds Cyber Hack: Reuters (Benzinga)
17. Biden Administration Issues Russian Sanctions in Response to SolarWinds

Updated 2021-04-17

1. NSA: 5 Security Bugs Under Active Nation-State Cyberattack (tpost)
2. SolarWinds : Russia Russia Russia! The Biden Administration Imposes Tough Sanctions On Russia (MarketScreener)
3. In Punishing Russia for SolarWinds, Biden Upends U.S. Convention on Cyber Espionage (WSJ)
4. US Institutes Sanctions Against Russia Over SolarWinds Hack
5. SolarWinds hacking campaign puts Microsoft in the hot seat (StarTribune)
6. In Punishing Russia for SolarWinds, Biden Upends U.S. Convention on Cyber Espionage (ADVFN)
7. Russian SVR blamed for SolarWinds supply chain compromise, cyber espionage action (Industrial Cyber)
8. Biden's CISA Cybersecurity Budget Proposal: $2.1B (MSSP Alert)
9. Russia Retaliates Against Biden's New Sanctions, Expelling 10 U.S. Diplomats (KENW)
10. It was Russia wot did it: SolarWinds hack was done by Kremlin’s APT29 crew, say UK and US (Cyber Security Review)
11. US attributes SolarWinds campaign to Russia's SVR and calls out Russian disinformation shops. New APT34 activity.
12. Russia: UK exposes Russian involvement in SolarWinds cyber compromise (UK Government) (CompanyNewsHQ)
13. Russia to expel 10 US diplomats in 'tit-for-tat response' to Biden sanctions | National (pdclarion.com)
14. 6 out of 11 EU agencies running Solarwinds Orion software were hackedSecurity Affairs
15. Russian SVR Behind the SolarWinds Hack, According to U.S. Government
16. Russia sanctions eight US officials and expels diplomats in reta - Erie News Now (WICU and WSEE in Erie, PA)
17. Russia objects to US sanctions; US gets UK, EU support. Vaccine cold chain remains a target. Iran says Natanz back in business.
18. US Pulls Back Curtain on Russian Cyber Operations
19. Australian Government Blames Russia For SolarWinds Cyber Attack
20. Holding Russia To Account (U.S. Embassy in Georgia)
21. Russia blocks key Biden Cabinet officials from entering in retaliation for sanctions (hill)
22. VirusTotal Community profile for CYBERCOM_Malware_Alert (VirusTotal)
23. SolarWinds compromise attributed to Russian state actor (Beehive.govt.nz)
24. Sanctioned Russian IT firm was partner with Microsoft, IBM
25. SolarWinds hacking campaign puts Microsoft in the hot seat
26. SolarWinds cyber strike: Russia did it, say US and UK (Attivo Networks)
27. Days after sanctions, House to vote again on Cyber Diplomacy Act - (FCW)
28. U.S. Fingers Putin’s Cozy Bear for SolarWinds Attacks (secblvd)
29. GOP lawmakers say something important missing from Biden’s Russia sanctions (Washington Examiner)
30. Biden team’s tall task: Building cyber defenses against Russia, China (CSMonitor.com)
31. Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? (secblvd)
32. US sanctions Russian government, security firms for SolarWinds breach, election interference (CSO Online)
33. Experts On Russia Being Held Accountable For SolarWinds (Information Security Buzz)
34. White House Blames Russian Foreign Intelligence for SolarWinds, Imposes Sanctions on Rival Nation (HOTforSecurity)
35. Snort Blog: Snort rule update for April 15, 2021
36. NATO - News: North Atlantic Council Statement following the announcement by the United States of actions with regard to Russia, 15-Apr. (2021)
37. Foreign Intelligence Service of the Russian Federation
38. SolarWinds hack affected six EU agencies (The Record by Recorded Future)
39. US imposes new sanctions on Russia, expels 10 diplomats : The Tribune India
40. Himes: Biden didn’t show Putin “strong hand,” says cyber offensive is needed (CTInsider.com)
41. H-ISAC Supply (Chain Insights Aim to Prevent Next SolarWinds Cyberattack)
42. Russia to expel 10 US diplomats in 'tit-for-tat response' to Biden sanctions | National (keysnews.com)
43. How Russia Used SolarWinds To Hack Microsoft, Intel, Pentagon, Other Networks : NPR
44. It was Russia wot did it: SolarWinds hack was done by Kremlin's APT29 crew, say UK and US (Register)
45. CISA and CNMF Analysis of SolarWinds (related Malware)
46. White House blames Russian spy agency SVR for SolarWinds hack: statement (95 KQDS)
47. Attribution of cyber incident to Russia (Australian Minister for Foreign Affairs, Minister for Women)
48. US Sanctions Russia Over SolarWinds Attack, Election Meddling
49. US government strikes back at Kremlin for SolarWinds hack campaign (ars)
50. US Issues Russian SVR Warning (Infosecurity Magazine)
51. Russia Expels 10 U.S. Diplomats in Limited Sanctions Response (Bloomberg)
52. SolarWinds Execs Earned $65M In 2020 Despite Huge Hack
53. US expels Russian diplomats, imposes sanctions for hacking
54. Ep 31 - SolarWinds Hack | Modern Day Apocrypha | Podcasts on Audible (Audible.com)
55. How SolarWinds’ Approach to Cybersecurity Made It Vulnerable to an Attack (TTI)
56. Kaspersky Lab autopsies evidence on SolarWinds hack (Register)

Updated 2021-04-16

1. SolarWinds: Accountability, Attribution, and Advancing the Ball
2. SolarWinds cyber strike: Russia did it, say US and UK
3. Biden’s Russia Strike Marks Shift in U.S. Cybersecurity Strategy
4. The Biden Administration Just Accused A $1 Billion Russian Cybersecurity Company Of Recruiting Spies
5. Biden says sanctions against Russia are proportionate response: 'Now is the time to de-escalate' | US & World News (azfamily.com)
6. US blames Russia spies for SolarWinds hack | The Canberra Times (Canberra, ACT)
7. Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? (Krebs on Security)
8. More Countries Officially Blame Russia for SolarWinds Attack (SecurityWeek.Com)
9. White House: Russians Behind SolarWinds and 5 More Technology Attacks
10. Britain and United States accuse Russia of ‘Solar Winds’ cyber attack
11. US expels Russian diplomats, imposes sanctions for hacking
12. US sanctions six tech firms for supporting Russian intelligence services
13. White House formally blames Russian intelligence service SVR for SolarWinds hack (The Record by Recorded Future)
14. UK and US call out Russia for SolarWinds compromise | National Cyber Security Centre (Official Press Release)
15. Poland Expels Three Russian Diplomats In 'Solidarity' With U.S.
16. US names 6 Russian tech firms aiding govt hackers - Security (CRN Australia)
17. White House Names, Blames, Sanctions Russian Govt for Cyber, Election Assaults (MeriTalk)
18. Britain, United States accuse Russia of ‘Solar Winds’ cyber attack (Evening Standard)
19. How SolarWinds cyber (attack forced US to sanction Russia)
20. NATO to improve cyber defense in bid to boost alliance resilience
21. Russia's SVR Spy Agency Calls U.S. Hack Allegations 'Nonsense': Ifax | Top News (US News)
22. Russian SVR Targets U.S. and Allied Networks
23. Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks (Homeland Security Today)
24. US White House blames Russia’s foreign intelligence for cyberattack on SolarWinds software - World (TASS)
25. West Virginia Sen. Joe Manchin stresses importance of improving cybersecurity practices | WDVM25 & DCW50 (Washington, DC)
26. Russia 'most acute threat' to national security, UK gov’t says
27. Deutsche Welle: US expels Russian diplomats and issues sanctions over SolarWinds hacking attack (KyivPost - Ukraine's Global Voice)
28. SolarWinds compromise attributed to Russian state actor (Mirage News)
29. iTWire (US alleges Russia behind SolarWinds compromise, imposes curbs on six firms)
30. Biden says he warned Putin he could have gone further on sweeping Russia sanctions (ABC7 San Francisco)
31. Biden imposes new sanctions on Russia | Tn Exchange (newspressnow.com)
32. White House Hints at ‘Hallmark’ of Expected Cybersecurity Order (MeriTalk)
33. Biden blames and sanctions Russia for the massive SolarWinds hack (Vox)
34. Opinion (Biden is finally pivoting foreign policy to bigger threats - The Washington Post)
35. Furious Dominic Raab & US slam 'malicious' Russian 'CosyBear' hack attack which 'undermines democracy'
36. Statement on Solar Winds Orion cyberattacks - Ministry of Foreign Affairs Republic of Poland (Gov.pl website)
37. Figuring out SolarWinds hack as US sanctions Russia (Macau Business)
38. SolarWinds Sanctions Far From Last Word On Russian Hacks (Law360)
39. US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack
40. SolarWinds: Russian intelligence behind major cyber attack, Raab reveals as US expels diplomats (The Independent)
41. EU’s Borrell voices solidarity with US in SolarWinds hack (wapo)
42. US imposes sanctions on Moscow, expels Russian diplomats (News24)
43. Background Press Call by Senior Administration Officials on Russia (The White House)
44. US Sanctions on Russia Rewrite Cyberespionage's Rules (WIRED)
45. White House blames Russia's SVR agency for SolarWinds breachl (Seeking Alpha)
46. US pins SolarWinds cyberattack on Russian intelligence agency (Washington Examiner)
47. US Gov sanctions Russia and expels 10 diplomats over SolarWinds hackSecurity Affairs
48. Biden imposes new sanctions on Russia | National and World (dailylocal.com)
49. Rubio: Biden Order on Russia a 'Legality' to Allow Action on SolarWinds (Newsmax.com)
50. FACT SHEET: Imposing Costs for Harmful Foreign Activities by the Russian Government (The White House)
51. US institutes new Russia sanctions in response to SolarWinds hack (Sports Grind Entertainment)
52. US expels 10 Russian diplomats, imposes new sanctions in response to election interference and cyber hacks : The Tribune India
53. Biden Sanctions Russia, Restricts Buying New Debt After Hacking
54. Biden Sanctions Dozens Of Russians Over Hacking, Elections (Law360)
55. US expels 10 Russian diplomats, sanctions others for hack with Triangle connection (WRAL TechWire)
56. Australia blames Russia for SolarWinds attack (InnovationAus)
57. MAR-10327841-1.v1 – SUNSHUTTLE (CISA)
58. US Cyber Command, DHS (CISA release Russian malware samples tied to SolarWinds compromise > U.S. Cyber Command > News)
59. SolarWinds Fallout: Are the Feds to Blame? (EE Times)
60. US Formally Attributes SolarWinds Attack to Russian ...
61. If 25% of US utilities downloaded the malicious SolarWinds software, could the grid go down Ukraine-style? (Power Engineering)
62. Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks > National Security Agency Central Security Service > Article View
63. U.S. Sanctions Russia Over SolarWinds Cyberattack, Election Interference (MSSP Alert)
64. Risch Addresses SolarWinds Sanctions, Underscores Cyberthreats from State Actors at Intelligence Hearing - Press Releases (James E Risch, U.S. Senator for Idaho)
65. Biden Boots 10 Russian Diplomats After SolarWinds Mega (Hack)
66. US government strikes back at Kremlin for SolarWinds hack campaign (ars)
67. US expels Russian diplomats and issues sanctions over SolarWinds hacking attack | News | DW (15.04.2021)
68. Cybercriminals get bolder as impact from SolarWinds and ransomware grows (SiliconANGLE)
69. White House blames Russian spy agency SVR for SolarWinds hack: statement (Reuters)
70. SOLARWINDS INVESTIGATION INITIATED BY FORMER LOUISIANA ATTORNEY GENERAL: Kahn Swick & Foti, LLC Investigates the Officers and Directors of SolarWinds Corporation (SWI)
71. Biden imposes new sanctions on Russia over SolarWinds hack, election interference (trib)
72. US expels Russian diplomats, imposes new sanctions over SolarWinds hack, election interference
73. Sanctioning Russia for SolarWinds: What Normative Line Did Russia Cross? (Lawfare)
74. US hits Russia with sanctions following SolarWinds cyberattack (TechRadar)
75. Biden administration imposes new sanctions against Russia, expels 10 diplomats
76. U.S. Agencies: Russian SolarWinds Hackers Leveraging Five Older Vulnerabilities (My TechDecisions)
77. EU's Borrell voices solidarity with US in SolarWinds hack
78. Lesson From SolarWinds: Cyberattacks Have a Lingering Impact (IndustryWeek)
79. White House sanctions Russia over SolarWinds campaign, election interference - (FCW)
80. Russia Solarwinds hack sanctions announced (wtsp.com)
81. Official: Biden administration set to announce new sanctions against Russia for SolarWinds hack, election interference | Govt. & Politics (swvatoday.com)
82. U.S. set to sanction Russia over SolarWinds hack, election interference: reports (MarketWatch)
83. Pentagon believes it escaped unscathed from SolarWinds, Microsoft hacks (FRN)
84. NERC finding 25% of utilities exposed to SolarWinds hack indicates growing ICS vulnerabilities, analysts say (Utility Dive)
85. Biden's sanctions against Russia demands diplomats leave tomorrow - Raw Story (Celebrating 17 Years of Independent Journalism)
86. US is expected to sanction Russia and expel Russian officials in response to hacks and election interference | (kctv5.com)
87. Biden announces sweeping new sanctions against Russia (CBS News)
88. Official: Biden administration set to announce new sanctions against Russia for SolarWinds hack, election interference | National News (newsadvance.com)
89. Biden to sanction Russian authorities for massive SolarWinds hack (Biden administration - Eminetra)
90. U.S. set to slap new sanctions on Russian officials as soon as Thursday -sources (The Star Phoenix)
91. Biden: U.S. 'could have gone further' in sanctions on Russia
92. Biden’s decision: How hard to punch back at Putin's hackers (POLITICO)

Updated 2021-04-15

1. US spy chiefs to warn of threats from SolarWinds to North Korea (Maju Saham)
2. Hillicon Valley: Intel leaders push for breach notification law | Coinbase goes public (hill)
3. Misuse of X.509 Certificates & Keys Involved in SolarWinds Attack
4. Biden to Name Morgan Stanley’s Easterly as CISA Head
5. Senators Push for Changes in Wake of SolarWinds Attack
6. U.S. Poised to Impose Russia Sanctions Over Election, SolarWinds (Bloomberg)
7. SolarWinds says dealing with hack fallout cost at least $18 million (The Hindu)
8. U.S. spy chiefs warn of ‘unparalleled’ China threat in return to Congress | The Mighty 790 KFGO (KFGO)

Updated 2021-04-14

1. Where VCs Are Putting Their Money As Cybersecurity Funding Hits Record High (Crunchbase News)
2. Cyber Cartels Are Committing Modern Bank Heists (Barron's)
3. Protecting The Integrity Of The Software Factory
4. SolarWinds says dealing with hack fallout cost at least US$18 million - Security (CRN Australia)
5. Sunburst Hack Costs SolarWinds At Least $18M (CFO)
6. ‎Digital Detectives: Occam’s Razor — A SolarWinds Perspective for Law Firms on Apple Podcasts
7. NERC Says 375 Electricity Providers Installed the Laced SolarWinds Update (TechNadu)
8. SolarWinds spends $18 mn in 3 months after cyber attack (InfotechLead)
9. SolarWinds says dealing with hack fallout cost at least US$18m, Technology (THE BUSINESS TIMES)
10. SolarWinds says hack fallout cost at least $23.5 million - Security (iTnews)
11. White House Names National Cyber Director, CISA Chief (FedTech Magazine)
12. Hundreds of electric utilities downloaded SolarWinds backdoor, regulator says (CyberScoop)
13. Biden Warns Putin Over Hacking But Proposes Summit in a Call (2)
14. STRATEGIC THREAT INTELLIGENCE: PREPARING FOR THE NEXT “SOLARWINDS” EVENT
15. SolarWinds says dealing with hack fallout cost at least $18 million | Y100 WNCY | Your Home For Country & Fun (Green Bay, WI)
16. IC warns that U.S. adversaries are ramping up cyber attacks - (FCW)
17. Experts see 'unprecedented' increase in hackers targeting electric grid (hill)
18. SolarWinds says dealing with hack fallout cost at least $18 million | 1450 AM 99.7 FM WHTC (Holland)
19. U.S. intelligence community details destructive cyber capabilities, growing influence threats
20. Satya Nadella: SolarWinds Hack Underscores Need For ‘Moving To The Cloud’

Updated 2021-04-13

1. TIA, CTIA, NAB press Biden to let industry lead on telecom security (FierceTelecom)
2. White House announces CISA, national cyber directors (Utility Dive)
3. Former DHS Leader Shares Details on SolarWinds Attack
4. Biden Warns Putin Over Hacking But Proposes Summit in a Call (Bloomberg)
5. What You Need to Know about the Cyber (Espionage Attack Linked to Russia)
6. Biden names 2 ex (NSA officials for senior cyber positions)
7. ‘They knew I was running late to meetings’: Former DHS chief on reports that SolarWinds hackers targeted his emails (The Record by Recorded Future)
8. Spy Chiefs to Warn of Threats From SolarWinds to North Korea (Bloomberg)
9. Ex-DHS chief confirms suspected Russian hackers targeted his email account (CyberScoop)
10. SolarWinds and Cozy Bears: How Russian Hackers Compromised the U.S. Government and How We Can Reduce the Chances of It Happening Again (Ricochet)
11. SolarWinds and Microsoft Exchange: Hacks Wrapped in a Cybersecurity Dilemma Inside a Cyberspace Crisis (Georgetown Journal of International Affairs)
12. The Anatomy of the SolarWinds Attack: A CyberArk Labs Perspective
13. Biden names 2 ex (NSA officials for senior cyber positions)
14. Former DHS Secretary Details SolarWinds Hackers’ Access to His Email (Nextgov)

Updated 2021-04-12

1. Biden will name cybersecurity agency head after Russian hackers accessed government accounts (Daily Mail Online)
2. Biden's cybersecurity dream team takes shape
3. Biden Needs To Respond To Russia Hacking (Technology Times)
4. City of Tampa among 18,000 targets of SolarWinds hack; exposing government data, personal info - Tampa, Florida (Eminetra)
5. Fed Chairman Jerome Powell: The 2021 60 Minutes Interview (CBS News)
6. Satya Nadella: SolarWinds Hack Underscores Need For ‘Moving To The Cloud’
7. SOLARWINDS INVESTIGATION INITIATED BY FORMER LOUISIANA ATTORNEY GENERAL: Kahn Swick & Foti, LLC Investigates the Officers and Directors of SolarWinds Corporation - SWI (NY Press News)

Updated 2021-04-11

1. Biden Seeks to Boost CISA's Budget by $110 Million
2. SolarWinds Hack — New Evidence Suggests Potential Links to Chinese Hackers (The Cyber Post)
3. The U.S. Government Needs to Overhaul Cybersecurity. Here’s How. (secblvd)
4. SolarWinds Cyberattack: Lessons Learned
5. Biden Looks To Up Cybersecurity Spending With Budget Plan (Law360)
6. SolarWinds Pingdom vs. Rigor Monitoring & Optimization vs. germainAPM Comparison
7. Biden Needs to Respond to Russian Hacking
8. In wake of giant software hacks, defenders & dev teams must fix AppSec
9. Understanding the Results of the Audit of the DoD FY 2020 Financial Statements > Department of Defense Office of Inspector General > DoD OIG Reports
10. The long tail of the SolarWinds breach (Axios)
11. Audit of DoD Actions Taken to Protect DoD Information Network Resulting From the SolarWinds Orion Compromise
12. Mitigating Cloud Supply-chain Risk: Office 365 and Azure Exploited in Massive U.S. Government Hack (CipherCloud)
13. Massive hack of US government launches search for answers as Russia named top suspect
14. FireEye, Microsoft create kill switch for SolarWinds backdoor
15. Russian hack into Treasury, Commerce, DHS raises federal alarms (Axios)
16. After high profile hacks hit federal agencies, CISA demands drastic SolarWinds mitigation (scmedia)

Updated 2021-04-10

1. White House asks for additional $110 million in CISA funding to address cyber threats (CyberScoop)
2. What the Titans of Industry Reveal about SolarWinds Attack (secblvd)
3. White House preps new requirements for industrial control system security - (GCN)
4. Biden Needs to Get Serious About Russian Hacking (Bloomberg)
5. CISA Launches New Threat Detection Dashboard
6. Using Aviary to Analyze Post-Compromise Threat Activity in M365 Environments (CISA)

Updated 2021-04-09

1. Biden FY22 Budget Request Seeks $500M for TMF, $750M ‘Reserve’ for IT Fixes (MeriTalk)
2. Cyber Cases May Offer Clues to SEC ESG Enforcement
3. Renewed Concerns Raised on Agency Cybersecurity
4. Biden budget request calls for major investments in cybersecurity, emerging technologies (hill)
5. The U.S. Government Needs to Overhaul Cybersecurity. Here’s How. (Lawfare)
6. Investors Could Be Concerned With SolarWinds' (NYSE:SWI) Returns On Capital (Simply Wall St News)
7. Releases · cisagov/Sparrow (GitHub)
8. DHS CISA Shares SolarWinds Post (Threat Compromise Activity Tool)
9. The SolarWinds hack timeline: Who knew what, and when?
10. Biden Eyes Russia Retaliation After Meddling, Hacking Review (Bloomberg)
11. Biden weighs retaliation against Russia for SolarWinds, election interference (WKRC)
12. Federal watchdog investigating State Department cybersecurity pr (WENY News)
13. Russia prepares US sanctions due to Alexei Navalny jailing, Solarwinds hack and election meddling (Internewscast)
14. Russia's top diplomat: US policy toward Moscow is 'dumb' (hill)
15. Biden weighs retaliation against Russia for SolarWinds, election interference (KOMO)
16. Top Biden cyber official: SolarWinds breach could turn from spying to destruction 'in a moment' (Democratic Underground)
17. SolarWinds bolsters cybersecurity in wake of hack (Business Insurance)
18. US May Expel Russian Diplomats, Impose New Sanctions: Media - Other Media news (Tasnim News Agency)
19. Biden administration sets the stage for retaliation against Russia over SolarWinds, election interference: report (Business Insider India)
20. Why the U.S. Shouldn’t Play Games With Cyberwarfare as Its Power Declines
21. Lavrov says US policy towards Russia is 'dumb,' ineffective (StarTribune)
22. Russia prepares US sanctions due to Alexei Navalny jailing, Solarwinds hack and election meddling (Daily Mail Online)
23. Top Biden cyber official: SolarWinds breach could turn from spying to destruction 'in a moment'
24. Biden administration sets the stage for retaliation against Russia over SolarWinds, election interference: report
25. Long (Term SolarWinds Investors Who Have Held Their Stock Continuously Since September 2019 Encouraged To Contact Kehoe Law Firm, P.C.)
26. Viewpoint: Preventing the next SolarWinds breach calls for rapid training and education (Baltimore Business Journal)
27. AP sources: SolarWinds hack got emails of top DHS officials

Updated 2021-04-08

1. 4 things you can do to minimize cyberattacks on supply and value chains (Help Net Security)
2. Nation-state cyber attacks could lead to cyber conflict (TechRepublic)
3. Long (Term SolarWinds Investors Who Have Held Their Stock Continuously Since September 2019 Encouraged To Contact Kehoe Law Firm, P.C.)
4. SolarWinds Pingdom vs. RapidSpike vs. SpyCloud Comparison
5. Experts fear that Biden’s cybersecurity executive order will repeat mistakes of the past (CSO Online)
6. The Need for Zero Trust Workload Protection (secblvd)
7. SolarWinds TechPod: Secure by Design (Securing the Supply Chain)
8. After A Major Hack, U.S. Looks To Fix A Cyber 'Blind Spot' (Georgia Public Broadcasting)
9. Should cyberwar be met with physical force? Moral philosophy can help us decide
10. Supply‑chain attacks: When trust goes wrong, try hope? (WeLiveSecurity)
11. Biden Eyes Russia Retaliation for SolarWinds, Election Meddling: Report
12. Senators Press for Details on SolarWinds Hack (Manufacturing Business Technology)
13. Senators press for more on SolarWinds hack after AP report
14. SolarWinds just keeps getting worse: New strain of backdoor malware found in probe (Register)

