We now are at 3141 articles.
And who did NOT have log4j and SolarWinds Combined on their bingo card?
SQL injection in SolarWinds, no less, plus a CVE relating to access control
We now are at 3117 articles.
The Whitehouse asks for discussion, Federal CISO suggests support for eliminating passwords, a challenge to Microsoft exclusivity at USDA, Suggested Cyber Academy.
Collection is behind. We now are at 3084 articles.
Biggest recent news is an analysis from Mandiant about the extent and depth of the ongoing attacks.2848 articles. We now have 70 articles with RCE with SolarWinds . Most of those are the recent one detected by MicroSoft And it is related to exposing SSH to the internet.
You may see articles that link a recently-revealed iOS vulnerability, but the only connection is that this was done by the presumed hacker that did SolarWinds. Slight confusion has ensued.
2848 articles. Lots of the news is about Kaseya referencing SolarWinds. I've elected not to follow that story. There are many articles that I don't include, mostly the market analysis, along with the surprisingly frequent Take Control Not Working.
The Danish National Bank is said to have the comrpomised SolarWinds vector in their systems for seven months. The Denmark Nationalbank denies these reports
A Microsoft CS agent was compromised by the SolarWinds actors, resulting in three companies being compromised
The SEC is investigating several firms for failure to disclose breach.
Jake Sullivan says that US is preparing more sanctions for Russia.
Simple measures would have prevented the attack.
Google develops a tool to help with SBOM called SLSA.
There is a new White House Cyber Director White House Cyber director.
The collection of articles in the legal section now has the biggest article to date, where strong claims are made, some with possible non-civil liabilities.
The claims are severe, detailed, and damning. All the claims made on the SW website about security are claimed in the lawsuit to be false--a full fabrication. Multiple people are quoted, including Ian Thornton-Trump, Costin Raui, and ten former employees.
A summary:
This whole thing puts a stark emphasis on how we evaluate vendors whose software runs as root in our systems.