Updated 2021-04-07

1. Long (Term SolarWinds Investors Who Have Held Their Stock Continuously Since September 2019 Encouraged To Contact Kehoe Law Firm, P.C.)
2. Debate: How Should the US Respond to the SolarWinds Breach? (Russia Matters)
3. Why Didn't Government Detect SolarWinds Attack?
4. Former CISA chief cautions on push for national cyber director - (Defense Systems)
5. Senators seek details on Einstein's performance and limitations - (FCW)
6. Senators press for more details on scope of SolarWinds hack (MarketWatch)
7. Senators press for more on SolarWinds hack after AP report | Govt-and-politics (tulsaworld.com)
8. Senators press for more on SolarWinds hack after AP report
9. The SolarWinds hack timeline: Who knew what, and when? (Reseller News)
10. IG: Cybersecurity Weaknesses Persist in US Energy Dept.
11. Top Homeland Security Senators Want Details on Agencies Hit in SolarWinds, Microsoft Intrusions (Nextgov)
12. Senators want federal government to take accountability for SolarWinds hack (Washington Times)
13. Minority Media | Homeland Security & Governmental Affairs Committee (Homeland Security & Governmental Affairs Committee)
14. The SolarWinds hack timeline: Who knew what, and when? (CSO Online)
15. European Institutions Were Targeted in a Cyber-Attack Last Week (BNN Bloomberg)
16. Examining the SolarWinds/Holiday Bear Hack (Columbia SIPA)
17. Russia Suspected of Stealing Thousands of State Department Emails (Homeland Security Today)

Updated 2021-04-05

1. Supply Chain Hackers Strike Hard at Government Entities
2. President Biden’s new executive order could oblige software vendors to tell Uncle Sam about security breaches (The Daily Swig)
3. Supply chain attacks: what we know about the SolarWinds ‘Sunburst’ exploit, and why it still matters (Check Point Software)
4. Carriers growing increasingly skittish after major cyber incidents (Insurance Business)
5. US government to respond to SolarWinds hackers in weeks - Security (iTnews)
6. White House Weighs New Cybersecurity Approach After Failure to Detect Hacks (nyt)
7. An update on the SolarWinds hack and data breach (CBS News)
8. An update on the SolarWinds hack and data bre... (CBS News)
9. Infamous Solarwinds attack started with just two simple mistakes (ABC News)
10. Biden administration prepares to impose sanctions on Russia over Navalny poisoning and SolarWinds hack (CNNPolitics)
11. Microsoft exec Brad Smith praises FireEye in SolarWinds hack testimony
12. Security Council Reveals Russia behind SolarWinds hack not China (WaZoBia9ja)
13. Veterans Affairs Officials Blow Off Briefing on SolarWinds Hack

Updated 2021-04-04

1. Russian hackers stole thousands of emails from US State Department: Report

Updated 2021-04-03

1. DOE Watchdog Detailed Its Cybersecurity State Amid SolarWinds Hack (Nextgov)
2. After hack, officials draw attention to supply chain threats
3. US looks to keep critical sectors safe from cyberattacks | Election Hq (fox5vegas.com)
4. Hunting the hunters: How Russian hackers targeted US cyber first responders in SolarWinds breach
5. Russian SolarWinds hackers were so ‘sophisticated’ that they even targeted DHS cybersecurity experts (Alternet.org)
6. Broken trust: Lessons from Sunburst (Atlantic Council)
7. SolarWinds supply chain breach threatens government agencies and enterprises worldwide (ScienceDirect)

Updated 2021-04-02

1. More Surveillance Isn’t the Answer to the SolarWinds Hack (EIN Presswire)
2. After hack, officials draw attention to supply chain threats - U.S. (Stripes)
3. Hunting the hunters: How Russian hackers targeted US cyber first responders in SolarWinds breach (CNNPolitics)
4. DHS Secretary Outlines Biden Administration’s Cybersecurity Vision (Infosecurity Magazine)
5. The Cybersecurity 202: DHS head seeks to quickly solve some major cybersecurity problems (wapo)
6. Hunting the hunters: How Russian hackers targeted US cyber first (KAKE)
7. SolarWinds Hackers Accessed US Department of Homeland Security (DHS) officials
8. DHS Secretary Previews Six ‘Sprints’ to Improve Federal Cybersecurity (MeriTalk)
9. Homeland Security Orders Cyber ‘Sprints’ as Part of U.S. Plan Against Hacks
10. SolarWinds Hack Obtained Emails of Top U.S. Department of Homeland Security Officials (FISM TV)
11. Senators Ready to Give NSA More Domestic Power Over SolarWinds Hack (News From Antiwar.com)
12. As SolarWinds Announces More Patches, Analysts Offer Advice
13. DHS Secretary Outlines 60 (Day Cybersecurity Recovery Plan)

Updated 2021-04-01

1. SolarWinds breach severity perception increasing over time (IT Security News)
2. Biden's cyber executive order to include new rules for federal agencies, contractors
3. Analysts expect the worst if Biden doesn't turn his focus toward protecting the grid (WCTI)
4. NSA Director Says More Domestic Surveillance Might Stop Foreign Hacking; Fails To Explain Why NSA Isn't Stopping Much Foreign Hacking (Techdirt)
5. Russian FM says relations with West have 'hit the bottom' :: WRAL.com
6. CISA Orders More Microsoft Exchange Checks in Hunt for Undetected Compromises (MeriTalk)
7. Cyber Daily: After SolarWinds, Lawmakers Want Companies to Come Clean About Hacks (State Department Emails Stolen)
8. SolarWinds Hack Demonstrates Need for Cloud Security
9. SolarWinds Hack Shows Why We Need a National Cyber Director
10. After SolarWinds, Lawmakers Want Companies to Come Clean About Cyberattacks
11. USA to publish detailed analysis of SolarWinds hacking tools
12. SolarWinds breach severity perception increasing over time (Help Net Security)
13. Top DHS Officials’ E-Mails Compromised in SolarWinds Hack, (Saudi Press)
14. cyber.dhs.gov - Emergency Directive 21 (02)
15. Mind the Gap: How the NSA might use SolarWinds campaign to do warrantless spying (Zero Day)
16. Russian hackers have once again been accused of carrying out cyber (attacks on the United States)
17. The Fortune 500 Companies That Want To Be Hacked (The Tennessee Tribune)
18. Blackberry Jarvis
19. Mayorkas pledges to modernize US cyber-defenses after their failure to detect alleged Russian spies (CyberScoop)
20. When do cyber ops constitute "threats to use force?" Continuity in US cyber response. Questions about disclosure rules.
21. U.S. Launches Cyber ‘Sprints’ in the Wake of Nation-State Hacks (Bloomberg)
22. Revelations About Securing Hybrid Cloud Environments Post-SolarWinds (secblvd)
23. SolarWinds Attack Has Growing, Worsening Impact on Cybersecurity Pros
24. Cybersecurity, browser security, SolarWinds (Homeland Security Newswire)
25. SolarWinds hacker sneaks into Trump's top executive email (Texas News Today)
26. SolarWinds surprise: Department of Homeland Security emails leaked?
27. SolarWinds Hackers Obtained Emails of Top US Department of Homeland Security Officials (Cyberintel Magazine)
28. SolarWinds cyberhack gained access to then (acting DHS chief’s emails: Sources – Illinois News Now)
29. The Emails of the Department of Homeland Security exposed 
30. Microsoft Safety Scanner Download - Windows security (Microsoft Docs)
31. Hearing | Hearings (United States Commitee on Armed Services)

Updated 2021-03-31

1. Russians suspected of 'stealing thousands of State Department emails' in latest hack targeting US (Daily Mail Online)
2. SolarWinds Hack Affected Emails Of Homeland Security Leaders (Potomac Officers Club)
3. US to publish details on suspected Russian hacking tools used in SolarWinds espionage
4. Punitive Response to SolarWinds Would Be Misplaced, But Cyber Deterrence Still Matters (Russia Matters)
5. SolarWinds highlights "alarming" cyberattack trend (Insurance Business)
6. Email accounts of DHS members were compromised in the SolarWinds hackSecurity Affairs
7. SolarWinds hacker accessed Homeland Security email (Texas News Today)
8. Russia suspected of stealing thousands of State Department emails
9. Officials say executive order with 'a dozen' actions forthcoming after SolarWinds, Microsoft breaches (hill)
10. Hillicon Valley: Officials say cyber executive order with 'a dozen' actions forthcoming | Epic Games submits Apple complaint to UK watchdog | Facebook's chief revenue officer to leave company (hill)
11. Oklahoma CISO says pandemic accelerated zero (trust implementation)
12. SolarWinds Attack Makes Us Distrust The Software We Buy (NewsOpener)
13. Zero Trust Security Is Essential for Neutralizing Supply Chain Attacks (TechBullion)
14. Expected breach disclosure mandates will test government-industry cooperation - (FCW)
15. News Briefs | (bedfordgazette.com)
16. What Would Happen If States Started Looking at Cyber Operations as a “Threat” to Use Force? (Lawfare)
17. SolarWinds attack makes us distrust the software we buy (TechRepublic)
18. How SolarWinds Is Recovering and Sharing What It Has Learned Over The Last Three Months (My TechDecisions)
19. Atlantic Council: SolarWinds, Microsoft Hacks Reveal ‘Strategic Failure’ (MeriTalk)
20. SolarWinds cyberhack gained access to then-acting DHS chief's emails: Sources (ABC News)
21. Lessons of the SolarWinds hack
22. ZDI-21-373 (Zero Day Initiative)
23. Department of Homeland Security email accounts exposed in SolarWinds hack (Cyber Security Review)
24. AP report: SolarWinds hack obtained emails of top DHS officials (Techzine Europe)
25. SolarWinds Hackers Said to Have Accessed Emails of Top US Security Officials (NewsDeal)
26. Head of Homeland Security had his email hacked in SolarWinds attack (IT PRO)
27. Russian hackers stole thousands of State Department emails, reports claim (The Independent)
28. Companies Must Report Hacks to U.S. Within Days in Draft Order (Bloomberg)
29. SolarWinds hack obtained emails of top U.S. Department of Homeland Security officials: AP (Reuters)
30. Solarwinds, Inc. (NYSE:SWI), (CRWD) - SolarWinds Hackers Breached Homeland Security Officials Emails: Report (Benzinga)

Updated 2021-03-30

1. What We Know (and Don't Know) So Far About the ...
2. SolarWinds Attackers Accessed DHS Emails, Report (tpost)
3. SolarWinds Breach Exposed 'Climate Change' Level of Threat to U.S. Cybersecurity: Experts (The Crime Report)
4. Head of Homeland Security had his email hacked in SolarWinds attack (IT PRO)
5. Putin calls on nations across world to create new ‘legally binding’ global cyberspace treaty, as hack attack row with US escalates — RT Russia & Former Soviet Union
6. NIST Seeks Small Business to Help Develop Cybersecurity Standards (Nextgov)
7. Cybersecurity Needs a New Alert System (WSJ)
8. Unencrypted | What is SolarWinds? Are updates still safe? (THE DEVIL STRIP)
9. NSA Opens Door to Domestic Internet Spying, Privacy Advocates Say
10. SolarWinds Hackers Breached Homeland Security Officials Emails: Report
11. NSA Opens Door to Domestic Internet Spying, Privacy Advocates Say
12. SolarWinds hack: US weighs ‘seen and unseen’ responses to major cyber attack (Hindustan Times)
13. White House Weighs ‘Seen and Unseen’ Responses to Major Hack (Bloomberg)
14. AP sources: SolarWinds hack got emails of top DHS officials | Govt-and-politics (tulsaworld.com)

Updated 2021-03-29

1. In wake of giant software hacks, defenders & dev teams must fix AppSec
2. Associated Press: SolarWinds hack got emails of top DHS officials (KyivPost - Ukraine's Global Voice)
3. 'Small number' of DHS email accounts accessed during SolarWinds breach (FedScoop)
4. CISA Builds Out Defensive Tools for Security Teams
5. Biden faces few great options for SolarWinds, Exchange retaliation (POLITICO)
6. SolarWinds: Who’s to Blame? Going Beyond the Cloud (Credit Union Times)
7. SolarWinds Patches Four New Vulnerabilities in Their Orion Platform
8. Lawmakers Press Biden to Nominate Federal Cybersecurity Leader Now (MSSP Alert)
9. The Lawfare Podcast: The Generals vs. the Armed Services Committee with No Bull (Lawfare)
10. (ISC)2 Survey Finds Cybersecurity Professionals Have Increasing Level of Concern About SolarWinds Incident
11. SolarWinds hack obtained emails of top US Department of Homeland Security officials (AP)
12. US Vows Consequences for Russian Actions
13. AP Sources: SolarWinds Hack Got Emails of Top DHS Officials (NBC10 Philadelphia)
14. AP sources: SolarWinds hack got emails of top DHS officials (StarTribune)
15. Software vendors would have to disclose breaches to US - Security (CRN Australia)
16. NIST SP 800 (172 release couldn’t come at a better time)
17. AP sources: SolarWinds hack got emails of top DHS officials (ConchoValleyHomepage.com)
18. AP sources: SolarWinds hack got emails of top DHS officials (WTMJ)
19. iTWire (SolarWinds speaks out, and software dev can never be the same again)
20. Biden Cyber Director Nominee Delayed Amid Turf Battle (News Talk WBAP-AM)
21. Biden's National Cyber Director Nominee Delayed Amid Turf Battle (Newsmax.com)
22. The cybersecurity problem we should really worry about (hill)

Updated 2021-03-28

1. Opinion (The United States has a major hole in its cyberdefense. Here’s how to fix it. - The Washington Post)
2. Cybersecurity Board Reform Blows Into Place For SolarWinds
3. Boards still aren’t taking cybersecurity seriously, warns new NCSC boss. That means everyone is at risk (Bestgamingpro)
4. Raindrop Loader delivers Cobalt Strike; SolarWinds - AlienVault (Open Threat Exchange)

Updated 2021-03-27

1. Cybersecurity Board Reform Blows Into Place For SolarWinds
2. SolarWinds Orion Update Fixes New Holes (ISSSource)
3. SolarWinds experimenting with new software builds … (Jioforme)
4. SOLARWINDS INVESTIGATION INITIATED by Former Louisiana Attorney General: Kahn Swick & Foti, LLC Investigates the Officers and Directors of SolarWinds Corporation (SWI)
5. White House to Require Software Firms to Disclose Breaches to Government Customers
6. SOLARWINDS INVESTIGATION INITIATED by Former Louisiana Attorney General: Kahn Swick & Foti, LLC Investigates the Officers and Directors of SolarWinds Corporation - SWI (bizwire)
7. SolarWinds Experimenting With New Software Build ...
8. New, critical vulnerability could give attackers access SolarWinds systems (PG-Intel)
9. SolarWinds Orion Platform < 2020.2.5 Multiple Vulnerabilities (Tenable®)
10. SolarWinds hack: the mystery of one of the biggest cyberattacks ever (CyberNews)
11. SolarWinds Experimenting With New Software Build ... (Go Decrypt)
12. Shareholder Alert: Robbins LLP Reminds Shareholders it is Investigating SolarWinds Corporation (SWI) (bizwire)
13. Solarwinds Orion Platform Has New Code Execution Flaws
14. New, critical vulnerability could give attackers access SolarWinds systems
15. New, critical vulnerability discovered that could let attackers gain entry to SolarWinds systems (The Cyber Security News)
16. SolarWinds, cyberattacks (Homeland Security Newswire)
17. Time for cyber teams, not stovepipes: Telos' CEO tells Wall Street - (Washington Technology)
18. Shareholder Alert: Robbins LLP Reminds Shareholders it is Investigating SolarWinds Corporation (SWI)
19. SolarWinds CEO: Here’s What We’re Doing to Prevent Another Attack (SDxCentral)
20. New, critical vulnerability discovered that could let attackers gain entry to SolarWinds systems (TerabitWeb Blog)
21. Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft (Reuters)
22. SolarWinds-Linked Attackers Target Microsoft 365 ... (PG-Intel)
23. Trend data on the SolarWinds Orion compromise

Updated 2021-03-26

1. Mimecast’s Forensic Investigation Found That SolarWinds Hackers Copied Limited Number of Source Code Repositories (CPO Magazine)
2. Solarwinds Orion Platform updates fix two remote code execution issuesSecurity Affairs
3. Agency Dealing With US Nuclear Reserves Hacked In SolarWinds Hack
4. NSA Chief Says Recent Hacks Expose Limits of U.S. Cyber Protections (WSJ)
5. U.S. military launched over 2 dozen cyber operations before 2020 election (Axios)
6. Nakasone Warns Adversaries Hack Unseen In US « Breaking Defense (Defense industry news, analysis and commentary)
7. Senators Offer to Let NSA Hunt Cyber Actors Inside the US (Defense One)
8. Exec Order Could Force Software Vendors to Disclose ...
9. SolarWinds patches critical code execution bug in Orion Platform
10. Biden reportedly planning an executive order on cybersecurity breach notifications (SiliconANGLE)
11. Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft (Reuters)
12. Software vendors would have to disclose breaches to U.S. government users under new order (The Hindu)
13. What Lessons Should We Learn From The Suspected Russian Hack Of SolarWinds And Other U.S. Agencies And Companies?
14. What was so striking to Microsoft’s president about SolarWinds and Exchange Server attacks? (CyberNews)
15. Another serious RCE flaw found on the SolarWinds Orion platform (Jioforme)
16. Another Critical RCE Flaw Discovered in SolarWinds Orion Platform (Times News Express)
17. Another Critical RCE Flaw Discovered in SolarWinds Orion Platform
18. Biden Urged To Name National Cyber Czar Amid Breaches (Law360)
19. Why 2021 Is the Year for Zero Trust Security
20. Senators urge Energy chief to prioritize cybersecurity amid growing threats (hill)
21. General says attacks by foreign hackers are 'clarion call' (StarTribune)
22. Bragar Eagel & Squire is Investigating Certain Officers and Directors of Zoom and SolarWinds Corporation on Behalf of Long (Term Stockholders and Encourages Investors to Contact the Firm)
23. SolarWinds Attack Illustrates Evolving Russian Cyber Tactics
24. Biden executive order would force software vendors to disclose breaches (Seeking Alpha)
25. Fed Breach Disclosure Rule Planned After SolarWinds Hack: Report
26. How the heck did US Intelligence miss SolarWinds AND Microsoft Exchange!? by Nick Espinosa (Security Fanatics)
27. EXCLUSIVE (Software vendors would have to disclose breaches ...)
28. Why the modern CISO should plan for greater Cybersecurity Regulations in the Biden Era (scmedia)
29. NSA director says U.S. has a ‘blind spot’ for detecting attacks like SolarWinds, Microsoft Exchange (The Record by Recorded Future)
30. New “CISO View” Survey on Zero Trust Highlights Credential Theft Trends for New Types of Identities (Odessa American: Business)
31. Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft (Reuters)
32. How an advanced architecture can dramatically mitigate massive data breaches - (GCN)
33. The Cybersecurity 202: NSA director says intelligence has a big blind spot: domestic Internet activity (wapo)
34. Cyber Defense Triad For Where Security Matters | November 2016 (CACM)

Updated 2021-03-25

1. Impatient lawmakers press Biden for cyber director nominee - (FCW)
2. Robert W. Baird Stick to Their Hold Rating for SolarWinds Corporation By Investing.com
3. New Code Execution Flaws In Solarwinds Orion Platform (SecurityWeek.Com)
4. 'Trust no one' becomes cyber mantra after massive hacking attacks (The Japan Times)
5. US Response to SolarWinds Cyber Penetrations: A Good Defense Is the Best Offense (Russia Matters)
6. King: Mandatory breach disclosure bill coming soon - (Defense Systems)
7. ‘Accelerate change or lose’: Applying Gen. Brown’s action orders to cyberspace education and training
8. Where's the accountability for Solarwinds? - (Defense Systems)
9. Swiss Firm Says It Accessed SolarWinds Attackers' Servers
10. The SolarWinds Senate hearing: 5 key takeaways for security admins (CSO Online)

Updated 2021-03-24

1. Acting CISA Director Considers List Of SolarWinds Victims To Be Complete (Potomac Officers Club)
2. Swiss cybersecurity firm says it accessed servers of SolarWinds hacking group (The Bharat Express News)
3. CHIRP Tool to Detect SolarWinds Malicious Activity
4. Discussions About Mandated Cyber Incident Reporting Resurface After Nation-State Hacks (My TechDecisions)
5. NYSE: SWI Investors should contact the Shareholders Foundation in connection with the Lawsuit against SolarWinds Corporation
6. Exchange Server updates. SolarWinds victim list "solidified." AFCEA and Shell disclose third (party breaches. MangaDex down.)
7. Biden ‘Will Cyberattack Putin’ (Because SolarWinds) (secblvd)
8. SolarWinds compromise leaves Senate questioning agency cyber defenses (Utility Dive)
9. SolarWinds Attackers Manipulated OAuth App Certificates
10. Swiss Cyber Security Firm Says It Accessed Servers of a SolarWinds Hacking Group
11. Swiss Cybersecurity Firm says it Accessed Servers of a SolarWinds Hacker

Updated 2021-03-23

1. Mimecast: SolarWinds Attackers Stole Source Code - Micro Focus Community (2864117)
2. House Lawmakers Ask Agencies to Provide More Details on SolarWinds Hack
3. Recent attacks may drive government’s zero trust adoption - (GCN)
4. The ‘Frankencloud’ model is our biggest security risk (TechCrunch)
5. The cybersecurity problem we should really worry about (hill)
6. Swiss firm accesses servers of hacking group linked to SolarWinds breach, Tech News News & Top Stories (The Straits Times)
7. Researchers discover threat actors with links to SolarWinds hack (IT PRO)
8. Swiss firm says it has accessed servers of a SolarWinds hacker that attacked 4,700 targets, Tech News News & Top Stories (The Straits Times)
9. US plans 'aggressive' cyber offensive against Russia in retaliation for SolarWinds attack
10. SilverFish: Swiss researchers identify threat actor with links to SolarWinds hack
11. US government calls for better information sharing in wake of SolarWinds, Exchange attacks (CSO Online)
12. CISA head: Group of SolarWinds victims is 'solidified' - (FCW)
13. Does Microsoft share blame for the SolarWinds hack? (Computerworld)
14. Three Vulnerabilities Exposed During SolarWinds Attack & How It Could Have Been Prevented (CPO Magazine)

Updated 2021-03-22

1. SolarWinds remains 'rare story in software,' says Jefferies SWI (The Fly)
2. CISA releases CHIRP, a tool to detect SolarWinds malicious activity (TerabitWeb Blog)
3. CISA releases CHIRP, a tool to detect SolarWinds malicious activitySecurity Affairs
4. Government Monitoring Won't Stop the Next SolarWinds Campaign, Experts Say (Zero Day)
5. New malware uncovered by experts examining SolarWinds strike Blog (Galaxkey)

Updated 2021-03-21

1. Swiss Firm Says It Has Accessed Servers of a SolarWinds Hacker
2. Biden under growing pressure to nominate cyber czar (hill)
3. Using CHIRP to Detect Post-Compromise Threat Activity in On-Premises Environments (CISA)
4. SolarWinds explainer

Updated 2021-03-20

1. What SolarWinds Taught Us About Third Party Risk Management (SANS Institute)
2. Swiss Cybersecurity Firm Reveals Vital Details of Solarwinds Hackers (KoDDoS Blog)
3. Did you get burned by the SolarWinds attack?US Releases Tools for Post-Infringement Detection (Texas News Today)
4. [Security Weekly] Mimecast Source Code Stolen by Hackers Exploiting SolarWinds Sunburst Backdoor (Penta Security Systems Inc.)
5. The Cybersecurity 202: Wyden calls for 'time out' in government cybersecurity contracting (wapo)
6. DHS CISA Shares Incident Response Tool for On (Prem Threat Activity)
7. U.S. cyber agency releases tool to help SolarWinds Orion defenders (IT World Canada News)
8. Swiss Firm Says It Has Accessed Servers of a SolarWinds Hacker (Bloomberg)
9. SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests (Cyber Security Review)
10. Solarwinds Orion Attack
11. Here's what Chinese and Russian hackers are doing in Americans' emails
12. Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool (CISA)
13. CISA Releases New Tool To Scan For SolarWinds Compromise Activity (My TechDecisions)
14. Agency hacks could accelerate push to zero trust security model - (FCW)
15. White House reviewing National Cyber Director role as Congress presses for governmentwide leadership (FRN)
16. Interview: Sai Venkataraman, Co-Founder and CEO, SecurityAdvisor (Infosecurity Magazine)
17. GitHub (cisagov/CHIRP: A forensic collection tool written in Python.)
18. Burnt by SolarWinds attack? US releases tool for post-compromise detection (ZDNet)
19. Congress gives four agencies 10 days to report on SolarWinds damage (FRN)
20. SolarWinds (Linked Attackers Target Microsoft 365 ...)
21. SolarWinds compromise leaves Senate questioning agency cyber defenses (Cybersecurity Dive)

Updated 2021-03-19

1. Solarwinds stock forecast
2. Senator Hassan Presses Top Administration Officials on Strengthening Cybersecurity Across All Levels of Government Following SolarWinds & Microsoft Exchange Breaches (U.S. Senator Maggie Hassan of New Hampshire)
3. ‎The Lawfare Podcast: Dmitri Alperovitch on SolarWinds and Microsoft Exchange on Apple Podcasts
4. Senate Security Leaders Eye FISMA Revamp, SolarWinds Accountability
5. SilverFish Group Threat Actor Report
6. Why the SolarWinds Attack Easily Slipped by All EDR/EPP Solutions (secblvd)
7. iTWire (Ohio senator lashes govt over accountability for SolarWinds attack)
8. House Energy Committee Requests SolarWinds Update from Agencies
9. TTP Table for Detecting APT Activity Related to SolarWinds and Active Directory/M365 Compromise (Homeland Security Today)
10. Feds aren't well prepared to spot SolarWinds-style hacks at agencies, CISA official says (CyberScoop)

Updated 2021-03-18

1. SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests (ZDNet)
2. SolarWinds hackers gain access to Mimecast production grid environment (PG-Intel)
3. SolarWinds hackers stole source code from email security firm Mimecast
4. Has Your Organization Been Breached By Solar Winds Malware?
5. Bipartisan lawmakers push Biden's Cabinet for answers on fallout from SolarWinds hack (Washington Times)
6. Mimecast's source code stolen in SolarWinds breach
7. Mimecast releases report on SolarWinds security incident investigation | 2021-03-18 (Security Magazine)
8. US advised not to criticize Russian & Chinese cyberattacks given its history of doing the same
9. NSA, Homeland Security Push Service to Mitigate Cyber-Attacks (Bloomberg)
10. HAGENS BERMAN, NATIONAL TRIAL ATTORNEYS, Invites SolarWinds (SWI) Investors with Significant Losses to Contact Firm Before March 5, 2021 Deadline, SEC Investigating Company
11. SolarWinds hackers stole Mimecast source code
12. Source code for Mimecast stolen for SolarWinds breach (Texas News Today)
13. SolarWinds attackers stole Mimecast source code (IT Security Guru)
14. SecurityScorecard snags $180M Series E to measure a company’s security risk (TechCrunch)
15. "The SolarWinds Hack - What we know & what to look for next" -- An MTUG Webinar - Mar 18, 2021 - LA Metropolitan Chamber of Commerce | Lewiston, ME - LA Metropolitan Chamber of Commerce (Lewiston, ME)
16. The Cybersecurity 202: Senate panel delves into SolarWinds hack (wapo)
17. Mimecast reveals source code theft in SolarWinds hack (ZDNet)
18. Patch Management in the Post-SolarWinds Era (secblvd)
19. The Case for 'Zero Trust' Approach After SolarWinds Attack
20. Fed CISO DeRusha Calls New Funding ‘Down Payment’ on Security Improvements (MeriTalk)
21. Senators press for federal agency accountability over SolarWinds - (FCW)
22. Can the Biden Administration Get Russia Policy Right? (Russia Matters)
23. Mimecast Says SolarWinds Hackers Stole Source Code (SecurityWeek.Com)
24. Mimecast dumps SolarWinds after hackers breached its network (The Cyber Security News)
25. Mimecast Discovers That Solarwinds Hackers Stole Some of Their Source Code (TheDigitalHacker)
26. Mimecast dumps SolarWinds after hackers breached its network (IT PRO)
27. Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code
28. SolarWinds hackers gain access to Mimecast production grid environment
29. Mimecast Says SolarWinds Attackers Accessed its ...
30. SolarWinds Attackers Accessed Mimecast Source Code (Decipher)
31. Mimecast confirms hackers behind SolarWinds supply chain attack accessed limited amount of customer information (The Daily Swig)
32. Mimecast: SolarWinds Attackers Stole Source Code (tpost)
33. Mimecast Update: SolarWinds Hackers Stole Source Code
34. Mimecast Ax SolarWinds Orion for Cisco NetFlow After Hack - CRN (OLTNEWS)
35. Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code
36. SolarWinds hackers stole some of Mimecast source code (RedPacket Security)
37. Russia's Efforts At Information Warfare Against The West Continue : NPR
38. Lawmakers press federal agencies on scope of SolarWinds attack (hill)
39. Hearings to examine the SolarWinds supply chain attack, focusing on the Federal perspective. | Congress.gov (Library of Congress)
40. Suspected Chinese hackers used SolarWinds bug to spy on US payroll agency (sources)
41. Bipartisan Group of Lawmakers Request Information on SolarWinds Cyber Attack (Democrats, Energy and Commerce Committee)
42. Why America will never be safe from cyberattacks
43. Officials urge Biden to appoint cyber leaders after SolarWinds, Microsoft hacks (hill)

Updated 2021-03-17

1. New York Regulator Issues Cyber Insurance Guidelines (Newmeyer Dillion - JDSupra)
2. What 2020 taught us about the need for deception technology (scmedia)
3. Russia's Efforts At Information Warfare Against The West Continue : NPR
4. Mayorkas Addresses Cyber Hacks at House Hearing (MeriTalk)
5. Mimecast dumps SolarWinds Orion for Cisco NetFlow after hack - Software (CRN Australia)
6. House lawmakers seek answers on SolarWinds from agency chiefs - (FCW)
7. For US cyber defense, helpful hackers are only half the battle (hill)
8. Mimecast Axes SolarWinds Orion For Cisco NetFlow After Hack

Updated 2021-03-16

1. Security Vendors Understate Risks in Senate Hearing on SolarWinds
2. 3 ways agencies can restore cybersecurity trust - (GCN)
3. Microsoft could be set for a US government windfall (TechRadar)
4. White House considers cybersecurity ratings to boost visibility - (GCN)
5. SolarWinds Attacks Recovery Effort Could Take U.S. Government 18 Months

Updated 2021-03-15

1. Exchange Hacks: How Will the Biden Administration Respond?
2. US Should Create New 3-Pronged Approach To Cybersecurity (Law360)
3. Top SolarWinds Alternatives (eSecurityPlanet)
4. The Obama administration had a plan to stop cyberattacks like SolarWinds—and blew it.
5. Biden Administration to Respond to SolarWinds Hackers in Weeks, Not Months
6. Michael Dell: Public Cloud Isn’t More Secure Than On (Premise)
7. Cybersecurity Officials Call for Network Visibility, Software Assurance After Russian Hack (FedTech Magazine)
8. SolarWinds Attacks Recovery Effort Could Take U.S. Government 18 Months (secblvd)
9. Microsoft Pitches Cybersecurity To U.S., (Campaigns & Elections)
10. The US must adopt Software Bill of Materials to thwart cyberattacks (hill)
11. Capitol Hill angry over Microsoft’s security upcharge (POLITICO)
12. US government to respond to SolarWinds hackers in weeks
13. Google, Microsoft Feud Over Antitrust, Hacking Issues (Silicon UK)

Updated 2021-03-14

1. "In Weeks, Not Months," Will the US Government Respond to Solarwinds Hackers Said a Senior Official (TheDigitalHacker)
2. SolarWinds, SUNBURST, and supply chain security.
3. U.S. government to respond to SolarWinds hackers in weeks: Senior Official (.:: CHASLES CORP. ::.)
4. SolarWinds and Microsoft hacks spark debate over western retaliation (World News Curatory)
5. Why ‘blaming the intern’ won’t save startups from cybersecurity liability – TechCrunch (Bestgamingpro)
6. US moves closer to retaliation over hacking as cyber woes grow | World (Malay Mail)
7. U.S. government to respond to SolarWinds hackers in weeks: senior official — Agenparl
8. U.S. government to respond to SolarWinds hackers in weeks: senior official | Article [AMP] (Reuters)

Updated 2021-03-13

1. Why ‘blaming the intern’ won’t save startups from cybersecurity liability (TechCrunch)
2. Despite hacks, Biden admin not planning to step up government surveillance (Hindustan Times)
3. US government to respond to SolarWinds hackers in weeks: Senior official (CNA)
4. SolarWinds NYC Carpenters Complaint (DocumentCloud)
5. US moves closer to retaliation over hacking as cyber woes grow
6. Despite hacks, US not seeking widened domestic surveillance (FRN)
7. SolarWinds Case 1:21-cv-00002-RP -- Motion to Consolidate Class Actions (DocumentCloud)
8. Cisco Talos Intelligence Group (Comprehensive Threat Intelligence: Talos Takes Ep. #44: A roundtable discussion on SolarWinds)
9. SolarWinds lawsuits merge as stockholders begin documenting financial losses (TerabitWeb Blog)
10. U.S. government to respond to SolarWinds hackers in weeks: senior official (Reuters)
11. US to Respond to SolarWinds Hackers in Weeks: Senior Official (KMJ-AF1)
12. SolarWinds stockholders begin documenting financial losses
13. Biden administration mulls software security grades after SolarWinds
14. Post-SolarWinds, IT departments increase vendor scrutiny (CIO Dive)
15. SolarWinds Investors Get Lead Plaintiff in Server Hack Risk Case
16. Biden administration to respond in weeks to SolarWinds hackers-senior official (The Star Phoenix)
17. (190) Roundtable: What we've learned (and what we still don't know) about SolarWinds (YouTube)
18. SolarWinds Case 1:21-cv-00138-RP Order to consolidate class actions (DocumentCloud)
19. Microsoft: SolarWinds hack was 'largest and most sophisticated attack' ever: Microsoft president Brad Smith, Telecom News, ET Telecom

Updated 2021-03-12

1. How Should the U.S. Respond to the SolarWinds and Microsoft Exchange Hacks?  (Lawfare)
2. U.S. government to respond to SolarWinds hackers in weeks: senior official
3. Retaliation Options: US Cyber Responses To SolarWinds, Exchange Hacks « Breaking Defense (Defense industry news, analysis and commentary)
4. Biden administration to respond in weeks to SolarWinds hackers-senior official | The Mighty 790 KFGO (KFGO)
5. The Cybersecurity 202: Democrats' new infrastructure bill highlights cybersecurity concerns (wapo)
6. Our ongoing commitment to supporting journalism
7. Google accuses Microsoft of using 'naked corporate opportunism' to distract from SolarWinds hack (Windows Central)
8. Here's What To Make Of SolarWinds' (NYSE:SWI) Returns On Capital
9. There’s a vexing mystery surrounding the 0-day attacks on Exchange servers (ars)
10. SolarWinds and Microsoft hacks spark debate over western retaliation
11. Microsoft Probing Whether Leak Played Role in Suspected Chinese Hack (WSJ)
12. SolarWinds (NYSE:SWI) Takes On Some Risk With Its Use Of Debt (Simply Wall St News)
13. Amundi expects no U.S. sanctions on Russia sovereign debt (Reuters)
14. Why 'Layered Security' Should Be Your New Mantra
15. SolarWinds CEO blames intern for cyber attack (Lexology)
16. Evolving Cybersecurity Takes More Than Money
17. SolarWinds Co. (NYSE:SWI) Receives Consensus Rating of "Hold" from Brokerages (MarketBeat)
18. Marco to Hold Webinar on SolarWinds Orion Attack
19. Windows Exchange, Senate's SolarWinds Hack Hearing & NSA’s Zero Trust Recommendations (TFiR: Interviews, News & Analysis by Swapnil Bhartiya)
20. SolarWinds data breach was warning sign to FINRA, cybersecurity chief says | Secondary Sources | National (Westlaw Today)
21. The Impact of the SolarWinds Breach on Cybersecurity
22. Windows Exchange, Senate SolarWinds Hack Hearing & NSA’s Zero Trust Recommendations by TFIR: Open Source & Emerging Technologies (Free Listening on SoundCloud)
23. There is Still More to SolarWinds Attack (Cyware Alerts - Hacker News)
24. Why embedded devices are the dangerous blind spot in the SolarWinds attack  (hill)
25. SolarWinds attack and Executive Order on America's Supply Chain illuminate gaps in supply chain risk management, spur innovative solutions by Fortress Information Security
26. Opinion: A 'Cyber Pearl Harbor' Looms for America Amid Widespread Digital Complacency (Times of San Diego)
27. Relief Package Includes Less for Cybersecurity
28. Hacked Firms Face ‘Frankenstein’ of State (Based Cyber Notification Laws)
29. After SolarWinds, Companies Turn to Insurers, Not Feds, for Protection

Updated 2021-03-11

1. SolarWinds And Microsoft Exchange Attacks: Lay Down The Cyber Law
2. Be on the Lookout: Impact of SolarWinds Orion Compromise on
3. What the Quad Must Learn From the SolarWinds Hack (The National Interest)
4. Patching, with special attention to Hafnium and the rest. Responding to the SolarWinds incident. Hactivists don’t like cameras. Dragnet in the Low Countries.
5. Gary Davis on Twitter: "Lawmakers blame #SolarWinds hack on ‘collective failure’ to prioritize #cybersecurity https://t.co/IIXbsitaBr" / Twitter
6. White House Cyber Group Discusses How to Stop Another SolarWinds
7. The SolarWinds Cyber-Attack – The Devastation and Wreckage (Michael Volkov - JDSupra)
8. FireEye CEO: Reckless Microsoft hack unusual for China | (leadertelegram.com)
9. Russian hack targeting US government places SolarWinds financial model in the cross hairs (KPIC)
10. FireEye CEO: Reckless Microsoft hack odd for China
11. PodcastOne: In the wake of the SolarWinds breach, lawmakers turned to industry for recommendations
12. Nevada CIO says state’s IT is 8 years behind others’ (StateScoop)
13. Cyber Command: ‘No evidence’ that SolarWinds attackers compromised DoD networks (The Record by Recorded Future)
14. Chinese hackers presumably behind SolarWinds hack new evidence revealed (Secure Blink)
15. Security researchers discover Supernova web shell activity linked to Chinese hackers | 2021-03-10 (Security Magazine)
16. Congress's latest hacking investigation should model its most recent (hill)
17. Bill Would Eliminate Immunity for Foreign Hackers (Nextgov)
18. Lawmakers blame SolarWinds hack on 'collective failure' to prioritize cybersecurity
19. Microsoft: SolarWinds hackers studied Microsoft source code for authentication and email, Telecom News, ET Telecom

Updated 2021-03-10

1. Chinese threat actor exploited SolarWinds vulnerability. Second (stage backdoor possibly linked to SolarWinds compromise. Dependency confusion updates.)
2. Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise (CISA)
3. DHS CISA Shares Remediation, Risk Guidance for SolarWinds Compromise
4. US 'planning all (out cyberwar on Russia in retaliation for SolarWinds hack' and may take action in next three weeks)
5. Kremlin and other Russian official websites down; experts doubt US involvement, World News (wionews.com)
6. SolarWinds Unlikely to Be an Isolated Event as Attackers Become More Sophisticated (Infosecurity Magazine)
7. Chinese suspected of two attacks on internet (facing SolarWinds server)
8. CISA: ‘Identity is everything’ for cyber defense post-SolarWinds (FRN)
9. NCP (National Checklist Program Repository)
10. The SolarWinds Hack Hits Home (DevPro Journal)
11. Why the SolarWinds Hack Is a Wake-Up Call (CoFR)
12. FireEye and Microsoft Uncover More Malware Strains Used in SolarWinds Hack (Toolbox Security)
13. Air Force Only Service to Develop Cybersecurity Requirements for Weapon Systems Contracts, GAO Says (Nextgov)
14. SolarWinds Aftermath Threat Hunting Survey Yields Mixed News
15. ‎World Wide Technology (TEC37: 26. Security – Would Zero Trust Have Prevented the SolarWinds Breach? on Apple Podcasts)
16. SolarWinds, cyberattacks (Homeland Security Newswire)
17. Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
18. Guidance on Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise (CISA)
19. Researchers Describe a Second, Separate SolarWinds Attack
20. Bill Would Allow Americans to Sue Foreign Hackers
21. Microsoft: SolarWinds, Microsoft, FireEye, CrowdStrike defend actions in major hack: U.S. Senate hearing, Telecom News, ET Telecom
22. SolarWinds: 9 federal agencies and about 100 companies hit by SolarWinds hack: The White House, Telecom News, ET Telecom

Updated 2021-03-09

1. The SolarWinds Hack Gets Worse, But Offers A Tiny Bit Of Amusement (PC Perspective)
2. Was SolarWinds a Different Type of Cyber Espionage? (Lawfare)
3. Russia Warns Against U.S. Retaliation for SolarWinds Amid Fears of Cyberwar | World Report (US News)
4. More clues appear to link Supernova web shell activity to Chinese hackers (TechRadar)
5. Registration
6. NYSE: SWI Shareholder Notice: Lawsuit against SolarWinds Corporation Announced by Shareholders Foundation | 2021-03-09 | Press Releases (Stockhouse)
7. New survey examines the impact of SolarWinds breach on cybersecurity | 2021-03-08 (Security Magazine)
8. Episode 124: Solarwinds recap (Cyber24)
9. Biden challenged by early cyber threats (hill)
10. Kremlin: Report On Planned U.S. Cyberstrikes On Russia 'Alarming'
11. How the SolarWinds attack may affect your organization's cybersecurity (TechRepublic)
12. Kremlin calls NYT report on planned U.S. cyberstrikes on Russia 'alarming' (Reuters)
13. Beazley on the implications of the Solar Winds hacking incident (Insurance Business)
14. US plans mix of 'seen and unseen' actions against Russia over SolarWinds attacks
15. SolarWinds Sunburst backdoor supply chain attack: Why it still matters | Security (ITP.net)
16. SolarWinds Hack (CEPA)
17. Understanding Third (Party Hacks, Learning from SolarWinds Hack)
18. Security Policies Do Matter, but Really Only So Much
19. SolarWinds attack and Executive Order on America's Supply Chain illuminate gaps in supply chain risk management, spur innovative solutions by Fortress Information Security
20. [Update] SolarWinds Hack Finds Possible Link to China, Say Researchers-- Supernova Malware Detected (Tech Times)
21. More clues appear to link Supernova web shell activity to Chinese hackers (TechRadar)
22. Hackers hiding Supernova malware in SolarWinds Orion linked to China
23. Chinese hackers targeted SolarWinds customers in parallel with Russian op (ars)
24. Microsoft: Microsoft failed to shore up defenses that could have limited SolarWinds hack (U.S. senator, Telecom News, ET Telecom)
25. China (linked hackers exploited SolarWinds software in 2020 breach, researchers say)
26. The SolarWinds attack and best practices for code (signing)
27. What to Do About Cybersecurity (Law, Policy -- and IT?)
28. Is it time to adopt an ‘assumed breach’ cyber policy? (BIC Magazine)
29. Latest target for hackers: A popular file-transfer program (WRAL TechWire)
30. Biden Plans Cyber Attacks Against Russia For SolarWinds Hack, Ignores Chinese Involvement (National File)
31. U.S. cyberattacks against Russia may be underway in reprisal for SolarWinds hack, experts say (Just The News)
32. Will the US Government Recognize SolarWinds as a Cyber Inflection Point? (Data Core Systems)
33. ‘Retaliation’ for Russia's SolarWinds Spying Isn't the Answer (WIRED)
34. US plans 'a mix of actions' against Russia over SolarWinds cyberattack (Engadget - News WWC)
35. Hacked Companies Caught in Maze of Notification Requirements
36. Proposal Would Let Foreign Gov'ts Be Sued For Cyberattacks (Law360)
37. Gen. Paul Nakasone on CYBERCOM’s Response to SolarWinds Breach, ‘Defend Forward’ Concept
38. New Cyber Insurance Risk Framework Provides Best Practices for the Insurance Industry (Bradley Arant Boult Cummings LLP - JDSupra)
39. EXCLUSIVE: I am Groot - POLITICO: one-on (wine with lead house cyber chair)
40. Hearings On The SolarWinds Hack And Possible Policy Responses (MarketScreener)
41. Casting a wide intrusion net: Dozens burned with single hack | (leadertelegram.com)
42. White House juggling response to Microsoft, SolarWinds hacks
43. Hearings On The SolarWinds Hack And Possible Policy Responses - Technology (United States)
44. Microsoft adopted ‘aggressive’ strategy for sharing SolarWinds Attack intel (Urgent Comms)
45. Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks (ZDNet)
46. Preparing for Retaliation Against Russia, U.S. Confronts Hacking by China (nyt)
47. CISA demands US govt agencies to update SolarWinds Orion softwareSecurity Affairs
48. SolarWinds Attack Could Have Been Much Worse, Former NSA Chief Says | National News (US News)

Updated 2021-03-08

1. Security report: Lessons learned investigating the SUNBURST software supply chain attack (ITWeb)
2. Cybersecurity in 2021: Stopping the madness (CSO Online)
3. Researchers Identify More Malware Used By SolarWinds Hack Group
4. Server Management Software Market Segmentation 2021, by Key Players: Datadog, SolarWinds MSP, ManageEngine, Microsoft, BMC Software, Central Solutions etc. (Breakout Live)
5. Security report: Lessons learned investigating the SUNBURST software supply chain attack (ITWeb)
6. GoldMax, GoldFinder, and Sibot, are the 3 new Malwares Used by SolarWinds Hackers (IT Security News)
7. Shareholder Alert: Pawar Law Group Announces A Securities Class Action Lawsuit Against Solarwinds Corporation (SWI)
8. SolarWinds Password Fail, Chinese Hacking Exchange, Google to stop Tracking Cookies
9. Did You Acquire SolarWinds (SWI) Before October 18, 2018? Should Management be Held Accountable for Investors Losses? Contact Johnson Fistel (NeighborWebSJ)

Updated 2021-03-07

1. Microsoft: We’ve found three more pieces of malware used by the SolarWinds attackers (Bestgamingpro)
2. Casting a wide intrusion net: Dozens burned with single hack (StarTribune)
3. Casting a wide intrusion net: Dozens burned with single hack
4. SolarWinds : Did You Acquire SolarWinds (SWI) Before October 18, 2018? Should Management be Held Accountable for Investors Losses? Contact Johnson Fistel (MarketScreener)
6. Did You Acquire SolarWinds (SWI) Before October 18, 2018? Should Management Be Held Accountable For Investors Losses? Contact Johnson Fistel SWI
7. Did you acquire SolarWinds (SWI) before October 18, 2018? Should management be held responsible for investor losses? Contact Johnson Fistel (OLTNEWS)
8. DIB Take Note: SolarWinds Hack and DHS CISA Emergency Directive on Cyber Vulnerabilities Point to the Need to be Prepared for APTs (Stinson - Government Contracting Matters - JDSupra)
9. Microsoft: We've found three more pieces of malware used by the SolarWinds attackers (ZDNet - PressboltNews)
10. Microsoft Adopted an 'Aggressive' Strategy for Sharing SolarWinds Attack Intel (News AKMI)
11. China’s and Russia’s spying sprees will take years to unpack (ars)
12. Microsoft Reveals 3 New Malware Variants Relating to SolarWinds Cyberattack
13. GoldMax, GoldFinder, and Sibot, 3 new malware used by SolarWinds attackers (IT Security News)
14. Second (stage backdoor possibly linked to Solorigate campaign. Hafnium exploits Exchange Server vulnerabilities.)
15. This Week In SolarWinds, with a key unexpected lesson (The Business of Tech)

Updated 2021-03-06

1. SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis (Cybersecurity Insiders)
2. Did You Acquire SolarWinds (SWI) Before October 18, 2018? Should Management be Held Accountable for Investors Losses? Contact Johnson Fistel
3. U.S. Weapons Programs Lack 'Key' Cybersecurity Measures (tpost)
4. Second (stage backdoor in SolarWinds compromise victim. Exchange Server exploitation. RedEcho as staging. Leaky clouds.)
5. SWI DEADLINE ALERT: ROSEN, TOP RANKED IVNESTOR COUNSEL, Encourages SolarWinds Corporation Investors with Large Losses to Secure Counsel Before Important Deadline Today in Securities Class Action (SWI)
6. SolarWinds Orion Security Breach: Cyberattack Timeline and Hacking Incident Details (ChannelE2E)
7. Microsoft shares details on three new malware strains used in SolarWinds hack
8. Researchers Find 3 New Malware Strains Used by SolarWinds Hackers (WP Guy News)
9. CMMC Project Update: Rule Comments and the Impending Split (ClearanceJobs)
10. Protect, Detect, and Respond to Supply Chain Cyber Attacks (e.g. Solarwinds) Using Splunk Enterprise Managed Security Services - (Redmondmag.com)
11. The Klein Law Firm Reminds Investors of Class Actions on Behalf of Shareholders of SWI, VLDR and REGI
12. Three New Malware Strains Linked to SolarWinds Hackers (TerabitWeb Blog)
13. SolarWinds: "IT's Pearl Harbor." (InsiderPro)
14. Researchers Find 3 New Malware Strains Used by SolarWinds Hackers
15. Microsoft Adopted an 'Aggressive' Strategy for ...
16. Microsoft discovers more malware used by SolarWinds attacker while FireEye finds new backdoor (IT World Canada News)
17. Microsoft Drops 'Solorigate' for 'Nobelium' in Ongoing SolarWinds Attack Investigations - (Redmondmag.com)
18. Atense Says Its Computer Vaccine Will Prevent Future “SolarWinds” Hacking Events - Press Release (Digital Journal)
19. Lawsuits Filed Against SWI, XOM and ATNX (Jakubowitz Law Pursues Shareholders Claims)
20. Microsoft reveals GoldMax, Sibot and GoldFinder new malware strains used by SolarWinds hackers (Cyber Security Review)
21. FINAL DEADLINE TOMORROW: The Schall Law Firm Announces the Filing of a Class Action Lawsuit Against SolarWinds Corporation and Encourages Investors with Losses to Contact the Firm
22. Cyber Attacks: Tech’s natural disasters (Gadget)
23. SolarWinds Hackers Hit Qualys, Other Cybersecurity Vendors (SDxCentral)
24. Who Broke SolarWind with Mat and Mike - S3E8 | The Cyber Tap | Podcasts on Audible (Audible.com)

Updated 2021-03-05

1. The Cybersecurity 202: Companies are doing a terrible job of reporting cybersecurity risks to investors, a new study says (wapo)
2. Risky business: 3 timeless approaches to reduce security risk in 2021 (Help Net Security)
3. It’s Time for a Cybersecurity Quid Pro Quo (Nextgov)
4. Microsoft Corporation (NASDAQ:MSFT), Solarwinds, Inc. (NYSE:SWI) - Microsoft's Emergency Security Patch After Cyber Attack Attracts White House Monitoring: Reuters (Benzinga)
5. SWI ALERT: The Klein Law Firm Announces a Lead Plaintiff Deadline of March 5, 2021 in the Class Action Filed on Behalf of SolarWinds Corporation Limited Shareholders
6. After SolarWinds breach, White House preps executive order on software security (CyberScoop)
7. CYBERCOM Plays ‘Key Role’ As SolarWinds Unfolds: Gen. Nakasone « Breaking Defense (Defense industry news, analysis and commentary)
8. SWI FILING DEADLINE TOMORROW: Bernstein Liebhard LLP Reminds Investors of the Deadline to File a Lead Plaintiff Motion in a Securities Class Action Lawsuit Against SolarWinds Corporation
9. DIB Take Note: SolarWinds Hack and DHS CISA Emergency Directive on Cyber Vulnerabilities Point to the Need to be Prepared for APTs (Lexology)
10. SWI Deadline: Bronstein, Gewirtz & Grossman, LLC Reminds SolarWinds Corporation Shareholders of Class Action and Lead Plaintiff Deadline: March 5, 2021
11. Microsoft: We've found three more pieces of malware used by the SolarWinds attackers (ZDNet)
12. SolarWinds Deadline Alert
13. Microsoft, FireEye Uncover More Malware Used in the ...
14. What’s the message about Cloud Contracts since AWS declined to testify to the Senate about SolarWinds? | Blogs | Internet, IT & e-Discovery Blog (Foley & Lardner LLP)
15. Lessons from the SolarWinds Breach (BeyondTrust)
16. Biden makes cybersecurity ‘top priority’ in national security guidance (FRN)
17. SolarWinds : Announcing ‘Cyber Insurance Risk Framework,' NY DFS Joins OFAC In Discouraging Carriers From Making Ransomware Payments (MarketScreener)
18. Citigroup Begins Coverage on SolarWinds (NYSE:SWI) (MarketBeat)
19. China’s and Russia’s Spying Sprees Will Take Years to Unpack (WIRED)
20. The March IronNet Threat Intelligence Brief (secblvd)
21. Researchers Disclose More Malware Used in SolarWinds Attack
22. SolarWinds hack a wake-up call to the tech sector (GZERO Media)
23. Lesson From SolarWinds Attack: It's Time to Beef Up IAM
24. SolarWinds blames at least some of its poor cybersecurity on an intern and a bad password.
25. Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers (tpost)
26. Congressional Hearings on SolarWinds Hack
27. The danger in calling the SolarWinds breach an ‘act of war’
28. SolarWinds Hack Potentially Linked to Turla APT (tpost)

Updated 2021-03-04

1. New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452 (fireeye)
2. Is Solarwinds safe? - General Software Forum (Spiceworks)
3. DEADLINE ALERT for SWI, QS, TCDA: Law Offices of Howard G. Smith Reminds Investors of Class Actions on Behalf of Shareholders
4. SolarWinds Incident May Bring Data Breach Notification Rules
5. SolarWinds Senate Hearing: Moving Forward It’s All About Zero Trust
6. Still more questions than answers on SolarWinds attack - (Defense Systems)
7. Blinken vows renewed focus on emerging tech after hack (hill)
8. Microsoft opens CodeQL queries to public after SolarWinds hack
9. CISA Official Calls for Update of Identity Management Guidance in Wake of SolarWinds Compromise (Nextgov)
10. SolarWinds Senate Hearing: Moving Forward It’s All About Zero Trust (secblvd)
11. How SolarWinds Busted Up Our Assumptions About Code ...
12. What happened at SolarWinds? - sunburst in action! (Stinet)
13. Best practices for Securing Office 365 against pervasive cloud collaboration risks (secblvd)
14. SolarWinds Says SEC, DOJ, State AGs Probing Cyberhack (Law360)
15. A Briefing on the SolarWinds Threat (ACT-IAC)
16. Cybersecurity Journalist says SolarWinds Hack is a “Harbinger” of Threats to Come — Fraud Conference News
17. SolarWinds attack – What is Known and How to Stay Protected (Check Point Software)

Updated 2021-03-03

1. SolarWinds CEO Blames Intern for GitHub Password Fiasco (Toolbox Security)
2. Microsoft: SolarWinds Attack Highlights Growing Sophistication of Nation-State Actors (Infosecurity Magazine)
3. Okta CEO: After SolarWinds hack, leaders must think about 4 points
4. CLASS ACTION UPDATE for SWI, JFU and CLOV: Levi & Korsinsky, LLP Reminds Investors of Class Actions on Behalf of Shareholders
5. Cloud Vs On (premise Debate Flares Up In The Wake Of Solarwinds Attack)
6. SolarWinds Hacking Damage Could Take up to 18 Months to Recover (Tech Times)
7. FBI Director Suggests Multi-Pronged Response to SolarWinds Hack (News Talk WBAP-AM)
8. Will the SolarWinds hack make us tighten security in the tech industry?
9. Cybersecurity and IT top GAO’s High Risk List, yet again
10. SolarWinds executives blame intern for leaked password (Cloud7 News)
11. SolarWinds Says It’s Cooperating with Probes by SEC, Justice (Bloomberg)
12. SolarWinds Attack Prompts Calls for Companies to Disclose Hacks (Bloomberg)
13. Recovering from the SolarWinds hack could take 18 months (Worldwide Tweets)
14. How to prevent data leaks
15. SolarWinds Says It’s Cooperating with Probes by SEC, Justice
16. U.S. Matches EU, U.K. Sanctions on Russia for Navalny Attack (Bloomberg)
17. SolarWinds blaming intern is symptom of "security failures"
18. The Gross Law Firm Announces Class Actions on Behalf of Shareholders of SWI, FUBO and MPLN
19. The Law Offices of Frank R. Cruz Reminds Investors of Looming Deadline in the Class Action Lawsuit Against SolarWinds Corporation (SWI) (bizwire)
20. SolarWinds (A Supply Chain Compromise)
21. Biden Administration Sanctions Russia Over Kremlin Critic Alexei Navalny’s Poisoning (WSJ)
22. Hacking group targets organizations via Microsoft server software -researcher | WKZO | Everything Kalamazoo (590 AM · 106.9 FM)
23. Extreme : SolarWinds – A Supply Chain Compromise (MarketScreener)
24. The Law Offices of Frank R. Cruz Reminds Investors of Looming Deadline in the Class Action Lawsuit Against SolarWinds Corporation (SWI)
25. Expert Reaction On Solarwinds Blames Intern For Weak Passwords (Information Security Buzz)
26. SolarWinds reports $3.5 million in expenses from supply (chain attack)
27. AWS Used By Bad Guys: SolarWinds Hackers Used Elastic Compute Cloud (CTOvision.com)
28. SolarWinds Corporation Investors: Last Days to Participate Actively in the Class Action Lawsuit; Portnoy Law Firm
29. SolarWinds executives blame intern for 'solarwinds123' password lapse
30. SolarWinds: Intern leaked passwords on GitHub (secblvd)
31. Wray hints at federal response to SolarWinds hack (hill)
32. SolarWinds, Cyber ‘Regression,’ CDM Loom Large in GAO High (Risk Update – MeriTalk)
33. HAGENS BERMAN, NATIONAL TRIAL ATTORNEYS, Invites SolarWinds (SWI) Investors with Significant Losses to Contact Firm Before March 5, 2021 Deadline, SEC Investigating Company
34. SolarWinds is being investigated by the Securities and Exchange Commission, filing shows (MarketWatch)
35. Recovering from the SolarWinds hack could take 18 months (MIT Technology Review)
36. Breached software firm SolarWinds faces SEC inquiry after insider stock sales (Flipboard)
37. Solarwinds Form 10-K filing 2020-12 (31)
38. Document
39. Vinoth Kumar on Twitter: "https://t.co/H18DCF44El is an intern service according to the Solarwinds ceo so an intern who worked for only for 3 months(2017) had an access to the FTP server and credential was not rotated after he left. So so
40. cybersecurity: Tech executives face round two of Congressional grilling over SolarWinds breach, Telecom News, ET Telecom
41. Secure by Design: Our Plan for a Safer SolarWinds and Customer Community (Orange Matter)

Updated 2021-03-02

1. NYSE:SWI Shareholder Notice: Deadline on March 5, 2021 in Lawsuit Against SolarWinds Corporation - Press Release (Digital Journal)
2. Comment: Mystery — and fear — mounts over SolarWinds hack (HeraldNet.com)
3. SolarWinds (Morgan Stanley Technology, Media and Telecom Conference)
4. Cloud (based dev teams must shift security left to avoid fate of SolarWinds)
5. SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020 (TI Forense)
6. SolarWinds Cyberattack Prompts Calls for Aggressive Countermeasures | The Well News (Pragmatic, Governance, Fiscally Responsible, News & Analysis)
7. How SolarWinds is turning the Orion breach into competitive advantage (Weirdware)
8. SolarWinds Orion Web Performance Monitor (WPM) Remote Detection (Tenable®)
9. Sai Huda’s best-selling book Next Level Cybersecurity reveals signals missed in world’s largest hacks such as SolarWinds (EIN Presswire)
10. NTIA Software Component Transparency (National Telecommunications and Information Administration)
11. Cyber risks loom over Covid-prompted corporate IT shifts (POLITICO)
12. SHAREHOLDER ALERT: Pawar Law Group Announces a Securities Class Action Lawsuit Against SolarWinds Corporation (SWI)
13. The SolarWinds Body Count Now Includes NASA and the FAA (WIRED)
14. National Security Risks of Late-Stage Capitalism (secblvd)
15. If the Walls Fall: Federal Agencies Must Layer Cyber Defenses to Ensure Data Protection (MeriTalk)
16. SolarWinds: Look Beyond The Hack (NYSE:SWI) (Seeking Alpha)
17. What the SolarWinds Attacks Mean for Cloud Data Protection - (Redmondmag.com)
18. SolarWinds: Undervalued Despite The ORION Hack (NYSE:SWI) (Seeking Alpha)
19. Equifax CISO Jamil Farshchi on SolarWinds and Supply Chains
20. Massive SolarWinds Hack Prompts Up to $25 Million in New Expenses
21. After SolarWinds debacle, the U.S. needs to keep software makers from being hurt by cost (cutting owners)
22. Incident Response to SolarWinds Orion Software Compromise for SMEs
23. SolarWinds security fiasco may have started with simple password blunders (ZDNet)
24. SolarWinds faces an SEC inquiry following insider stock sales that took place before Russian hack (wapo)

Updated 2021-03-01

1. SolarWinds to spend up to US$25M on security following attack - Software (CRN Australia)
2. iTWire (Microsoft chief's claims on cloud security result in sharp rejoinder)
3. Jake Williams on Twitter: "I've been thinking a LOT about Brad Smith's testimony this week about #SolariGate. He repeatedly implies that if organizations "just" adopt a cloud first model, they won't experience these sorts of attacks. I called that reckles
4. FireEye cyber CEO: American internet users will be targeted in next war
5. ‘The Marriage Pact’ and the risks we take with data (Charlotte Observer)
6. Buy Palo Alto Networks (PANW) On Weakness; Unlocking Value Of Cloud Business (Seeking Alpha)
7. Hackers seized on the pandemic. Some states are fighting back | National (bakersfield.com)
8. Hearing on Hack Prompts Call for Review of Government’s Cloud Procurement (Nextgov)
9. Senate Intelligence Hearing on SolarWinds Hacking (C-SPAN.org)
10. iTWire (John Capobianco)
11. CyberSec Chey on Twitter: "Former SolarWinds CEO ("We had no password rules, didn't audit accounts, and were basically crap at security but, hey, that's why I got the big bucks!"" / Twitter)
12. Microsoft slams Amazon's AWS over Solarwinds silence (MSPoweruser)
13. Former SolarWinds CEO blames intern for "solarwinds123" password leak (CNNPolitics)

Updated 2021-02-28

1. Former SolarWinds CEO Blames Intern for Password Security Breach
2. Congress has new appetite for breach law following SolarWinds hack - Security (iTnews)
3. Solarwinds Class Action Reminder
4. SolarWinds hack pits Microsoft against Dell, IBM over how companies store data
5. SHAREHOLDER ALERT: SWI QS CLOV: The Law Offices of Vincent Wong Reminds Investors of Important Class Action Deadlines
6. Solarwinds blamed intern for weak password ( experts have doubts)
7. SolarWinds Officers Blame Intern for ‘solarwinds123’ Password (The Times Hub)
8. RABET (V Pilot Update and SolarWinds Mitigations)
9. The SolarWinds Body Count Now Includes NASA and the FAA (Tech Exec)
10. SolarWinds Officials Blame Intern for ‘solarwinds123’ Password
11. Accusation: Microsoft failed with security in the SolarWinds hack (Born's Tech and Windows World)
12. Solarwinds blamed intern for weak password – experts have doubts (FR24 News English)
13. Jeff Elder on Twitter: "SolarWinds leaders told Congress the password "solarwinds123" was a quickly fixed intern's error. Records show it was a publicly accessible software (update server with password visible for two years. A company email from 2019 notes)
14. Former SolarWinds CEO blames intern for ‘solarwinds123’ password leak (WKSM-FM)
15. Jeff Elder on Twitter: "SolarWinds leaders told Congress today the password "solarwinds123" was a mistake by an intern. An email from the company in 2019 links the issue to "publicly accessible" data and "exposed credentials." https://t.co/UTfYWYNTFP" / T
16. Former SolarWinds CEO blames the intern for the “solarwinds123” password leak (Security – 6Park News En)
17. Experts Call for Increased Cyber Info Sharing in Wake of SolarWinds Breach (MeriTalk)
18. Congress has new appetite for breach law following SolarWinds hack: lawmaker | Business Information & News | FE (Westlaw Today)
19. At House SolarWinds hearing, bipartisan lawmakers announce breach disclosure bill (TerabitWeb Blog)

Updated 2021-02-27

1. Microsoft president criticizes Amazon and Google's public response to SolarWinds hack (Washington Times)
2. SolarWinds Hack Pits Microsoft Against Dell, IBM Over How Companies Store Data (WSJ)
3. Kamala Harris To Prioritize Cybersecurity And Global Health In Foreign Policy Platform (MITechNews)
4. Microsoft’s Brad Smith Drags AWS, Google Over SolarWinds Response
5. Former SolarWinds CEO Blames Intern for “solarwinds123” Password Leak (FR24 News English)
6. Critical VMware vSphere Vulnerability Is a Must (Patch)
7. Tech executives testify in Solorigate hearing. Accellion breach updates. Silver Sparrow targets Macs.
8. SolarWinds’ security practices questioned by lawmakers following cyber attack
9. The SolarWinds Body Count Now Includes NASA and the FAA (WIRED)
10. Oversight and Homeland Security Committees Discussed Next Steps for Government and Private Tech Following SolarWinds Breach (House Committee on Homeland Security)
11. SolarWinds' Former CEO Blames Intern for 'solarwinds123' Password Leak (Slashdot)
12. MSFT Stock - Microsoft makes CodeQL queries public post SolarWinds attack (Fintech Zoom - World Finance)
13. Former SolarWinds CEO blames intern for 'solarwinds123' password leak | (foxcarolina.com)
14. RABET-V Pilot Update and SolarWinds Mitigations (NASS)
15. Microsoft makes CodeQL queries public post SolarWinds attack
16. Here's Why I Continue to Be on the Zscaler Bandwagon (RealMoney)
17. Cyber Week in Review: February 26, 2021 (CoFR)
18. Microsoft releases open (source CodeQL queries to assess Solorigate compromiseSecurity Affairs)
19. Over 18,000 companies attacked - Microsoft slams Google & Amazon for hiding information (Gizchina.com)
20. SolarWinds Executives Blame Intern for Leaking Password 'solarwinds123', Leading to Largest Security Breach in The US (Tech Times)
21. Former NSA and Cyber Command Chief Keith Alexander on SolarWinds, Cyberwar, and China (The Record by Recorded Future)
22. US may announce new sanctions on Russia within weeks - White House press secretary - World (TASS)
23. U.S. Government Cybersecurity Vulnerabilities Flow Down to Private Companies and Federal Court Litigants (New York Law Journal)
24. Microsoft: We've open-sourced this tool we used to hunt for code by SolarWinds hackers (ZDNet)
25. File Integrity Monitoring Market Current and Future Demand 2027 (Solarwinds, Alienvault, Logrhythm, Trustwave, Manageengine, Trend Micro, and more – NY Market Reports)
26. Basic cybersecurity standards must start with procurements, experts say
27. Risk & Repeat: Inside the SolarWinds Senate hearing
28. WEBINAR: How to avoid being the next SolarWinds security incident Tickets, Thu, Mar 4, 2021 at 10:00 AM (Eventbrite)
29. Miller-Meeks says ‘SolarWinds’ hack a wake up call for all (Sioux County Radio)
30. SolarWinds hack calls for data breach laws, cyber funding, lawmaker told | Secondary Sources | National (Westlaw Today)
31. The SolarWinds Hack and Its Hidden Impacts on Small & Medium Size Enterprises (Fairfax County EDA)
32. Katko Opening Statement at Hearing on SolarWinds Cyber Campaign - Committee on Homeland Security (Republicans)
33. Microsoft could've prevented some SolarWinds damage (IT Security Guru)
34. CrowdStrike Exec Points to Active Directory 'Structural Problems' in Senate Solorigate Hearing - (Redmondmag.com)
35. SHAREHOLDER ALERT: Levi & Korsinsky, LLP Notifies Shareholders of SolarWinds Corporation of a Class Action Lawsuit and a Lead Plaintiff Deadline of March 5, 2021 (SWI)
36. The anatomy of the SolarWinds attack chain (ITWeb)
37. Congress has new appetite for breach law following SolarWinds hack -lawmaker (The Star Phoenix)
38. Hillicon Valley: Second SolarWinds hack hearing | TikTok to settle privacy lawsuit | Facebook apologizes for removing lawmaker post (hill)
39. Miller-Meeks says 'SolarWinds' hack a wake up call for all (Radio Iowa)
40. Fallout From the SolarWinds Hack (Bloomberg)
41. SolarWinds Plans Cybersecurity Investment After Supply Chain Compromise (ExecutiveBiz)
42. Watch live: Congressional hearing on SolarWinds breach (hill)
43. It’s Not Such a Breeze: Assessing Your Service Providers After SolarWinds (New York Law Journal)
44. Microsoft shares tool to hunt for compromise in SolarWinds breach (CyberScoop)
45. Solarwinds Corporation (SWI) Q4 2020 Earnings Call Transcript (The Motley Fool)
46. Microsoft Releases Queries for SolarWinds Attack Detection
47. Former SolarWinds CEO blames intern for "solarwinds123" password leak (CNNPolitics)
48. Microsoft Conclusion on SolarWinds Hack 'Conflicts' with Other Messages

Updated 2021-02-26

1. SolarWinds Update: Russian Threat-Actor Re (Used Components from Other)
2. Here's the Big Problem With Too Much Trust
3. AWS: SolarWinds hackers used our elastic compute cloud - Security (CRN Australia)
4. SOLARWINDS SHAREHOLDER ALERT BY FORMER LOUISIANA ATTORNEY GENERAL: Kahn Swick & Foti, LLC Reminds Investors with Losses in Excess of $100,000 of Lead Plaintiff Deadline in Class Action Lawsuits Against SolarWinds Corporation (SWI)
5. Lawmakers angered over Amazon’s lack of public disclosure on SolarWinds hack (MarketWatch)
6. Assessing Fallout from the SolarWinds Breach (eWEEK)
7. Haeggquist & Eck, LLP Is Investigating Claims Against SolarWinds Corporation’s Directors and Officers for Breach of Fiduciary Duty (bizwire)
8. Microsoft failed to shore up defenses that could have limited SolarWinds hack: U.S. senator | Y100 WNCY | Your Home For Country & Fun (Green Bay, WI)
9. US senator claims Microsoft failed to fix cloud holes before SolarWinds hack - Security (iTnews)
10. The SolarWinds of Change are Blowing in the Need for Tech Collaboration (Law.com)
11. Microsoft Releases Free Tool for Hunting SolarWinds ...
12. Watch: Risk Advisory Services: SolarWinds Cyber Attack and its Impact on your Cybersecurity Insurance
13. The Top Free Tools for Sysadmins in 2021
14. Executive Order Focuses on Supply Chain Risk Management
15. Huawei backs supply chain security standards in wake of SolarWinds breach (hill)
16. Our Dire Need for a National Cybersecurity Agency
17. IDX Introduces Cybersecurity Healthcheck to Identify Security...
18. White House Releases Executive Order on America's Software Supply Chains (secblvd)
19. Haeggquist & Eck, LLP Is Investigating Claims Against SolarWinds Corporation’s Directors and Officers for Breach of Fiduciary Duty
20. Cloud Email Security Software Market to Witness Astonishing Growth With Vital Key Players | Proofpoint, SpamTitan, Barracuda, SolarWinds – KSU (Sentinel)
21. Bloomberg
22. SWI SHAREHOLDER FILING DEADLINE: Bernstein Liebhard LLP Reminds Investors of the Deadline to File a Lead Plaintiff Motion in a Securities Class Action Lawsuit Against SolarWinds Corporation (GuruFocus.com)
23. Ex-NSA chief: No idea how badly SolarWinds hack harmed security (The Jerusalem Post)
24. Microsoft Releases Free Tool for Hunting SolarWinds ...

Updated 2021-02-25

1. SolarWinds, SUNBURST, and the Latest in Supply Chain Security, Compromises, & Breach Litigation | Events  ( Crowell & Moring LLP)
2. Netenrich and Industry Leaders Discuss the Rise in Third Party Attacks Post (SolarWinds and Techniques to Maximize Security Effectiveness)
3. Tech exec to Congress: Supply chain hack took 1,000 engineers - (Defense Systems)
4. US Senators, tech execs recommend hack reporting requirement, Technology (THE BUSINESS TIMES)
5. 10 Security Quotes: Microsoft, CrowdStrike, SolarWinds, and FireEye Talk to Congress
6. CIA nominee: Cyber threats are 'ever greater risk' for U.S. society - (FCW)
7. SolarWinds Revenue, Earnings After Security Breach (MSSP Alert)
8. Cyber Diplomacy Act aims to elevate America's global cybersecurity standing (CSO Online)
9. Cyber (pandemic: The most notable cyber attacks of 2020)
10. Krebs Lays Out CISA Bite-Back at Health (Sector Hackers – MeriTalk)
11. AWS: SolarWinds Hackers Used Our Elastic Compute Cloud
12. U.S. and EU prepare new rounds of sanctions against Russia (MarketWatch)
13. Microsoft shares CodeQL queries to scan code for SolarWinds (like implants)
14. SolarWinds To Spend Up To $25M On Security Following Attack
15. CrowdStrike Slams Microsoft Over SolarWinds Hack (Unified Networking)
16. Detecting and Responding to SolarWinds Infrastructure Attack with Cisco Secure Analytics (Cisco Blogs)
17. SolarWinds: 4Q Earnings Snapshot | Business News (scnow.com)
18. The Klein Law Firm Reminds Investors of Class Actions on Behalf of Shareholders of SWI, FUBO and EBIX
19. Website Monitoring Software Market 2021 Precise Outlook – SolarWinds, AlertBot (InfoGenius), Zoho, LogicMonitor, New Relic, SmartBear, Nagios, Freshworks, Monitis (FLA News)
20. File Integrity Monitoring Market to Watch: Solarwinds, Alienvault, Logrhythm, Trustwave, Manageengine, Trend Micro (NY Market Reports)
21. [PDF] Global Data Archiving Software Market 2021 (SolarWinds MSP, TitanHQ, CloudBerry Lab – The Courier)
22. Open Text : After SolarWinds, worldwide governments can trust no one (MarketScreener)
23. The Law Offices of Frank R. Cruz Announces the Filing of a Securities Class Action on Behalf of SolarWinds Corporation (SWI) Investors | State (montereycountyweekly.com)
24. SolarWinds (SWI) Q4 Earnings and Revenues Beat Estimates (Nasdaq)
25. SolarWinds Announces Fourth Quarter 2020 Results (bizwire)
26. SolarWinds: 4Q Earnings Snapshot (Lexington Herald Leader)
27. SolarWinds Profit Forecast Trails Estimates After Hack (Bloomberg)
28. How to Avoid Falling Victim to a SolarWinds (Style ...)
29. Amazon com : Lack of Public Disclosure on SolarWinds Hack Angers Lawmakers (MarketScreener)
30. SolarWinds Corp. to Host Earnings Call
31. CrowdStrike: After The SolarWinds Breach, This Is Your Best Cybersecurity Stock (CRWD) (Seeking Alpha)
32. Amazon’s Lack of Public Disclosure on SolarWinds Hack Angers Lawmakers (WSJ)
33. SolarWinds Announces Fourth Quarter 2020 Results
34. SolarWinds stock rallies after profit, revenue rise above expectations (MarketWatch)
35. The massive Solarwinds attack is still shrouded in mystery
36. SolarWinds: 4Q Earnings Snapshot
37. King: SolarWinds Hack Highlights Need for Increased Deterrence of Cyberattacks
38. SolarWinds Corp. to Host Earnings Call
39. SolarWinds (SolarWinds Announces Fourth Quarter 2020 Results)
40. Data Archiving Software Market 2025 Global Industry Trends and Forecast: SolarWinds MSP, TitanHQ, CloudBerry Lab, DocuXplorer Software, Jatheon Technologies, GFI Software, ShareArchiver, Relay Communications, Professional Advantage, MessageSolution (NY)
41. More Money Won’t Prevent the Next SolarWinds - But Better Detection Strategies Will (secblvd)
42. Katko Calls on Administration to Fully Leverage CISA Capabilities in SolarWinds Response - Committee on Homeland Security (Republicans)
43. Cloud Monitoring Market 2025 Global Industry Trends and Forecast: CA Technologies, Solarwinds, Dynatrace, Idera, Sevone, Cloudyn, Zenoss, Datadog, Kaseya, Logicmonitor, Opsview (NY Market Reports)
44. SolarWinds Orion Network Performance Monitor Installed (Windows) (Tenable®)
45. Hillicon Valley: Biden signs order on chips | Hearing on media misinformation | Facebook's deal with Australia | CIA nominee on SolarWinds (hill)
46. IPAM Software Market to See Huge Growth by 2025 (Infoblox, SolarWinds Worldwide, Cisco Systems – NY Market Reports)
47. Tech firms say there's little doubt Russia behind major hack (LV Sun)
48. AWS linked to SolarWinds hack - Security (CRN Australia)
49. White House plans executive action in response to massive breach - (Defense Systems)
50. DEADLINE ALERT: Bragar Eagel & Squire, P.C. Reminds Investors That a Class Action Lawsuit Has Been Filed Against SolarWinds Corporation and Encourages Investors to Contact the Firm (Benzinga)
51. First Blackbaud, then SolarWinds. Supply chain cyber (attacks are proliferating – how secure is your business?)
52. SolarWinds hackers targeted NASA, Federal Aviation Administration networks
53. ‎16 Minutes News by a16z on Apple Podcasts
54. SolarWinds Hackers Targeted Cloud Services as a Key Objective  (AI Trends)
55. Senator Collins Questions Technology Leaders on SolarWinds Hack That Compromised Data Across Multiple Federal Agencies (Senator Susan Collins)
56. More Money Won’t Prevent the Next SolarWinds (But Better Detection Strategies Will)
57. DOJ could start looking closer at cybersecurity fraud on government technology providers (FRN)
58. Microsoft president asks Congress to force private (sector orgs to publicly admit when they've been hacked • The Register)
59. DEADLINE ALERT: Bragar Eagel & Squire, P.C. Reminds Investors That a Class Action Lawsuit Has Been Filed Against SolarWinds Corporation and Encourages Investors to Contact the Firm (bizwire)
60. Biden administration prepares to impose sanctions on Russia over Navalny poisoning, SolarWinds hack (english.lokmat.com)
61. At least 1,000 engineers worked on supply chain hack, tech exec says - (GCN)
62. Guest post: Kurt Sanger on “The ‘SolarWinds’ Hack and the Need to Reframe U.S. Cybersecurity Information Sharing” (Lawfire)
63. Infosec expert says mandatory cyber incident reporting is worth considering in Canada (IT World Canada News)
64. SolarWinds Corporation Investors: Last Days to Participate Activ (The Cowboy Channel)
65. SolarWinds hack was work of 'at least 1,000 engineers', tech executives tell Senate
66. Tech Talk: SolarWinds, Microsoft, FireEye, CrowdStrike defend actions in major hack: US Senate hearing
67. SolarWinds Hack Leaves Entire Industry In Panic (Research Snipers)
68. Early Edition: February 24, 2021 (Just Security)
69. SolarWinds, Microsoft, and executives of more firms face Senate grilling (TechStory)
70. CISA looks inward to stop future supply chain attacks - (Defense Systems)
71. Biden signs executive order demanding supply chain security review (CyberScoop)
72. Senate grills tech executives on SolarWinds hack (One America News Network)
73. Tech Among Top Priorities for Biden’s CIA Director Pick (Nextgov)
74. SolarWinds & Solorigate: What Happened, Why it Matters & What Happens Next (The Devolutions Blog)
75. Amazon Defends Itself After Skipping SolarWinds Hearing
76. Microsoft, FireEye, CrowdStrike, and SolarWinds Speak at US Senate Hearing Into Massive Cyberattack
77. Senators, Tech Execs Recommend Hack Reporting Requirement (DCN)
78. Marco Rubio on SolarWinds Hack: ‘Many Concerning Aspects to This Operation That Raise Significant Questions’ (Florida Daily)
79. US to impose sanctions on Russia over Navalny poisoning, SolarWinds hack (Business Standard News)
80. DDoS in hybrid war. Accellion compromise attributed. Initial access brokers. Agile C2 for botnets. US Senate’s SolarWinds hearing. US DHS cyber strategy. Shiny new phishbait.
81. Google’s been lobbying for more scrutiny into Microsoft’s liability for SolarWinds hack » OnMSFT.com
82. Sens. Mull Cyberattack Reporting Law At SolarWinds Hearing (Law360)
83. SolarWinds attackers lurked for ‘several months’ in FireEye’s network (Urgent Comms)
84. SolarWinds fallout sparks calls for mandatory incident reporting, repercussions after cyber attacks (FRN)
85. The big takeaway from the Senate's SolarWinds hearing (Axios)
86. SolarWinds hack was work of more than 1,000 engineers: Microsoft, World News (wionews.com)
87. SWI Shareholder Alert: Bronstein, Gewirtz & Grossman, LLC Reminds SolarWinds Corporation Shareholders of Class Action and Encourages Shareholders to Contact the Firm
88. FireEye CEO on how the SolarWinds hack was discovered (CNN Video)
89. Partners: AWS Must Come Clean On Role In SolarWinds Hack
90. Senate SolarWinds Hearing: 4 Key Issues Raised
91. Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries
92. Lawmakers urge notification law in wake of Russia SolarWinds hack
93. 10 Boldest Statements From The SolarWinds Senate Hearing
94. CrowdStrike Slams Microsoft Over SolarWinds Hack (Infosecurity Magazine)
95. Massive SolarWinds Hack Prompts Calls for U.S. Law Requiring Cyber Breach Reporting
96. More SolarWinds Hack Victims Yet to Be Publicly Identified, Tech Executives Say (WSJ)
97. SolarWinds not the only company used to hack targets, tech execs say at hearing (CNET)
98. SolarWinds Attackers Lurked for 'Several Months' in ...
99. Ryuk Ransomware Gang, Cryptocurrency Fortunes & SolarWinds - InfoSec Round-Up Jan 17th | InfoSec Round-Up by Hut Six Security | Podcasts on Audible (Audible.com)
100. ‎Malicious Life: Special: The SolarWinds Hack on Apple Podcasts
101. Cyber Risk Management in the Wake of SolarWinds (USC Event Calendar)
102. Committee on Homeland Security (Letter from John Katko)
103. Essays: Why Was SolarWinds So Vulnerable to a Hack? (Schneier)
104. Tech Executives Call for Improved Public (Private Coordination After SolarWinds Hack)
105. Microsoft, FireEye push for breach reporting rules after SolarWinds hack (hill)
106. SolarWinds Hack Bigger, More Dangerous than Previously Thought, Tech Execs Warn (VOA)
107. Solarwinds hearing stresses breach disclosure mandates (scmedia)
108. SolarWinds hack was work of 'at least 1,000 engineers', tech executives tell Senate | Technology (Guardian)
109. Microsoft: No Evidence SolarWinds Was Hacked Via Office 365
110. The SolarWinds Breach Is Shaking Up Incident Response

Updated 2021-02-24

1. 'Russian' hackers targeted NASA as part of SolarWinds attack (MENAFN.COM)
2. Senate Intelligence Committee Examines SolarWinds Hack (UPI)
3. SolarWinds to Showcase Database Management Solutions at Microsoft Ignite 2021
4. List of 1213 SolarWinds Employees - Find Emails & Phones - SignalHire (Page 6)
5. Global Deep Packet Inspection And Processing Market Analysis, Size, Share, Growth, Trends And Forecast 2027 (IBM Corporation; Cisco; Juniper Networks, Inc.; Broadcom.; SolarWinds Worldwide, LLC.; VIAVI Solutions Inc.; NETSCOUT; LogRhythm, Inc.; Qosmos Te)
6. The US Senate just grilled Microsoft and SolarWinds over last year's historic cyberattack. Here's what happened.
7. SolarWinds cybersecurity breach: How it happened and Biden’s response (The Anchor)
8. Hearings (Intelligence Committee)
9. Tech firms say there's little doubt Russia behind major hack (StarTribune)
10. SolarWinds hack worse than thought -Senate panel (Reuters)
11. SolarWinds, Microsoft, FireEye, CrowdStrike defend actions in major hack - U.S. Senate hearing (Reuters)
12. SolarWinds, Microsoft, FireEye, CrowdStrike executives face U.S. Senate grilling | Y100 WNCY | Your Home For Country & Fun (Green Bay, WI)
13. Tech firms say there's little doubt Russia behind major hack
14. Capitol Hill’s busy day: Confirmation hearings, updates on the Russian hacking attack and more. (nyt)
15. A digital strategy to defend the nation (Microsoft On the Issues)
16. After Russian Cyberattack, Looking for Answers and Debating Retaliation (nyt)
17. SolarWinds hack worse than thought (Senate panel)
18. Google trying to put Microsoft on the spot at SolarWinds hearing
19. SolarWinds, Microsoft, FireEye, CrowdStrike defend actions in major hack (U.S. Senate hearing)
20. STAR Webcast: Making sense of SolarWinds through the lens of MITRE ATT&CK(R) (SANS Institute)
21. The US Senate is grilling Microsoft and SolarWinds over last year's historic cyberattack (Markets Insider)
22. SolarWinds attack could have happened to anyone, CEO says - (GCN)
23. Network Optimization Services Market 2021 to Global Forecast 2026 By Major Players – Solarwinds, Cisco Systems, Huawei, Nokia, ZTE, Infovista, Citrix, Fatpipe Networks, Netscout Systems, Silver Peak, Array Networks (The Bisouv Network)
24. Sensitive Data Discovery Market 2020:Global Industry Size, Analysis, Growth Factors, Key Companies, Regional Outlook, Future Insights Till 2026 | IBM, Microsoft, Oracle, AWS, Proofpoint, Google, SolarWinds, – KSU (Sentinel)
25. Network Monitoring Software Market Global Outlook 2021-2026: CA Technologies, GFI Software, IBM, Solarwinds, Auvik Networks, Manage Engine – KSU (Sentinel)
26. SolarWinds Shareholder Alert
27. The Compromise of SolarWinds Orion
28. Today’s Headlines and Commentary (Lawfare)
29. SolarWinds hack worse than thought (Senate panel)
30. The Scale of the SolarWinds Breach Is Still Unclear, Executives Say (nyt)
31. Executives testify SolarWinds hack was of unprecedented scale, scope (UPI)
32. Palo Alto Networks Posts First $1 Billion Sales Quarter (DCN)
33. Hillicon Valley: Companies urge action at SolarWinds hearing | Facebook lifts Australian news ban | Biden to take action against Russia in 'weeks' (hill)
34. Broadband Breakfast: SolarWinds CEO Says Hack Shows Need for Information (Sharing Between Industry and Government)
35. WATCH LIVE: Senate committee hears testimony on SolarWinds hack | WPBS (Serving Northern New York and Eastern Ontario)
36. SolarWinds Hack: Vital Lessons for Integrators SoloarWinds Hack
37. FireEye (NASDAQ:FEYE), (CRWD) - SolarWinds, Microsoft, FireEye, CrowdStrike To Testify In Senate In Russian Cyber Hack Case (Benzinga)
38. CISA, DHS Bolster State and Local Cybersecurity Programs (Nextgov)
39. U.S. Senators: AWS Infrastructure Used In SolarWinds Attack
40. Paramount Defenses Opens Online Store to Empower Organizations Worldwide
41. SolarWinds, Microsoft, FireEye, CrowdStrike Executives Face Senate Grilling
42. US Senate Intelligence Committee To Hold Hearing On SolarWinds Hack February 23 - Notice (UrduPoint)
43. SolarWinds Orion Data Security Update
44. Rear door in SolarWinds Orion - update as soon as possible (updated 2020-12-29) (www.cert.se)
45. The SolarWinds Attack: Why Israeli Companies Should Pay Attention (Lexology)

Updated 2021-02-23

1. US to sanction Russia for mass hack, Navalny poisoning
2. SolarWinds, Microsoft, FireEye, CrowdStrike executives face U.S. Senate grilling (Nasdaq)
3. Biden administration plans to sanction Russia for SolarWinds hacks, poisoning of opposition leader (The Boston Globe)
4. SolarWinds, Microsoft, FireEye, CrowdStrike executives face Senate grilling (Reuters)
5. Microsoft says it notified 60 customers of SolarWinds breach (U.S. Senate panel hearing)
6. SolarWinds hackers targeted NASA, Federal Aviation Administration networks (TechCrunch)
7. SolarWinds Hack Grabs Senate Spotlight With CEO in the Hot Seat (Bloomberg)
8. Mayorkas Announces Initial Plans To Bolster U.S. Cyber Security; SolarWinds CEO Has Ideas Too (IIOT Connection)
9. WTH is Russia doing cyberattacking the United States? David Sanger on the SolarWinds hack and the future of American cyber security | What the Hell Is Going On | Podcasts on Audible (Audible.com)
10. Lawmakers grill SolarWinds CEO on devastating hack (WSM-FM1)
11. The Anatomy of the SolarWinds Attack Chain
12. Network security relies on careful scrutiny
13. IBM CEO Says He Feels ‘Sorry’ For SolarWinds, Cybersecurity ‘Biggest Issue’ For Tech Industry
14. House committees to hold February 26 hearing on 'SolarWinds' hack (Gadgets Now)
15. SolarWinds, Microsoft, FireEye, CrowdStrike defend actions in major hack - U.S. Senate hearing (Reuters)
16. After SolarWinds hack, the U.S. must prioritize cybersecurity (Idaho Business Review)
17. MSP Software Provider Atera Raises $25M From K1 (ChannelE2E)
18. The Anatomy of the SolarWinds Attack Chain (secblvd)
19. Biden administration planning to sanction Russia for SolarWinds hacks (wapo)
20. Have Insiders Been Selling SolarWinds Corporation (NYSE:SWI) Shares? (Simply Wall St News)
21. Newscan: SolarWinds CEO recommends liability protections for sharing information about incidents (Urgent Comms)
22. Best Practices for Strengthening Your Organization’s Overall Security Posture (Manufacturing Business Technology)
23. Health care bore brunt of cyberattacks in 2020, study says (Roll Call)
24. Network Optimization Services Market Evolving Technology and Growth Outlook 2020 to 2026 | Solarwinds, Cisco Systems, Huawei, Nokia, ZTE, Infovista, Citrix, Fatpipe Networks – KSU (Sentinel)
25. SolarWinds to Showcase Database Management Solutions at Microsoft Ignite 2021
26. Opinion (Why Was SolarWinds So Vulnerable to a Hack? - The New York Times)
27. Patch Management Market Opportunities (Industry Report by SolarWinds, ConnectWise, Oracle, Chef Software, GFI Software, Automox, SysAid Technologies and ManageEngine – NY Market Reports)
28. State (sponsored cyber attacks have corporates worried)
29. What's Scarier Than the SolarWinds Breach? (secblvd)
30. Website Monitoring Software Market 2020-2026 (SolarWinds, Zoho, SmartBear, LogicMonitor, New Relic, Freshworks, Datadog, Nagios – The Courier)
31. Data Archiving Software Market to 2027 – SolarWinds MSP, TitanHQ, CloudBerry Lab and Others (NY Market Reports)
32. US House committees to hold Feb 26 hearing on 'SolarWinds' hack (CNA)
33. SolarWinds CEO to Testify at Second Hearing Friday; He Offers Details Now
34. New York issues cyber insurance framework as ransomware, SolarWinds costs mount (TechCentral.ie)
35. Cisco Application Policy Infrastructure Controller vs SolarWinds - Overview, H2H, and More (Slintel)
36. Orion SDK - The Orion Platform (THWACK)
37. SolarWinds N-central vs EuVantage (2021 Feature and Pricing Comparison)
38. Investigation of SolarWinds Corporation (Robbins LLP)
39. SHAREHOLDER ALERT: SWI PEN OTGLY: The Law Offices of Vincent Wong Reminds Investors of Important Class Action Deadlines
40. US House Committees to Hold Hearing on SolarWinds Hack on 26 February (Sputnik)
41. SolarWinds CEO: This could have happened to anyone - (FCW)
42. SolarWinds Cyberattack Cleanup Costs: SWI Earnings, Senate & House Hearings May Provide Clues (MSSP Alert)
43. Implications of SolarWinds Hack on Your Cyber Practices
44. SolarWinds Deadline Alert
45. VMware Marketplace: SolarWinds Content Pack
46. Mayorkas Announces Initial Plans To Bolster U.S. Cyber Security; SolarWinds CEO Has Ideas Too
47. The SolarWinds Breach Is a Wakeup Call to CISOs (InfoSystems)
48. SolarWinds Cyber Attack: February 24 Webinar Will Address Lessons Learned
49. Anatomy of the SolarWinds Attack: Five Types of Malware (Blumira)
50. Biden speech pledges international cooperation on cyber - (Washington Technology)
51. Shareholder Alert: Robbins LLP is Investigating SolarWinds Corporation (SWI) on Behalf of Shareholders (bizwire)
52. Lessons Learned from a Cyberattack: A Conversation with SolarWinds (Part 1 of 2) (Center for Strategic and International Studies)
53. Biden Wants International “Rules” to Combat Alleged Russian, Chinese Cyberattacks (MSSP Alert)
54. Palo Alto Networks CEO: XDR Protected Us From SolarWinds Attack (SDxCentral)
55. Senate Committee to Hear Testimony Surrounding Major SolarWinds Cybersecurity Breach on Cheddar
56. Cyber Attacks on U.S. Need to Be Handled Differently, Says Sen. Warner (Bloomberg)
57. Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report (tpost)
58. SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings
59. SolarWinds CEO Recommends Liability Protections for Sharing Information about Incidents  (Nextgov)
60. N-able: The Path Forward for the Former SolarWinds MSP (ChannelE2E)
61. Microsoft: SolarWinds Hackers Viewed, Downloaded Source Code for Azure, Intune, Exchange Components (My TechDecisions)
62. U.S. House committees to hold Feb 26 hearing on 'SolarWinds' hack (Reuters)
63. SolarWinds hearing announced by House committees (CNET)
64. Microsoft posts final update on Solarwinds attack, reveals which Microsoft product source code hackers were targeting (MSPoweruser)
65. Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code (tpost)
66. Experts Tell Lawmakers to Give CISA 'Operational' Federal Information Security Role (Nextgov)
67. Spared Direct Hit, Law Firms Could Still Face SolarWinds Cyber Fallout (Legaltech News)
68. Three Steps to Ensure Your Supply Chain Isn’t Your Weak Link (Legaltech News)

Updated 2021-02-22

1. U.S. House committees to hold Feb 26 hearing on 'SolarWinds' hack (Reuters)
2. SolarWinds hearings will test cybersecurity cooperation, experts say
3. In the SolarWinds Hack Microsoft Lost The Source Code For 3 Products
4. SolarWinds Announces Earnings Call Time Change: Fourth Quarter and Full Year 2020 Earnings Call to Occur on Thursday, February 25 at 7:30 AM CT
5. Hiding in plain sight: What the SolarWinds attack revealed about efficacy (Urgent Comms)
6. U.S. House committees to hold Feb 26 hearing on ‘SolarWinds’ hack | The Mighty 790 KFGO (KFGO)
7. New York issues cyber insurance framework as ransomware, SolarWinds costs mount (CSO Online)
8. White House security adviser says response to SolarWinds hack will come in weeks | WKZO | Everything Kalamazoo (590 AM · 106.9 FM)
9. Top Biden Adviser Suggests Russia Could See U.S. Response To SolarWinds Hack Within 'Weeks'
10. Biden official: SolarWinds attack response may come within weeks
11. BREAKING ALERT: ROSEN, A LEADING AND LONGSTANDING LAW FIRM, Encourages SolarWinds Corporation Investors with Large Losses to Secure Counsel Before Important March 5 Deadline (SWI)
12. Neuberger: Private (Sector Partnership ‘Core’ in Fixing Huge Hack, Building Better Defenses – Homeland Security Today)
13. Microsoft suggest companies “adopt a zero trust mindset” as it closes SolarWinds internal investigation » OnMSFT.com
14. Microsoft Concludes Its SolarWinds Investigation (Thurrott.com)
15. SolarWinds cyberhack is a blow. The US must prioritize cybersecurity now | Columns (idahostatejournal.com)
16. Turning the page on Solorigate and opening the next chapter for the security community (MS Security)
17. Microsoft wraps SolarWinds probe, nudges companies toward zero trust
18. CyberArk Labs: The Anatomy of the SolarWinds Attack (Techwire)
19. SolarWinds Hacked From Inside U.S., 100+ Orgs Compromised

Updated 2021-02-21

1. Suspected Russian hack fuels new US action on cybersecurity (ABC News)
2. Apiiro Releases Industry’s First Solution That Detects and Prevents the Attack Used Against Solarwinds

Updated 2021-02-20

1. Massive breach fuels calls for US action on cybersecurity - U.S. (Stripes)
2. What financial services should learn from the SolarWinds cyber attack
3. White House Prepping Multi-Part Executive Order on SolarWinds Hack (Defense One)
4. Senate Intelligence panel to hold hearing on SolarWinds breach next week (hill)
5. U.S. Senate panel to hold Feb 23 hearing on 'SolarWinds' hack (Reuters)
6. Hiding in Plain Sight: What the SolarWinds Attack ...
7. SolarWinds Hackers Stole Some Source Code for Microsoft Azure, Exchange, Intune
8. SolarWinds hackers studied Microsoft source code for authentication and email (Reuters)
9. Thread by @NatashaBertrand on Thread Reader App (Thread Reader App)
10. Targeting Process for the SolarWinds Backdoor (NETRESEC Blog)
11. Biden to take 'executive action' to address SolarWinds breach (hill)
12. The Hack Roundup: White House Says Neuberger Leading Federal Response (Nextgov)
13. SOLARWINDS INVESTOR ALERT: Shareholder Lawsuit Filed
14. SolarWinds hack is the perfect foreword to new book on biggest breaches
15. The SolarWinds Hack Doesn’t Demand a Violent Response (Defense One)
16. The Art of Finding Cyber-Dinosaur Skeletons (Securelist)

Updated 2021-02-19

1. White House says it will hold those responsible for SolarWinds hack accountable within weeks (CNNPolitics)
2. 5 minutes with Michael Bahar - The aftermath of the SolarWinds Orion breach | 2021-02-19 (Security Magazine)
3. Network Traffic Analyzer Industry- Exclusive Market Research Report (SolarWinds, Netscout and more. – NeighborWebSJ)
4. Massive breach fuels calls for US action on cybersecurity (WAVY.com)
5. Microsoft says SolarWinds hackers stole source code for 3 products (ars)
6. SolarWinds (SWI) Earnings Expected to Grow: What to Know Ahead of Next Week's Release (Nasdaq)
7. SHAREHOLDER ALERT: Pomerantz Law Firm Reminds Shareholders with Losses on their Investment in SolarWinds Corporation of Class Action Lawsuit and Up Coming Deadline (SWI)
8. SHAREHOLDER ALERT: Levi & Korsinsky, LLP Notifies Shareholders of SolarWinds Corporation of a Class Action Lawsuit and a Lead Plaintiff Deadline of March 5, 2021 (SWI)
9. Hillicon Valley: Congress prepares to hold hearing on SolarWinds breach, Big Tech content moderation | Tensions rise between Capitol Hill and Facebook, Google over news distribution (hill)
10. U.S. Senate panel to hold Feb 23 hearing on 'SolarWinds' hack (Reuters)
11. SolarWinds fallout has enterprise CISOs on edge
12. SolarWinds attack hit 100 companies and took months of planning, says White House (ZDNet)
13. The Solarwinds Hack Is A One Of A Kind And Not The Norm (Information Security Buzz)
14. SolarWinds Hack and the Case of DNS Security (secblvd)
15. SolarWinds: Microsoft Reveals New Details About Sophisticated Mega (Breach)
16. White House Announces Senior Official Is Leading Inquiry Into SolarWinds Hacking (nyt)
17. U.S. Cyber Command Expands Operations to Hunt Hackers From Russia, Iran and China (nyt)
18. Trump ‘Nobody Gets Hacked’ Video Goes Viral
19. U.S. Cyber Command Bolsters Allied Defenses to Impose Cost on Moscow (nyt)
20. U.S. Begins First Cyberoperation Against Russia Aimed at Protecting Elections (nyt)

Updated 2021-02-18

1. Microsoft Internal Solorigate Investigation – Final Update (Microsoft Security Response Center)
2. Microsoft says SolarWinds hackers downloaded some Azure, Exchange, and Intune source code (ZDNet)
3. Digital Offense Capabilities Are Currently Net Negative for the Security Ecosystem
4. Occam’s Razor — A SolarWinds Perspective for Law Firms (Legal Talk Network)
5. The SolarWinds hackers could be in US government computers for a long time. Here’s our next move (Bulletin of the Atomic Scientists)
6. White House now says 100 companies hit by SolarWinds hack, but more may be impacted (Verge)
7. Norway’s 11179 billion NOK wealth fund affected by the SolarWinds hack (DN)
8. SolarWinds (style email compromise attacks go mainstream)
9. SWI BREAKING ALERT: ROSEN, A TRUSTED AND LEADING LAW FIRM, Encourages SolarWinds Corporation Investors with Large Losses to Secure Counsel Before Important Deadline – SWI | Business (valdostadailytimes.com)
10. The U.S. Needs a Cyber State of Distress to Withstand the Next SolarWinds (Lawfare)
11. Suspected Russian Hackers Used U.S. Networks, Official Says (Bloomberg)
12. Risk & Repeat: SolarWinds and the hacking back debate
13. SolarWinds Shareholder Alert
14. SolarWinds Investor Relations: Berger Montague Announces Expanded Class Period for Investigation of Alleged Securities Fraud Against SolarWinds Corporation (NYSE: SWI); Encourages Investors with Losses in Excess of $100,000 to Secure Counsel; Lead Plainti
15. Press Briefing by Press Secretary Jen Psaki and Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger, February 17, 2021 (The White House)
16. The "largest and most sophisticated hack ever" - The Backstory with Matt Bevan - RN Breakfast (ABC Radio National)
17. France Just Suffered A Very 'Solar Winds' (Like Cyberattack)
18. SolarWinds: Microsoft Reveals New Details About Sophisticated Mega (Breach)
19. Former top cybersecurity official on why U.S. intelligence missed Russia's SolarWinds hack
20. SolarWinds hack was 'largest and most sophisticated attack' ever (Microsoft president)
21. Cybersecurity experts say U.S. needs to strike back after SolarWinds hack (CBS News)
22. Experts laud SolarWinds post-attack efforts, but why’d it take a massive cyber incident to make changes? (FRN)
23. SolarWinds patches three newly discovered software vulnerabilities (ZDNet)
24. Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency – sources (Reuters)
25. Defense nominee favors proactive cyber posture
26. ‘William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021’
27. SolarWinds hack may be much worse than originally feared (Verge)
28. SolarWinds hackers accessed Microsoft source code (ZDNet)
29. SolarWinds hackers accessed Microsoft source code, the company says (Reuters)
30. Big tech companies including Intel, Nvidia, and Cisco were all infected during the SolarWinds hack (Verge)
31. Pompeo Says Russia 'Pretty Clearly' Behind SolarWinds Cyberattack. : NPR
32. Microsoft president sounds alarm on ‘ongoing’ SolarWinds hack, identifies 40 more precise targets (Verge)
33. SolarWinds hides list of high-profile customers after devastating hack (Verge)
34. Operationalizing Defend Forward: How the Concept Works to Change Adversary Behavior (Lawfare)
35. ADP 3 (28 Defense Support of Civil Authories)
36. Presidential Policy Directive -- United States Cyber Incident Coordination (whitehouse.gov)

Updated 2021-02-17

1. Many SolarWinds Customers Failed to Secure Systems Following Hack (SecurityWeek.Com)

Updated 2021-02-16

1. Microsoft: SolarWinds attack took more than 1,000 engineers to create (ZDNet)
2. France Ties Russia's Sandworm to a Multiyear Hacking Spree (WIRED)
3. 7 Things We Know So Far About the SolarWinds Attacks
4. Sealed U.S. court records possibly accessed by SolarWinds attackers (Help Net Security)

Updated 2021-02-15

1. Microsoft says it found 1,000 (plus developers' fingerprints on the SolarWinds attack • The Register)
2. Cybersecurity experts say U.S. needs to strike back after SolarWinds hack
3. SolarWinds Hack Was 'Largest and Most Sophisticated Attack' Ever, Microsoft President Brad Smith Says (Technology News)
4. SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy and Commerce Departments (CBS News)
5. SolarWinds hack was 'largest and most sophisticated attack' ever: Microsoft president (Reuters)
6. US Court system demands massive changes to court documents after SolarWinds hack (TechRepublic)
7. Arctic Security (SolarWinds: Going beyond attribution - all in a day’s work for a Bicycle Repair Man)
8. On SolarWinds, Supply Chains and Enterprise Networks
9. VirusTotal
10. Essential Threat Intelligence: Importance of Fundamentals in Identifying IOCs (Webroot)
11. Does SolarWinds change the rules in offensive cyber? Experts say no, but offer alternatives (scmedia)

Updated 2021-02-12

1. Best SolarWinds RMM Alternatives 2021 (Capterra)
2. Nagios Alternatives: Best Commercial & Open Source of 2021
3. 50 Best SolarWinds Alternatives & Competitors in 2021
4. 20 best alternatives to SolarWinds Log & Event Manager as of 2021 (Slant)
5. Top SolarWinds Competitors and Alternatives (Craft.co)
6. Unryo (Performance Monitoring & Observability)
7. What are some alternatives to Solarwinds? (StackShare)
8. 50 Best SolarWinds Alternatives & Competitors in 2021
9. SolarWinds Alternative - Get Modern Monitoring (Zenoss)
10. SolarWinds Alternative (Alternatives to SolarWinds for Network and Server)
11. Solarwinds alternative: a comparison in depth between Solarwinds and Pandora FMS
12. Open Source SolarWinds Server & Application Monitor Alternatives (AlternativeTo)
13. SolarWinds Alternatives (Guide Top 9 SolarWinds Alternatives)
14. Nagios Alternatives - Nagios Replacement for Monitoring (SolarWinds)
15. Fed up with Solarwinds, open source options? : sysadmin
16. SolarWinds Network Performance Monitor Alternatives, Competitors & Similar Software (GetApp®)
17. RMM Software - Atera - RMM software (PSA & Remote Access for MSPs)
18. Network Monitoring | NMIS (Opmantek)
19. A Better Monitoring Alternative (LogicMonitor)
20. Nagios XI (Your Solarwinds Alternative Network Monitoring Solution)
21. Top 15 SolarWinds Alternatives & Similar Tools (eBool)
22. SolarWinds Server & Application Monitor Alternatives and Similar Software (AlternativeTo)
23. SolarWinds Alternative (Compare Site24x7 vs SolarWinds)
24. SolarWinds NPM Competitors and Alternatives (IT Central Station)
25. SolarWinds Alternative (OpManager VS SolarWinds NPM - ManageEngine)
26. Best SolarWinds Orion Platform Alternatives & Competitors
27. List of Best SolarWinds NPM Alternatives & Competitors 2021
28. SolarWinds Network Performance Monitor Alternatives & Competitors (G2)
29. Top SolarWinds Competitors and Alternatives - Gartner 2021 (IT Infrastructure Monitoring Tools)
30. SolarWinds Alternative - Get Modern Monitoring (Zenoss)
31. SolarWinds Alternative (OpManager VS SolarWinds NPM - ManageEngine)
32. Swap SolarWinds Orion for Intact Scorpio NOW
33. SolarWinds Alternatives (MetricFire Blog)
34. Who is behind APT29? What we know about this nation-state cybercrime group (The Daily Swig)

Updated 2021-02-11

1. CyberArk Virtual Event - (The Anatomy of the SolarWinds Attack)
2. Symantec Enterprise Podcasts
3. White House Names SolarWinds Response Leader Amid Criticism (SecurityWeek.Com)
4. SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover (tpost)
5. Software supply chain attacks – everything you need to know (The Daily Swig)
6. Zero Day Initiative — Three More Bugs in Orion’s Belt
7. CISA, SolarWinds up interest in security scoring (scmedia)
8. New cyber panel chair zeros in on election security, SolarWinds hack (hill)
9. White House Names Cybersecurity Expert to Lead Response to SolarWinds Hack (WSJ)
10. US Coast Guard orders maritime facilities to report SolarWinds breaches
11. Senators: U.S. response to huge SolarWinds hack has been 'disjointed and disorganized'
12. Our systems weren’t the entry point for SolarWinds attackers, says Microsoft (Channel Daily News)
13. SolarWinds Shines Spotlight on Supply Chain Risks (CSO Online)
14. VirusTotal
15. MAR-10318845-1.v1 - SUNBURST (CISA)
16. SolarWinds CEO: “SolarWinds Orion Development Program was Exploited by the Hackers” - E Hacking News (Latest Hacker News and IT Security News)
17. Multiple new flaws uncovered in SolarWinds software just weeks after high-profile supply chain attack (The Daily Swig)
18. Microsoft warns of increasing OAuth Office 365 phishing attacks
19. Microsoft: Office 365 Was Not SolarWinds Initial Attack Vector
20. Nearly One (Third of Attack Targets Weren’t Running SolarWinds)
21. ‘Severe’ SolarWinds Vulnerabilities Allow Hackers To Take Over Servers
22. Hackers had access to SolarWinds email system for months: report (hill)
23. Chinese threat actor may have exploited SolarWinds. New SolarWinds vulnerabilities reported. Spyware in South Sudan. BEC gift card scams rise.
24. US payroll agency targeted by Chinese hackers: report (hill)
25. This is How They Tell Me the World Ends
26. The Next Cyberattack Is Already Under Way (The New Yorker)
27. SolarWinds attack is not an outlier, but a moment of reckoning for security industry, says Microsoft exec (ZDNet)
28. Manufacturing particularly at risk of Solorigate (linked breaches)
29. CISA Warns of New Malware Threat to Vulnerable SolarWinds Orion Tech
30. Tips to harden Active Directory against SolarWinds-type attacks (CSO Online)
31. Here's How SolarWinds Hackers Stayed Undetected for Long Enough
32. Takeaways for Microsoft cloud customers and partners after the SolarWinds breach (MSCloudNews)
33. Incoming Biden administration looks to shake up US cybersecurity policy (The Daily Swig)
34. FireEye's Mandia: 'Severity (Zero Alert' Led to ...)
35. Microsoft downplays threat after admitting SolarWinds attackers accessed source code (The Daily Swig)
36. CISA releases Azure, Microsoft 365 malicious activity detection tool
37. Emergency directive: Global governments issue alert after FireEye hack is linked to SolarWinds supply chain attack (The Daily Swig)
38. SANS Institute (Newsletters - NewsBites)
39. Microsoft falls prey to SolarWinds supply chain cyber-attacks (The Daily Swig)
40. Tech Tent - Hackers breach US government (BBC Sounds)
41. We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext' (Register)
42. SolarWinds Corporation 8 (K SEC Filing)
43. NCSC statement on FireEye incident (NCSC.GOV.UK)
44. SolarWinds Orion vulnerability being actively exploited - updated advisory (CERT NZ)
45. Cybersecurity giant FireEye says it was hacked by govt-backed spies who stole its crown (jewels hacking tools • The Register)
46. US think tank breached three times in a row by SolarWinds hackers
47. Securing Active Directory: Performing an Active Directory Security Review

Updated 2021-02-10

1. Supply chain security is actually worse than we think (ZDNet)
2. SolarWinds chases multiple leads in breach investigation
3. Mimecast breach investigators probe possible SolarWinds connection (CyberScoop)

Updated 2021-02-09

1. Senate Select Committee on Intelligence letter to DNI
2. SolarWinds Recovery May Require Extreme Actions
3. SolarWinds security to-do list post hack (Utility Dive)
4. After SolarWinds Attack, Courts Revert to Paper for Secrets
5. The Right Response to SolarWinds (CoFR)
6. SolarWinds Fallout: Practices to strengthen data protection - (GCN)
7. A Key Step in Preventing a Future SolarWinds (Just Security)
8. SOLARWINDS UPDATE
9. Microsoft: Office 365 Was Not SolarWinds Initial Attack Vector
10. Multiple new SolarWinds vulnerabilities have been uncovered (TechRadar)
11. SolarWinds fallout could last for years, as power industry secures vulnerable equipment: Dragos CEO (Utility Dive)
12. Alex Stamos Attributes SolarWinds Hack To Russian Intel Service
13. SolarWinds CEO Confirms Office 365 Email ‘Compromise’ Played Role In Broad (Based Attack)
14. More SolarWinds News (secblvd)
15. FireEye stock falls as analysts debate effects of massive SolarWinds hack (MarketWatch)
16. Second SolarWinds Attack Group Breaks into USDA Payroll — Report (tpost)
17. More exploitable flaws found in SolarWinds software, says cybersecurity firm
18. Continuing Our Journey to Becoming Secure by Design (Orange Matter)
19. Findings From Our Ongoing Investigations (Orange Matter)
20. Hackers Lurked in SolarWinds Email System for at Least 9 Months, CEO Says (WSJ)
21. SolarWinds Hackers Cast a Wide Net (BankInfoSecurity)
22. Most Tools Failed to Detect the SolarWinds Malware. Those That Did Failed Too (CoFR)
23. President Biden Orders SolarWinds Intelligence Assessment
24. Microsoft: This is how the sneaky SolarWinds hackers hid their onward attacks for so long (ZDNet)
25. Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop (MS Security)
26. Microsoft Releases New Info on SolarWinds Attack Chain
27. After SolarWinds, the U.S. can trust no one (Fortune)
28. SolarWinds Attack Underscores 'New Dimension' in ...
29. Fourth malware strain discovered in SolarWinds incident (ZDNet)
30. Google Cloud: We do use some SolarWinds, but we weren't affected by mega hack (ZDNet)
31. Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender (MS Security)
32. Third malware strain discovered in SolarWinds supply chain attack (ZDNet)
33. SolarWinds Malware Arsenal Widens with Raindrop (tpost)
34. Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments (CISA)
35. SolarWinds: How a Rare DGA Helped Attacker Communications Fly Under the Radar (Symantec Blogs)
36. CISA discovers token abuse around SolarWinds hack, calls for full rebuild of affected networks (scmedia)
37. Hacking victim SolarWinds hires ex-Homeland Security official Krebs as consultant (Reuters)
38. DOJ says it was hit by SolarWinds hackers - (FCW)
39. SolarWinds Hack Breached Justice Department System (WSJ)
40. Feds: SolarWinds Breach Is Likely Russian Intel Gathering Effort
41. Azure-Sentinel/ADFSDomainTrustMods.yaml at master · Azure/Azure (Sentinel · GitHub)
42. Microsoft Hacked in Russia-Linked SolarWinds Cyberattack (WSJ)
43. Using Microsoft 365 Defender to protect against Solorigate (MS Security)
44. SolarWinds Hack: Is NSA Doing the Same to Russia?
45. Protecting Microsoft 365 from on-premises attacks (Microsoft Tech Community)
46. cyber.dhs.gov - Emergency Directive 21 (01)
47. Cloud Security: A Primer for Policymakers (Carnegie Endowment for International Peace)

Updated 2021-02-06

1. Mimecast To Lay Off 80 Workers Weeks After Disclosing Hack
2. Kevin Mandia: Discovering SolarWinds Hack ‘Validates Our Intelligence and Expertise’
3. Fidelis Targeted By SolarWinds Hackers After Installing Orion
4. Mimecast Breach Linked To SolarWinds Hack, Allowed Cloud Services Access
5. 5 Security Vendors That Have Reported Cyberattacks Since December
6. SolarWinds Hackers Access Malwarebytes’ Office 365 Emails
7. Email Security Firm Mimecast Says Hackers Hijacked Its Products to Spy on Customers | Technology News (US News)
8. 5 Things To Know About The Mimecast Hack And Stock Drop
9. Mimecast Certificate Hacked in Supply-Chain Attack (tpost)
10. Hackers Compromise Mimecast Certificate For Microsoft Authentication
11. SolarWinds Hack ‘One Of The Worst In The Last Decade’: Analyst
12. Feds: SolarWinds Attack ‘Poses a Grave Risk’ To Government, Business
13. Chinese Hackers Exploit SolarWinds To Steal Federal Payroll Info: Report

Updated 2021-02-05

1. Russia’s SolarWinds Attack and Software Security (Schneier)
2. Injecting a Backdoor into SolarWinds Orion (Schneier)
3. Cisco Event Response: SolarWinds Orion Platform Software Attack
4. January 8th Update on SolarWinds (JetBrains Blog)
5. Continuous Updates: Everything You Need to Know About the SolarWinds Attack (SecurityWeek.Com)
6. An Update on SolarWinds (JetBrains Blog)
7. Opinion: The SolarWinds hack is stunning. Here's what should be done (CNN)
8. Essays: The Solarwinds Hack Is Stunning. Here’s What Should Be Done (Schneier)
9. CISA Says Many Victims of SolarWinds Hackers Had No Direct Link to SolarWinds (SecurityWeek.Com)
10. Russia’s SolarWinds Attack (Schneier)
11. Cyberattack Hit Key US Treasury Systems: Senator (SecurityWeek.Com)
12. VMware Issues Updated Statement on SolarWinds Supply Chain Compromise and CVE 2020 (4006)
13. Hacked Networks Will Need to be Burned 'Down to the Ground' (SecurityWeek.Com)
14. VMware Issues Statement on SolarWinds Supply Chain Compromise and CVE 2020 (4006)
15. NSA on Authentication Hacks (Related to SolarWinds Breach) (Schneier)
16. Supply Chain Attack: CISA Warns of New Initial Attack Vectors Posing 'Grave Risk' (SecurityWeek.Com)
17. SolarWinds Removes Customer List From Site as It Releases Second Hotfix (SecurityWeek.Com)
18. Sunburst: Supply Chain Attack Targets SolarWinds Users (Symantec Blogs)
19. How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication (Schneier)
20. The U.S. government spent billions on a system for detecting hacks. The Russians outsmarted it. (wapo)
21. Cisco Talos Intelligence Group (Comprehensive Threat Intelligence: FireEye Breach Detection Guidance)
22. Cisco Talos Intelligence Group (Comprehensive Threat Intelligence: Threat Advisory: SolarWinds supply chain attack)
23. Quick Thoughts on the Russia Hack (Lawfare)
24. Agencies Need to Improve Implementation of Federal Approach to Securing Systems and Protecting against Intrusions

Updated 2021-02-04

1. Another SolarWinds Orion Hack (Schneier)
2. More SolarWinds News (Schneier)
3. Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities (Trustwave)
4. 3 New Severe Security Vulnerabilities Found In SolarWinds Software
5. Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say (WSJ)
6. Hacking ‘Likely’ Came From Russia, US Says (nyt)
7. How to Get Rich Sabotaging Nuclear Weapons Facilities (BIG by Matt Stoller)
8. SolarWinds hackers accessed Microsoft source code, the company says
9. SolarWinds releases updated advisory for new SUPERNOVA malware
10. Suspected Russian hackers used Microsoft vendors to breach customers (Reuters)
11. More on the SolarWinds Breach (Schneier)
12. FireEye and SolarWinds Cyber Attack Information for Exabeam Customers and Partners
13. SolarWinds Exposed GitHub Repository Publicly since 2018
14. SolarWinds, GitHub Leaks and Securing the Software Supply Chain (BluBracket)
15. red_team_tool_countermeasures/CVEs_red_team_tools.md at master · fireeye/red_team_tool_countermeasures (GitHub)
16. Text - S.592 - 116th Congress (2019-2020): Cybersecurity Disclosure Act of 2019 | Congress.gov (Library of Congress)
17. CJ03 Solar Flare Pulling apart SolarWinds ORION Rob Fuller (YouTube)

Updated 2021-02-03

1. President Biden Announces American Rescue Plan (The White House)
2. Q:CYBER spots lateral movement as used in the SolarWinds (Sunburst) calamity | State (insidenova.com)
3. SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security (YouTube)
4. Trump Contradicts Pompeo Over Russia’s Role in Hack (nyt)
5. Federal Agencies, Think Tank Targeted in Russian Hacking Spree
6. Suspected Russia SolarWinds Hack Exposed After FireEye Cybersecurity Firm Found 'Backdoor'
7. What We Know (And Don’t) About The SolarWinds Orion Hack So Far
8. SEC filings: SolarWinds says 18,000 customers were impacted by recent hack (ZDNet)
9. US govt, FireEye breached after SolarWinds supply (chain attack)
10. DHS, DOJ And DOD Are All Customers Of SolarWinds Orion, The Source Of The Huge US Government Hack
11. Unauthorized Access of FireEye Red Team Tools (fireeye)
12. Commit Virtual 2020: How to Build a Compromise Resilient CI/CD (YouTube)
13. Secure Publication of Datadog Agent Integrations With TUF and In-Toto (Datadog)
14. in-toto: Providing farm-to (table guarantees for bits and bytes)

Updated 2021-02-02

1. The U.S. Spent $2.2 Million on a Cybersecurity System That Wasn’t Implemented — and Might Have Stopped a Major Hack — ProPublica
2. SolarWinds Hack Prompts Congress to Put NSA in Encryption Hot Seat (tpost)
3. Russian hack brings changes, uncertainty to US court system
4. Federal Acquisition Supply Chain Security Act
5. New, free tool adds layer of security for the software supply chain

Updated 2021-01-29

1. SolarWinds Discloses Earlier Evidence of Hack (WSJ)
2. SolarWinds Hackers’ Attack on Email Security Company Raises New Red Flags (WSJ)
3. Hack of Federal Agencies Shows Cyber Dangers to Supply Chains (WSJ)
4. SolarWinds Hack Hit Office Home to Top Treasury Department Officials (WSJ)
5. Pompeo Blames Russia for Hack as Trump Casts Doubt on Widespread Conclusion (WSJ)
6. White House National Security Adviser O’Brien Cuts Trip Short to Address SolarWinds Hack (WSJ)
7. Suspected Russian Cyberattack Began With Ubiquitous Software Company (WSJ)
8. Suspected Russian Hack Said to Have Gone Undetected for Months (WSJ)
9. U.S. Agencies Hacked in Foreign Cyber Espionage Campaign Linked to Russia (WSJ)
10. U.S. Cyber Firm FireEye Says It Was Breached by Nation-State Hackers (WSJ)
11. I'm in your cloud, reading everyone's emails (hacking Azure AD via Active Directory)

Updated 2021-01-27

1. Adam Orton on Twitter: "@mikko @netresec @craiu Does "this was a lab machine" not pass anyone elses sniff test? Or just me?" / Twitter
2. Ongoing Analysis of SolarWinds Impacts (Fidelis Cybersecurity)
3. Important Security Update (Mimecast Blog)
4. Four security vendors disclose SolarWinds-related incidents (ZDNet)
5. Twenty-three SUNBURST Targets Identified (NETRESEC Blog)
6. SolarWinds Hacks: Virginia Regulator And $5 Billion Cybersecurity Firm Confirmed As Targets
7. Partial lists of organizations infected with Sunburst malware released online (ZDNet)

Updated 2021-01-25

1. Hackers exploit U.S. Agency Supply Chain (IT Security Guru)

Updated 2021-01-23

1. Biden Orders Sweeping Assessment of Russian Hacking, Even While Renewing Nuclear Treaty (nyt)
2. Russian Hacking Targeted Treasury Department’s Senior Leaders (nyt)
3. Global Intrusion Campaign Leverages Software Supply Chain Compromise (fireeye)

Updated 2021-01-22

1. Microsoft says it found malicious software in its systems (CNA)
2. U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise — Krebs on Security

Updated 2021-01-21

1. Biden administration to seek five-year extension on key nuclear arms treaty in first foray with Russia (wapo)
2. SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm
3. OODA Loop - If SolarWinds Is a Wake (Up Call, Who’s Really Listening?)
4. How Russia’s ‘Info Warrior’ Hackers Let Kremlin Play Geopolitics on the Cheap (WSJ)
5. Microsoft, FireEye confirm SolarWinds supply chain attack (ZDNet)
6. Russians Are Believed to Have Used Microsoft Resellers in Cyberattacks (nyt)
7. At Least 200 Victims Identified in Suspected Russian Hacking (Bloomberg)
8. What we know – and still don’t – about the worst-ever US government cyber-attack | Hacking (Guardian)
9. VMware Falls on Report Its Software Led to SolarWinds Breach (Bloomberg)
10. Microsoft warns UK companies were targeted by SolarWinds hackers
11. US under major active cyberattack from Russia, Trump’s former security adviser warns (The Independent)
12. Cyber attack may be ‘worst in the history of America’ (LV Jrnl)
13. U.S. Agencies Exposed in Attack by Suspected Russian Hackers (Bloomberg)
14. Opinion (I Was the Homeland Security Adviser to Trump. We’re Being Hacked. - The New York Times)
15. Sunburst Trojan (What You Need to Know)
16. Russian hackers compromised Microsoft cloud customers through third party, putting emails and other data at risk
17. Group Behind SolarWinds Hack Bypassed MFA to Access Emails at US Think Tank (SecurityWeek.Com)
18. SolarWinds Hack: U.K. Government, NATO Join U.S. in Monitoring Risk (Bloomberg)
19. Russian hack’s sophistication impresses even the experts (wapo)
20. Treasury, Commerce, Others Hacked by Russian Government Spies, Report (Rolling Stone)
21. Russian government (backed hackers breached the U.S. Treasury)
22. Cyberattack on U.S. Treasury by foreign government
23. REFILE-EXCLUSIVE-U.S. Treasury breached by hackers backed by foreign government - sources (Reuters)
24. CISA orders agencies to quickly patch critical Netlogon bug (CyberScoop)
25. 99 Problems but Two-Factor Ain’t One (fireeye)

Updated 2021-01-20

1. Malwarebytes says SolarWinds hackers accessed its internal emails
2. Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments - Malwarebytes Labs (Malwarebytes Labs)
3. Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
4. Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (fireeye)
5. Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack
6. A New SolarWinds Malware Strain Is Discovered
7. The aftermath of the SolarWinds breach: Organizations need to be more vigilant (TechRepublic)
8. GitHub - fireeye/Mandiant-Azure-AD (Investigator)
9. UNC2452: What We Know So Far
10. Extracting Security Products from SUNBURST DNS Beacons (NETRESEC Blog)
11. SUNBURST Additional Technical Details (fireeye)
12. SolarWinds (Understanding & Detecting the SUPERNOVA Webshell Trojan - SentinelLabs)
13. From the Solarwinds supply chain attack (Golden Chain Bear) to see the covert operations in APT operations
14. SolarWinds SUNBURST Backdoor: Inside the APT Campaign (SentinelLabs)
15. Reassembling Victim Domain Fragments from SUNBURST DNS (NETRESEC Blog)
16. Responding to the SolarWinds Breach: Detect, Prevent, and Remediate the Dark Halo Supply Chain Attack (Volexity)
17. How to create a backdoor to Azure AD (part 1: Identity federation)

Updated 2021-01-19

1. Malwarebytes said it was hacked by the same group who breached SolarWinds (ZDNet)
2. Raindrop: New Malware Discovered in SolarWinds Investigation (Symantec Blogs)
3. Cyber ‘Deterrence’: A Brexit Analogy (Lawfare)
4. SolarWinds malware was sneaked out of the firm's Orion build environment 6 months before anyone realised it was there (report • The Register)
5. Finding Targeted SUNBURST Victims with pDNS (NETRESEC Blog)
6. SolarWinds Likely Hacked at Least One Year Before Breach Discovery (SecurityWeek.Com)
7. Hackers Tied to Russia Hit Nuclear Agency; Microsoft Is Exposed (Bloomberg)
8. SolarWinds attack explained: And why it was so hard to detect (CSO Online)
9. How bad is the hack that targeted US agencies
10. U.S. Homeland Security, thousands of businesses scramble after suspected Russian hack (Reuters)
11. Scope of Russian Hacking Becomes Clear: Multiple U.S. Agencies Were Hit (nyt)
12. SolarWinds hack: US officials scramble to deal with suspected Russian hack of government agencies (CNNPolitics)
13. Suspected Russian hackers spied on U.S. Treasury emails - sources (Reuters)

Updated 2021-01-18

1. IOTW: As The SolarWinds Hack Investigation Continues, New Insights Reveal A New Suspect (Cyber Security Hub)
2. Golden SAML Revisited: The Solorigate Connection (secblvd)
3. All about the suspected Russian cyberattack that Microsoft has called ‘moment of reckoning’

Updated 2021-01-17

1. Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor
2. Cyber Threat Intel Analysis and Expansion of SolarWinds Identified IoCs
3. SolarWinds Deadline Alert
4. A closer look at the SolarWinds hack (Cyprus Mail)
5. American Public Reticent to Retaliate Against SolarWinds Hack (The National Interest)
6. SolarWinds Update
7. Cybersecurity Stocks that Lagged in 2020 Could Get Boost from SolarWinds Hack (RealMoney)
8. The Cybersecurity 202: Sen. Mark Warner plans breach-notification debate in wake of SolarWinds hack (wapo)
9. SolarWinds Supply Chain Hack: Investigation Update
10. SOLARWINDS INVESTORS: March 5, 2021 Filing Deadline in Shareholder Class Action – Contact Lieff Cabraser (bizwire)
11. SolarWinds fallout makes secure communications a critical first line of defense - (FCW)
12. SWI INVESTOR FRAUD LAWSUIT: Hagens Berman Alerts SolarWinds (SWI) Investors to Securities Fraud Lawsuit and Encourages Investors with Losses to Contact Firm Now
13. SolarWinds Says It’s Closer to Finding Source of Cyberattack
14. SolarWinds Cyber-Attack Has Significant Implications for Developers and Contractors (Robinson+Cole Data Privacy + Security Insider - JDSupra)
15. SolarWinds Close to Figuring Out How Cyberattack Occurred
16. Understanding third-party hacks in the aftermath of the SolarWinds breach (Help Net Security)
17. Some UW Campuses That Contract With SolarWinds IT Provider Exploited In National Cyberattack (Wisconsin Public Radio)
18. Published (Zero Day Initiative)
19. Kaspersky experts connect SolarWinds attack with Kazuar backdoor
20. The Cybersecurity 202: NSA cyber chief Anne Neuberger is heading to the Biden White House (wapo)
21. SolarWinds Hack Forces Reckoning With Supply-Chain Security (WSJ)
22. The Devil’s in the Details: SUNBURST Attribution
23. From the Bronze Soldier to Solarwinds, tracking unfettered Kremlin disruption across 15 years  (Great Power)
24. What the SolarWinds hack really tells us (TechBeacon)
25. SolarWinds CEO: Company Might Not Be the Only Compromise (My TechDecisions)
26. Lessons from the SolarWinds Hack: Robust Cybersecurity Requires Leadership (Toka)
27. Third malware strain discovered in SolarWinds supply chain attack (ZDNet)
28. Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes (tpost)
29. Email security firm Mimecast says hackers hijacked its products to spy on customers (Reuters)
30. Autocracy ascends the cracks of democracy  (Great Power)
31. Austin's SolarWinds closer to understanding source of massive breach
32. Researchers Find Links Between Sunburst and Russian Kazuar Malware
33. More federal victims of SolarWinds hacking likely to come forward, CISA chief says
34. New SolarWinds CEO sets out rescue plan
35. SolarWinds hackers linked to known Russian spying tools, investigators say (Reuters)
36. Exclusive: FBI probes Russian-linked postcard sent to FireEye CEO after cybersecurity firm uncovered hack - sources (Reuters)
37. SolarWinds hackers linked to known Russian spying tools, investigators say (Reuters)
38. SolarWinds Hack Lessons Learned: Finding the Next ...
39. SolarWinds Hack Lessons Learned: Finding the Next ...
40. SolarWinds CEO: Attack Was ‘One Of The Most Complex And Sophisticated’ In History
41. Password Guessing Used as a Weapon by SolarWinds Hackers to Breach Targets - E Hacking News (Latest Hacker News and IT Security News)
42. Disturbing trend: Recent nation state attacks (Cybersecurity Tech Accord)
43. SolarWinds Fights Back With Chris Krebs, Alex Stamos Hires
44. Meet The Super Rich Czech Tech Company — And Its Russian CEO —Denying Links To The Huge SolarWinds Hack
45. SolarWinds hack: Who’s to blame? It’s complicated. (TechBeacon)
46. SolarWinds Hackers Compromise Confidential Court Filings
47. SolarWinds Take Control Alternative (Splashtop SOS)
48. Sunburst Malware Optics Rules
49. Russia's SolarWinds Hack Is the Big One (BoonWorks)
50. SolarWinds Hack: Cisco And Equifax Amongst Corporate Giants Finding Malware... But No Sign Of Russian Spies
51. GitHub (fireeye/sunburst_countermeasures)
52. Hackers last year conducted a 'dry run' of SolarWinds breach
53. FireEye Malware Optics Rules
54. SolarWinds Breach Used to Infiltrate Customer Networks (Solarigate)

Updated 2021-01-16

1. Google’s approach to secure software development and supply chain risk management (Google Cloud Blog)

Updated 2021-01-15

1. Mimecast Cert Compromised to Target Inboxes in “Sophisticated” Attack (Infosecurity Magazine)
2. Hackers abusing Mimecast certs to target Microsoft 365 users
3. Sunburst Malware Information (FireEye)
4. DoJ confirms email accounts breached by SolarWinds hackers | Hacking (Guardian)
5. Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender (MS Security)
6. ROSEN, RESPECTED INVESTOR COUNSEL, Reminds SolarWinds Corporation Investors of Important March 5 Deadline in First Filed Securities Class Action Commenced by the Firm; Encourages Investors with Losses in Excess of $100K to Contact the Firm (SWI)
7. Cybersecurity Pioneer Cyemptive Technologies Cautions Entities About the Depth and Breadth of the Recent SolarWinds Cyber Incident; Provides First Reliable Solution to Address Such Invasive Attacks (bizwire)
8. FireEye not ready to ascribe SolarWinds hack to Russia - (FCW)
9. Microsoft’s Smith Talks ‘WarGames,’ SolarWinds Hack at CES (SDxCentral)
10. SolarWinds Cyber (Attack Affects Developers and Contractors)
11. CORRECTING and REPLACING Intact Technology, Inc. Develops an Alternative Solution to SolarWinds Orion (bizwire)
12. SolarWinds Hack Could Cost Cyber Insurance Firms $90 Million
13. SolarWinds defense: How to stop similar attacks (ZDNet)
14. The SolarWinds Hack Was Huge. JPMorgan Is Defending the Stock. (Barron's)
15. Cybersecurity firm identifies third SolarWinds hack malware strain (FoxBiz)
16. Brazen SolarWinds Hackers Offer Alleged Windows 10 Source Code For $600,000 (HotHardware)
17. SHAREHOLDER ALERT: WeissLaw LLP Investigates SolarWinds Corporation
18. SOLARWINDS INVESTOR ALERT: Class Action Lawsuit Filed
19. Expect more SolarWinds victims, national security official says - (GCN)
20. SWI INVESTORS ACT FAST: Hagens Berman Alerts SolarWinds (SWI) Investors to Securities Fraud Lawsuit and Encourages Investors with Losses to Contact Firm Now
21. Microsoft President Brad Smith: SolarWinds Attack Violated ‘Norms And Rules’ Of Government Activities
22. SolarWinds: Between The Clouds (secblvd)
23. SolarWinds aftermath continues with SolarLeaks (Blueliv)
24. SolarWinds aftermath continues with SolarLeaks (secblvd)
25. Mimecast hit by “sophisticated threat actor”
26. Hackers hijacked email security firm Mimecast to spy on customers (VentureBeat)
27. Mimecast Says Attackers Stole Certificate, Targeted Customers' Email (Decipher)
28. Mimecast Says Hackers Compromised Digital Certificate
29. Mimecast shares tumble as company reports cyberthreat to some customers (Boston Business Journal)
30. Miscreants Manipulate Mimecast Certificate -> Microsoft 365 Exchange Web Services: Welcome To The Pew Pew (secblvd)
31. SolarWinds Attackers May Have Hit Mimecast, Driving ...
32. Mimecast: Hackers Compromised A Digital Certificate (My TechDecisions)
33. Mimecast compromised by a threat actor | 2021-01-13 (Security Magazine)
34. SolarWinds Hack Followed Years of Warnings of Weak Cybersecurity (Bloomberg)
35. Cyberespionage campaign hits Colombia. New malware found in the SolarWinds incident. Mimecast certificates compromised. Ubiquiti tells users to reset passwords. Two wins for the good guys.
36. Evanina: Number of known SolarWinds victims 'will continue to grow' - (FCW)
37. SolarWinds Hackers' Attack on Email Security Company Raises New Red Flags (MarketScreener)
38. Important Update from Mimecast (Mimecast Blog)
39. Email security firm Mimecast says hackers hijacked its products to spy on customers (Reuters)
40. The Hack Roundup: SolarWinds Shares Details on How Attackers Inserted Backdoor (Nextgov)
41. Sunburst backdoor – code overlaps with Kazuar (Securelist)
42. The Colorado Division of Securities alerts securities firms to be aware of any impact of SolarWinds hack (WesternSlopeNow.com)
43. Industry urges agencies to accelerate zero trust adoption after SolarWinds hack (FedScoop)
44. The SolarWinds Investigation Ramps Up (WIRED)
45. CISA: SolarWinds hackers also used password guessing to breach targets (ZDNet)
46. SolarWinds roundup: Fixes, new bad actors, and what the company knew (Network World)
47. How we protect our users against the Sunburst backdoor (Securelist)
48. Advanced Persistent Threat Actors Leverage SolarWinds Vulnerabilities
49. On the SolarWinds Hack or When Total Information Awareness is the Chainsaw Which Gently Buggers You Sidewise (An F... Again...)
50. Sunburst: connecting the dots in the DNS requests (Securelist)
51. SolarWinds' dominance became a liability in sprawling spy campaign (VentureBeat)
52. The SolarWinds Breach: Why Your Work Computers Are Down Today (Lawfare)

Updated 2021-01-14

1. Top SolarWinds risk assessment resources for Microsoft 365 and Azure (CSO Online)
2. Sunspot malware scoured servers for SolarWinds builds to trojanize them
3. SolarLeaks site claims to sell data stolen in SolarWinds attacks
4. SolarWinds Says It Has Found Source of Massive Cyberattack (TheStreet)
5. Hackers Didn’t Only Use SolarWinds to Break In, Says CISA (secblvd)
6. Robust Indicators of Compromise for SUNBURST (NETRESEC Blog)
7. CISA: Hackers access to federal networks without SolarWinds - (FCW)
8. FireEye reveals that it was hacked by a nation state APT group
9. Create a Log Analytics workspace in the Azure portal - Azure Monitor (Microsoft Docs)

Updated 2021-01-13

1. SolarWinds: What Hit Us Could Hit Others — Krebs on Security
2. solarleaks

Updated 2021-01-12

1. New Findings From Our Investigation of SUNBURST (Orange Matter)
2. SUNSPOT Malware: A Technical Analysis (CrowdStrike)
3. Our Plan for a Safer SolarWinds and Customer Community (Orange Matter)
4. Bucking Trump, NSA and FBI say Russia was “likely” behind SolarWinds hack (ars)
5. SolarWinds Hit With Class (Action Lawsuit Following ...)
6. Suspected Russian hackers used Microsoft vendors to breach customers (Reuters)
7. Why Solarwinds Hack didn't succeed for Comodo Customers? Post

Updated 2021-01-11

1. How to Understand and Defend Against SolarWinds (Type Attacks)

Updated 2021-01-10

1. CEO Refutes Reports of Involvement in SolarWinds Campaign (Infosecurity Magazine)

Updated 2021-01-09

1. A Golden SAML Journey: SolarWinds Continued (Splunk)
2. SolarWinds Hires Chris Krebs and Alex Stamos for ...
3. Krebs Stamos Group

Updated 2021-01-08

1. SolarWinds Corporation (NYSE: SWI)
2. Third-Party Risk Management (TPRM) Best Practices (View Webinar)
3. Protect Against Supply Chain Cyber Attacks (SecureLink eBook)
4. SolarWinds hires former Trump cyber security chief Chris Krebs
5. The SolarWinds Hack
6. SolarWinds to pay former CEO US$312K to assist with investigations - Software (CRN Australia)
7. SolarWinds hires Chris Krebs, Alex Stamos to boost security in wake of suspected Russian hack
8. The Cybersecurity 202: Riot in the Capitol is a nightmare scenario for cybersecurity professionals (wapo)
9. Sealed U.S. Court Records Exposed in SolarWinds Breach — Krebs on Security
10. Gossamer tool aims to defend open source projects against SolarWinds-style supply chain attacks (The Daily Swig)
11. NSA Warns That Russian Hackers Are Targeting Virtual Workspaces (Nextgov)
12. CISA: SolarWinds Hackers Got Into Networks by Guessing Passwords (Nextgov)
13. Implications of Russian Hacking of SolarWinds
14. The Trends At SolarWinds (NYSE:SWI) That You Should Know About (Simply Wall St News)
15. SOLARWINDS INVESTORS: ALERT BY FORMER LOUISIANA ATTORNEY GENERAL - Kahn Swick & Foti, LLC Reminds Investors of Lead Plaintiff Deadline in Class Action Lawsuit Against SolarWinds Corporation (SWI)
16. DoJ says SolarWinds hackers breached its Office 365 system and read email (ars)
17. Judiciary Addresses Cybersecurity Breach: Extra Safeguards to Protect Sensitive Court Records (US Courts)
18. Scott+Scott Attorneys at Law LLP Continues Investigating SolarWinds Corporation’s Directors and Officers for Breach of Fiduciary Duties (SWI)
19. We Should Have Known SolarWinds Would Be a Target (CoFR)
20. SolarWinds Hack, Ransomware, Regulations Figure Prominently as Virtual Cybersecurity Summits Resume in 2021
21. SHAREHOLDER ALERT: Block & Leviton LLP Investigating SolarWinds Corp. and Pluralsight, Inc. for Possible Breaches of Fiduciary Duty; Shareholders Should Contact the Firm
22. SWI INVESTOR FRAUD LAWSUIT FILED: Hagens Berman Encourages SolarWinds (SWI) Investors with Losses to Contact Firm Now
23. SolarWinds Sued Over Russian Hack (SDxCentral)
24. How to prepare for and respond to a SolarWinds-type attack (CSO Online)
25. Life After the SolarWinds Supply Chain Attack
26. Faulty enterprise software, like SolarWinds, $2 trillion problem (BI)
27. SolarWinds Government Data Breach Leads to Securities Action (Lexology)
28. Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) (CISA)
29. SolarWinds Breach is the Rule, Not an Exception (secblvd)
30. HAGENS BERMAN, NATIONAL TRIAL ATTORNEYS, Encourages SolarWinds (SWI) Investors with Losses to Contact Firm Now, Securities Fraud Lawsuit Filed
31. After SolarWinds breach, where do we go from here? (FRN)
32. EQUITY ALERT: Rosen Law Firm Files Securities Class Action Lawsuit Against SolarWinds Corporation – SWI (bizwire)
33. SolarWinds breach could reshape cybersecurity practices
34. Gossamer: Supply Chain Security for Open (Source Software)
35. Canada Pension Plan Investment Board’s purchase of SolarWinds stock likely to fall under scrutiny (wapo)
36. National cyber director role in the spotlight after SolarWinds hack
37. SolarWinds Orion: Fixes Aim to Block Sunburst and Supernova
38. CrowdStrike Fends Off Attack Attempted By SolarWinds Hackers
39. SHAREHOLDER ALERT: SolarWinds Corp. Investigated for Possible Breaches of Fiduciary Duty After Insiders Sold $285 Million Worth of Company Stock; Investors Should Contact Block & Leviton LLP
40. Microsoft: A 2nd Group May Have Also Breached SolarWinds
41. Advisory for SolarWinds Orion Vulnerabilities (secblvd)
42. Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach (GeekWire)
43. Hackers used SolarWinds' dominance against it in sprawling spy campaign (Reuters)
44. Agencies Need to Improve Implementation of Federal Approach to Securing Systems and Protecting against Intrusions

Updated 2021-01-07

1. GitHub (cisagov/Sparrow: Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.)

Updated 2021-01-06

1. Department of Justice Statement on Solarwinds Update | OPA (DOJ)
2. Statement on the story from The New York Times regarding JetBrains and SolarWinds (JetBrains Blog)
3. FBI probe of major hack includes project-management software from JetBrains: sources (Reuters)
4. Widely Used Software Company May Be Entry Point for Huge U.S. Hacking (nyt)
5. Justice Department also hit by Russian hackers (wapo)
6. SolarWinds hack officially blamed on Russia: What you need to know (CNET)
7. CISA updates on SolarWinds compromise - (GCN)
8. SolarWinds Hit With Class (Action Lawsuit Alleging Securities Violations)
9. SolarWinds hack may be bigger than previously believed (SiliconANGLE)
10. VU#843464 (SolarWinds Orion API authentication bypass allows remote command execution)
11. Biden Assails Trump Over Handling of Russia Hacking (nyt)
12. Federal Reserve Board (Agencies propose requirement for computer security incident notification)

Updated 2021-01-05

1. White House Removes Spokeswoman at Agency Responding to SolarWinds Hack (WSJ)
2. ALERT FOR SWI INVESTORS WITH LOSSES: Bernstein Liebhard is Investigating SolarWinds Corporation For Violations of the Securities Laws
3. SolarWinds attack: CrowdStrike says no impact
4. Reshaping Cyberspace: Beyond the Emerging Online Mercenaries and the Aftermath of SolarWinds
5. The Cyberlaw Podcast: The Grim Lessons of the SolarWinds Breach (Lawfare)
6. Researchers say cloud deployments of SolarWinds Orion could put API keys at risk (IT World Canada)
7. SolarWinds hack endangering cloud services’ API keys (DevOps Online)
8. Latest on the SVR’s SolarWinds Hack (Schneier)
9. Severe SolarWinds Hacking: 250 Organizations Affected?
10. Treasury Finds no Evidence of Tax Data Breach in SolarWinds Hack (MeriTalk)
11. US issues advisory for agencies to update SolarWinds software (Express Computer)
12. SolarWinds, top executives hit with class action lawsuit over Orion software breach (scmedia)
13. Class Action Complaint for Violation of the Federal Securities Laws
14. SolarWinds hack may have been a global attack (TechRadar)
15. Solar Winds Blow Hard (secblvd)
16. The Grim Lessons of the SolarWinds Breach (reason)
17. SolarWinds hack poses risk to cloud services' API keys and IAM identities
18. SolarWinds shareholder files class-action lawsuit alleging leadership 'misrepresented and failed to disclose' information about hack (FoxBiz)
19. SolarWinds Breach ‘Much Worse’ Than Feared (SDxCentral)
20. SolarWinds: The more we learn, the worse it looks (ZDNet)
21. Bremer v. SolarWinds Corporation Et Al - Complaint | Sec Rule 10b 5 (Class Action)
22. The threats arising from the massive SolarWinds hack (CBS News)
23. As Understanding of Russian Hacking Grows, So Does Alarm (nyt)
24. This Week In Security: Deeper Dive Into SolarWinds, Bouncy Castle, And Docker Images (Hackaday)
25. SolarWinds MSP Rebranding As N-able Amid Spin-Out Plan (ChannelE2E)
26. Learning from SolarWinds: Five steps to fortify your cloud supply chain | Article (Compliance Week)
27. Agencies scrambling to get a grip after SolarWinds hack (FRN)
28. In wake of SolarWinds and Vietnam, more supply chain attacks expected 2021 (scmedia)
29. Dissecting The SolarWinds Hack For Greater Insights With A Cybersecurity Evangelist
30. SolarWinds hack: Cybersecurity company calls for more transparency with what happened (KXAN Austin)
31. Here's a simple explanation of the SolarWinds hack (BI)
32. Cloud infrastructure is not immune from the SolarWinds Orion breach (secblvd)
33. 'No evidence' IRS taxpayer information exposed by SolarWinds hack (FedScoop)
34. Cloud infrastructure is not immune from the SolarWinds Orion breach (Ermetic)
35. Infosec pros warned of second SolarWinds Orion vulnerability (IT World Canada News)
36. Trump's reluctance to name Russia in SolarWinds hack will hamper recovery (Axios)
37. After the FireEye and SolarWinds breaches, what’s your failsafe? (TechCrunch)
38. Bill That Trump Is Vowing to Veto Strengthens Hacking Defenses, Lawmakers Say (nyt)
39. Senators Press IRS for SolarWinds Hack Briefing (WSJ)
40. HAGENS BERMAN, NATIONAL TRIAL ATTORNEYS, Investigating SolarWinds (SWI) Knowledge of Hack in Orion Products, Encourages SWI Investors with Losses to Contact Firm Now
41. SolarFlare Release: Password Dumper for SolarWinds Orion :: malicious.link — welcome
42. GitHub (mubix/solarflare: SolarWinds Orion Account Audit / Password Dumping Utility)
43. Find cloud account credentials
44. Fun with SolarWinds Orion Cryptography — Atredis Partners

Updated 2021-01-01

1. Microsoft Internal Solorigate Investigation Update (Microsoft Security Response Center)
2. The Real Culprit Behind SolarWinds: Remote Code Execution
3. Solorigate Resource Center – updated December 31st, 2020 (Microsoft Security Response Center)

Updated 2020-12-31

1. CISA updates SolarWinds guidance, tells US govt agencies to update right away (ZDNet)
2. Op (ed: What nobody else will say about the new cybersecurity crisis)
3. Analysis: The Impact of SolarWinds Hack (BankInfoSecurity)
4. SolarWinds SUNBRUST backdoor investigation using ShiftLeft’s Code Property Graph (secblvd)
5. How hacked is hacked? Here’s a ‘hack scale’ to better understand the SolarWinds cyberattacks (GeekWire)
6. How did SolarWinds' massive data breach go undetected for months? (YouTube)
7. A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware
8. SolarWinds Hack Infected Critical Infrastructure
9. Five Solution Providers Breached By SolarWinds Hackers: Researchers
10. Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are (CyberScoop)
11. CrowdStrike Launches Free Tool to Identify & Mitigate Risks in Azure Active Directory (CrowdStrike)
12. Coast Guard releases bulletin on SolarWinds hack (WorkBoat)
13. Loptr CEO Discusses Solarwinds Breach and How to Stay Safe
14. A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says
15. The Law Offices of Frank R. Cruz Continues Its Investigation of SolarWinds Corporation (SWI) on Behalf of Investors (bizwire)
16. A second hacking group has targeted SolarWinds systems (ZDNet)
17. SHAREHOLDER ALERT: Kaskela Law LLC Announces Investigation of SolarWinds Corp. (SWI) and Encourages SWI Stockholders to Contact the Firm
18. New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor
19. US Agencies and FireEye Were Hacked Using SolarWinds Software Backdoor

Updated 2020-12-28

1. Suspected Russian hackers used Microsoft vendors to breach customers (Reuters)

Updated 2020-12-24

1. Azure-Sentinel/RareProcbyServiceAccount.yaml at master · Azure/Azure (Sentinel · GitHub)
2. Azure-Sentinel/MailPermissionsAddedToApplication.yaml at master · Azure/Azure (Sentinel · GitHub)
3. Azure-Sentinel/FirstAppOrServicePrincipalCredential.yaml at master · Azure/Azure (Sentinel · GitHub)
4. GitHub - Azure/Azure-Sentinel: Cloud (native SIEM for intelligent security analytics for your entire enterprise.)
5. How the SolarWinds hackers are targeting cloud services in unprecedented cyberattack (GeekWire)
6. List of Known SolarWinds Breach Victims Grows, as Do Attack Vectors
7. Opinion (With Hacking, the United States Needs to Stop Playing the Victim - The New York Times)
8. Massive data breach may have been discovered due to 'unforced error' by suspected Russian hackers (CNNPolitics)
9. Azure AD workbook to help you assess Solorigate risk (Microsoft Tech Community)
10. Prevasio: Sunburst Backdoor, Part III: DGA & Security Software
11. Advice for incident responders on recovery from systemic identity compromises (MS Security)
12. Azure-Sentinel/SolarWindsPostCompromiseHunting.json at master · Azure/Azure (Sentinel · GitHub)
13. Prevasio: Sunburst Backdoor, Part II: DGA & The List of Victims
14. 40 Of Microsoft's Customers Impacted By SolarWinds Hack : NPR
15. SolarWinds Post-Compromise Hunting with Azure Sentinel (Microsoft Tech Community)
16. subdomain & #DGA domain names , #SolarWinds, attacked by #UNC2452 @0xrb (Pastebin.com)
17. Prevasio: Sunburst Backdoor: A Deeper Look Into The SolarWinds' Supply Chain Malware
18. research/uniq (hostnames.txt at main · bambenek/research · GitHub)
19. Alleged Russian Malware Hack Hit Local Governments In U.S., Officials Say : NPR
20. Russian State (Sponsored Actors Exploiting Vulnerability in VMware® Workspace ONE Access Using Compromised Credentials)
21. VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address command injection vulnerability
22. Azure-Sentinel/ProcessEntropy.yaml at master · Azure/Azure (Sentinel · GitHub)
23. Azure-Sentinel/uncommon_processes.yaml at master · Azure/Azure (Sentinel · GitHub)

Updated 2020-12-23

1. Security Advisory FAQ (SolarWinds)
2. Validating the SolarWinds N-central “Dumpster Diver” Vulnerability | by Kyle Hanslovan (Huntress)
3. ConnectWise Control MSP Security Vulnerabilities Are ‘Severe:’ Bishop Fox
4. SolarWinds hack continues to spread: What you need to know (CNET)
5. Security Advisory (SolarWinds)
6. The Facts and Mysteries About Russia’s Hack of the U.S.
7. Experts say SolarWinds hack could impact Kern County businesses
8. Joe Biden Blames Russia For Huge SolarWinds Hack (HuffPost)
9. SolarWinds hack exploited weaknesses we continue to tolerate (FT)
10. Syxsense Confirms There is Zero SolarWinds® Orion® in its Environment and is Not a SolarWinds Customer
11. solorigate_sample_source/OrionImprovementBusinessLayer.cs at main · Shadow0ps/solorigate_sample_source (GitHub)
12. Bloodhound walkthrough. A Tool for Many Tradecrafts (Pen Test Partners)
13. SolarWinds Compromise May Have Begun 5 Months Earlier Than Suspected
14. SolarWinds roundup: Fixes, new bad actors, and the company knew (Network World)
15. All SentinelOne Customers Protected from SolarWinds SUNBURST Attack (bizwire)
16. Florida Investigating Server Hacking Through SolarWinds Software
17. The SolarWinds hack, and the danger of arrogance (scmedia)
18. Qualys Researchers Identify 7+ Million Vulnerabilities Associated with SolarWinds/FireEye Breach by Analyzing Anonymized Vulnerabilities across Worldwide Customer Base (secblvd)
19. The SolarWinds Compromise and the Strategic Challenge of the Information and Communications Technology Supply Chain (CoFR)
20. CISA updates emergency directive for SolarWinds Orion compromise | 2020-12-22 (Security Magazine)
21. SolarWinds Orion/SUNBURST – Armis Can See Impacted Devices & Attacks (secblvd)
22. Everything we know about the Solarwinds Hack! (Updated!) (YouTube)
23. SolarWinds: What It Means & What’s Next
24. Anexinet Exec: Lack Of Monitoring In SolarWinds Hack Is ‘Scary’
25. HPE: ‘No Evidence’ It Has Been ‘Impacted’ By SolarWinds (Based Attack)
26. SolarWinds Campaign Focuses Attention on 'Golden ...
27. How SolarWinds could’ve been prevented (FRN)
28. SolarWinds victims revealed after cracking the Sunburst malware DGA
29. SolarWinds Claims Execs Unaware of Breach When They Sold Stock (SecurityWeek.Com)
30. Continue Clean (up of Compromised SolarWinds Software)
31. The Solarwinds breach — What do CIOs need to do now?
32. CISA warns that SolarWinds software may not be only entry point in latest breaches - (GCN)
33. SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security (secblvd)
34. Kevin Mandia: 50 Firms ‘Genuinely Impacted’ By SolarWinds Attack
35. SolarWinds incident should be a catalyst to rethink federal cybersecurity (FRN)
36. Top Expert Backgrounder: Russia’s SolarWinds Operation and International Law
37. CNN.com (Transcripts)
38. It’s A Twister! Will SolarWinds Blow Cybersecurity Governance Reform Into The Boardroom?
39. FireEye, Crowdstrike enjoy record days as SolarWinds hack leads to soaring security stocks (MarketWatch)
40. SolarWinds hack shows we need a 'whole of society' national cyber strategy (hill)
41. US cyber-attack: Russia 'clearly' behind SolarWinds operation, says Pompeo (BBC News)
42. Massive SolarWinds hack has big businesses on high alert (CNN)
43. NATO Checking Systems After US Cyberattack (SecurityWeek.Com)
44. Sunburst's C2 Secrets Reveal Second-Stage SolarWinds Victims (tpost)
45. 'Very, very large' telecom organization and Fortune 500 company breached in SolarWinds hack (scmedia)
46. Erlang Authenticated Remote Code Execution :: malicious.link — welcome
47. "Strategic Silence" and State (Sponsored Hacking: The US Gov't and SolarWinds)
48. DOE Update on Cyber Incident Related to Solar Winds Compromise (DOE)
49. FireEye, SolarWinds Breaches: Implications and Protections (eSecurityPlanet)
50. SolarWinds Scandal Calls Attention to Supply Chain Security
51. SolarWinds Should Have Been More ‘Vigilant’: Palo Alto Networks CEO
52. DATA443 RELEASES STATEMENT ON FIREEYE AND SOLARWINDS HACK AND BREACH OTC Markets:ATDS
53. Datto Offers All MSPs Free Scanner To Find Signs Of FireEye, SolarWinds Hack
54. SolarWinds Hack Throws Wrench In Private Equity’s Most Profitable Market
55. The Strategic Implications of SolarWinds (Lawfare)
56. DOE confirms its systems were compromised by SolarWinds hack (Utility Dive)
57. Alex Stamos on Twitter: "There is a long history of "trickle down" effects in cyber, where a technique honed by a major player becomes commonplace. China's 2000s APTs -> Iran/DPRK/teenagers in the 2010s. Stuxnet ->smart ransomware. If supply (chain a)
58. Alex Stamos on Twitter: "@VickerySec So far, all of the activity that has been publicly discussed has fallen into the boundaries of what the US does regularly and what we explicitly excluded from the Obama (Xi deal. If we are going to set new red lines, th)
59. VMware Flaw a Vector in SolarWinds Breach? — Krebs on Security
60. VMware Flaw Used To Hit Choice Targets In SolarWinds Hack: Report
61. Cisco Hacked Through SolarWinds As Tech Casualties Mount
62. Industry Letter - December 18, 2020: Supply Chain Compromise Alert (Department of Financial Services)
63. Sygnia Advisory: Detection of Golden SAML attacks
64. US cyber-attack: US energy department confirms it was hit by Sunburst hack (BBC News)
65. Five Russian hacks that transformed US cyber-security (BBC News)
66. SolarWinds: UK assessing impact of hacking campaign (BBC News)
67. Tech Tent: Hacking the heart of the US government (BBC News)
68. SolarWinds hackers broke into U.S. cable firm and Arizona county, web records show (Reuters)
69. US cyber-attack: Cybersecurity agency warns suspected Russian hacking campaign broader than previously believed (CNNPolitics)
70. Microsoft identifies more than 40 organizations targeted in massive cyber breach (CNNPolitics)
71. NSA Cybersecurity Advisory: Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources > National Security Agency Central Security Service > Article View
72. SolarWinds breach raises stakes for NDAA Trump still threatens to veto (FRN)
73. SolarWinds, GitHub Leaks and Securing the Software Supply Chain (secblvd)
74. Senators Ask IRS Whether Taxpayer Data Hit in SolarWinds Hack (Bloomberg)
75. More Hacking Attacks Found, Officials Warn of Risk to U.S. Government (nyt)
76. SolarWinds MSP To Revoke Digital Certificates For Tools, Issue New Ones As Breach Fallout Continues
77. Hack Suggests New Scope, Sophistication for Cyberattacks (WSJ)
78. SolarWinds Deploys CrowdStrike To Secure Systems After Hack
79. GitHub (cyberark/shimit: A tool that implements the Golden SAML attack)
80. Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps
81. CISA: SolarWinds Not the Only Initial Attack Vector ...
82. SolarWinds hackers breach US nuclear weapons agency
83. SunBurst_DGA_Decode/decode.py at main · RedDrip7/SunBurst_DGA_Decode (GitHub)
84. Little (known SolarWinds gets scrutiny over hack, stock sales)
85. DOD has a leg up in mitigating potential SolarWinds breach, former officials say (FedScoop)
86. Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) (CISA)
87. The SolarWinds and US government breach is not a marketing opportunity (ZDNet)
88. Microsoft to quarantine SolarWinds apps linked to recent hack (ZDNet)
89. SolarWinds said no other products were compromised in recent hack (ZDNet)
90. SolarWinds Orion hack: Why cybersecurity experts are worried (CNN)
91. CISA Warns Agencies of SolarWinds Orion Compromise via Emergency Directive (gcwire)
92. SolarFlare Release: Password Dumper for SolarWinds Orion (secblvd)
93. Expert warned 'solarwinds123' password could expose firm: Report (BI)
94. Was my workplace hit by SolarWinds hack? FAQ answers. (trib)
95. Orion Platform - Scalable IT Monitoring (SolarWinds)
96. Ensuring customers are protected from Solorigate (MS Security)
97. Kyle Hanslovan on Twitter: "Although their string obfuscation techniques were anything but special, their codebase and domains successfully evaded security scrutiny for nearly a year ¯_(ツ)_/¯. Here are screenshots of some CryptoHelper and ZipHelper cl
98. Microsoft and industry partners seize key domain used in SolarWinds hack (ZDNet)
99. Lessons on Identity Security From Recent High (Profile Breaches)
100. Microsoft’s Role In SolarWinds Breach Comes Under Scrutiny
101. SolarWinds Orion: More US government agencies hacked (BBC News)
102. SolarWinds Breach: An RSAC Interview with Dmitri Alperovitch About Who, How and Why (RSA)
103. 10 Things To Know About The SolarWinds Breach And Its U.S. Government Impact
104. Catching Bloodhound Before it Bites (CrowdStrike)
105. US Calls On Federal Agencies To Power Down SolarWinds Orion Due To Security Breach
106. 10 Things To Know About The SolarWinds Breach And Its U.S. Government Impact
107. US Treasury and commerce department targeted in cyber-attack (BBC News)
108. DHS, State and NIH join list of federal agencies — now five — hacked in major Russian cyberespionage campaign (wapo)
109. SolarWinds CyberAttack and FireEye Red Team Tools Coverage
110. Top Democrat: 'Critical' that Pompeo brief senators on SolarWinds hack at State Dept. (hill)
111. Suspected Russian hackers spied on U.S. Treasury emails - sources (Reuters)
112. Embassy of Russia in the USA / Посольство России в США - Posts (Facebook)
113. Behavior:Win32/Solorigate.C!dha threat description (Microsoft Security Intelligence)
114. Chairman Schiff Statement on FireEye Hack (Permanent Select Committee on Intelligence)
115. CYBER CONFLICT DATASET

Updated 2020-12-22

1. Staring at the Sun: Thoughts on UNC2452, SUNBURST, SolarWinds and Road Ahead (Prevailion)
2. SolarWinds Adviser Warned of Lax Security Years Before Hack (Bloomberg)
3. Microsoft identifies second hacking group affecting SolarWinds software
4. SolarWinds Hack Victims: From Tech Companies to a Hospital and University (WSJ)
5. Solorigate AzureAd IOCs
6. Hackers last year conducted a 'dry run' of SolarWinds breach
7. Microsoft president calls SolarWinds hack an “act of recklessness” (ars)
8. A moment of reckoning: the need for a strong and global cybersecurity response (Microsoft On the Issues)
9. SUPERNOVA: A Novel .NET Webshell, an Analysis
10. Russian hackers hit US government using widespread supply chain attack (ars)
11. SolarWinds Achieves SOC 2 Type II Certification (Orange Matter)

Updated 2020-12-21

1. Biden team and lawmakers raise alarms over Russian cybersecurity breach (wapo)
2. Former US cybersecurity chief Chris Krebs says officials are still tracking 'scope' of the SolarWinds hack
3. FireEye CEO: Hack was "totally unique," "utte... (CBS News)
4. How U.S. agencies' trust in untested software opened the door to hackers (POLITICO)
5. Second hacking team was targeting SolarWinds at time of big breach (Reuters)
6. Second hacking team was targeting SolarWinds at time of big breach (Reuters)
7. DebUNCing Attribution: How Mandiant Tracks Uncategorized Threat Actors (fireeye)
8. Billions Spent on U.S. Defenses Failed to Detect Giant Russian Hack (nyt)
9. Giant U.S. Computer Security Breach Exploited Very Common Software (Scientific American)
10. Richard Blumenthal on Twitter: "Stunning. Today’s classified briefing on Russia’s cyberattack left me deeply alarmed, in fact downright scared. Americans deserve to know what's going on. Declassify what’s known & unknown." / Twitter

Updated 2020-12-20

1. OODA Loop (Microsoft says it found malicious software in its systems)
2. Hack May Have Exposed Deep US Secrets; Damage Yet Unknown (SecurityWeek.Com)
3. DHS Among Those Hit in Sophisticated Cyberattack by Foreign Adversaries – Report (tpost)
4. Suspected Russian hackers spied on U.S. Treasury emails - sources (Reuters)

Updated 2020-12-19

1. Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers (MS Security)
2. The SolarWinds Orion SUNBURST supply-chain Attack (TRUESEC Blog)
3. SolarWinds' Orion monitoring platform may have been tampered with by attackers - Security - Software (iTnews)

Updated 2020-12-18

1. Russian Hackers Have Been Inside Austin Network for Months
2. Microsoft identifies more than 40 organizations targeted in massive cyber breach (CNNPolitics)
3. Microsoft says it was hit in SolarWinds attack, but customer data safe (BI)
4. Nuclear weapons agency breached amid massive cyber onslaught (POLITICO)
5. Exclusive-Suspected Russian hacking spree reached into Microsoft -sources (Reuters)

Updated 2020-12-17

1. solarwinds customers
2. SolarWinds Hack Could Affect 18K Customers — Krebs on Security
3. Federal investigators find evidence of previously unknown tactics used to penetrate government networks (wapo)
4. Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations (CISA)
5. SolarWinds’ Customers (Pastebin)
6. SUNBURST – SolarWinds® Orion® IT Management Platform Security Advisory (ServerCentral Turing Group)
7. InfoSec Handlers Diary Blog
8. SolarWinds: Why the Sunburst hack is so serious (BBC News)
9. SolarWinds’ shares drop 22 per cent. But what’s this? $286m in stock sales just before hack announced? (Register)
10. Thread by @megabeets_ on Thread Reader App (Thread Reader App)
11. SunBurst: the next level of stealth
12. (1) Itay Cohen on Twitter: "The attackers behind the #SUNBURST malware put a lot of effort into trying to avoid detection by analysts and security vendors. Not only this, but they also tried to make sure to stay under the radar of #SolarWinds develope
13. GitHub (RedDrip7/SunBurst_DGA_Decode: SunBurst DGA Decode Script)
14. Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’ — Krebs on Security
15. How suspected Russian hackers outed their massive cyberattack (POLITICO)
16. Inline XBRL Viewer
17. 'Massively disruptive' cyber crisis engulfs multiple agencies (POLITICO)
18. Customer Guidance on Recent Nation (State Cyber Attacks – Microsoft Security Response Center)
19. Important steps for customers to protect themselves from recent nation-state cyberattacks (Microsoft On the Issues)
20. Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect (nyt)
21. CISA Issues Emergency Directive to Mitigate the Compromise of Solarwinds Orion Network Management Products (CISA)
22. cyber.dhs.gov - Emergency Directive 21 (01)

Updated 2020-12-16

1. SolarWinds' Update Server Could Be Accessed in 2019 Using Password 'solarwinds123': Report

Updated 2020-12-15

1. Hackers at center of sprawling spy campaign turned SolarWinds' dominance against it (Reuters)
2. GitHub (fireeye/sunburst_countermeasures)
3. SolarWinds hackers have a clever way to bypass multi-factor authentication (ars)
4. SolarWinds Exposed FTP Credentials Publicly in a Github Repo
5. ~18,000 organizations downloaded backdoor planted by Cozy Bear hackers (ars)
6. Dark Halo Leverages SolarWinds Compromise to Breach Organizations (Volexity)
7. Active Exploitation of SolarWinds Software (CISA)

Updated 2020-12-14

1. Russian hacker group 'Cozy Bear' behind Treasury and Commerce breaches (wapo)
2. Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor (fireeye)

About this site

• Home
• contact
• about
• security projects
• links
• services
• blog
• SolarWinds Articles

Projects

• Past Development projects