Credentials involved in hack including SAML

Retrieved 2024-06-13

After Recall's mess, Microsoft isn't beating the security loopholes allegation any time soon (MSPoweruser)

Microsoft Ignored Whistleblower Warnings Before SolarWinds Attack (PCMag)

Retrieved 2024-01-20

Microsoft executive emails hacked by Russian intelligence group

Microsoft says Russia-linked group hacked employee emails (The Japan Times)

Retrieved 2024-01-19

Microsoft ‘senior leadership’ emails accessed by Russian SolarWinds hackers (Verge)

Microsoft says state-backed Russian hackers accessed emails of senior leadership team members (ABC News)

Microsoft says Russian hackers stole email from its executives (wapo)

Inline XBRL Viewer

date: 2024-01 (19 flags: Microsoft, overhaul, attach, attribution, breach, passwords, disclosure)

Microsoft says exec emails accessed in hack by Russian group (GeekWire)

Microsoft Executives’ Emails Hacked by Group Tied to Russian Intelligence (nyt)

Russian Espionage Group Tapped Microsoft Corporate E-Mails - (Redmondmag.com)

Microsoft Executive Emails Hacked By Russian Intelligence Group: Company Confirms Security Breach, Assures No Impact On Customer Data - Microsoft (NASDAQ:MSFT) (Benzinga)

Microsoft's Top Execs' Emails Breached in Sophisticated Russia (Linked APT Attack)

Retrieved 2021-12-23

Federal CISO Clarifies Support for a Standard that Could Make Passwords History (Nextgov)

Retrieved 2021-07-28

Podcast: Why Securing Active Directory Is a Nightmare (tpost)

Retrieved 2021-07-02

US, UK warn about Russia's brute force cyber campaign (Illinois News Today)

Retrieved 2021-06-26

Microsoft admits to signing rootkit malware in supply-chain fiasco (Business Standard News)

Retrieved 2021-06-16

Microsoft's CISO: Why we're trying to banish passwords forever (ZDNet)

Retrieved 2021-06-10

How Attackers Exploit Active Directory: Lessons Learned from High-Profile Breaches (secblvd)

Retrieved 2021-05-20

12 Lessons Learned From The SolarWinds Breach: RSA Conference

CrowdStrike breaks down 'Golden SAML' attack

Retrieved 2021-05-14

Opinion: Agencies Need More Reliable Authentication To De-Weaponize Stolen Data During SolarWinds Breach (Potomac Officers Club)

Retrieved 2021-05-13

Microsoft's new security feature locks hackers out with GPS (ZDNet)

Retrieved 2021-05-12

Dark Reading | Security (Protect The Business)

Biden’s Cyber Strategy Must De-weaponize Civilian Data (Nextgov)

Retrieved 2021-04-27

Well (known VPN used to steal credentials on SolarWinds servers)

Hackers are targeting Microsoft authentication servers

Abusing Replication: Stealing AD FS Secrets Over the Network (fireeye)

Dark Reading | Security (Protect The Business)

Another SolarWinds lesson: Hackers are targeting Microsoft authentication servers (The Open Security)

SolarWinds, Microsoft Hacks Prompt Focus on Zero-Trust Security | News (CACM)

Retrieved 2021-04-26

CISA warns of theft of credentials via SolarWinds and PulseSecure VPN

Another top VPN is reportedly being used to spread SolarWinds hack (TechRadar)

Retrieved 2021-04-25

CISA warns of credential theft via SolarWinds and PulseSecure VPN (VentureBeat)

CISA warns of credential theft via SolarWinds and PulseSecure VPN (Public News)

Retrieved 2021-04-22

Cybersecurity expert: If you use SolarWinds, they got you (POWERGRID International)

Hackers Exploit SolarWinds, Pulse Secure For Credential Theft: Feds

cyber.dhs.gov - Emergency Directive 21 (03: pulse secure)

Russian Cyber Threat Defense – Now and Looking Forward (secblvd)

Retrieved 2021-04-15

Cybercriminals get bolder as impact from SolarWinds and ransomware grows (SiliconANGLE)

Retrieved 2021-04-14

Misuse of X.509 Certificates & Keys Involved in SolarWinds Attack

Retrieved 2021-03-31

Revelations About Securing Hybrid Cloud Environments Post-SolarWinds (secblvd)

Retrieved 2021-03-29

Broken trust: Lessons from Sunburst (Atlantic Council)

Retrieved 2021-03-23

SolarWinds Attackers Manipulated OAuth App Certificates

Retrieved 2021-03-22

Three Vulnerabilities Exposed During SolarWinds Attack & How It Could Have Been Prevented (CPO Magazine)

Does Microsoft share blame for the SolarWinds hack? (Computerworld)

Retrieved 2021-03-10

CISA: ‘Identity is everything’ for cyber defense post-SolarWinds (FRN)

Retrieved 2021-03-04

Lesson From SolarWinds Attack: It's Time to Beef Up IAM

Retrieved 2021-03-03

CISA Official Calls for Update of Identity Management Guidance in Wake of SolarWinds Compromise (Nextgov)

Retrieved 2021-02-27

SolarWinds’ security practices questioned by lawmakers following cyber attack

Former SolarWinds CEO Blames Intern for “solarwinds123” Password Leak (FR24 News English)

Former SolarWinds CEO blames intern for ‘solarwinds123’ password leak (WKSM-FM)

Jeff Elder on Twitter: "SolarWinds leaders told Congress the password "solarwinds123" was a quickly fixed intern's error. Records show it was a publicly accessible software (update server with password visible for two years. A company email from 2019 notes)

Accusation: Microsoft failed with security in the SolarWinds hack (Born's Tech and Windows World)

Retrieved 2021-02-25

SolarWinds Hackers Targeted Cloud Services as a Key Objective  (AI Trends)

US senator claims Microsoft failed to fix cloud holes before SolarWinds hack - Security (iTnews)

Microsoft failed to shore up defenses that could have limited SolarWinds hack: U.S. senator | Y100 WNCY | Your Home For Country & Fun (Green Bay, WI)

Retrieved 2021-02-23

Paramount Defenses Opens Online Store to Empower Organizations Worldwide

Retrieved 2021-02-18

SolarWinds hackers studied Microsoft source code for authentication and email (Reuters)

Retrieved 2021-02-16

CyberArk Virtual Event - (The Anatomy of the SolarWinds Attack)

Retrieved 2021-02-11

The Hack Roundup: White House Says Neuberger Leading Federal Response (Nextgov)

Retrieved 2021-02-09

SolarWinds security to-do list post hack (Utility Dive)

Retrieved 2021-02-08

A Key Step in Preventing a Future SolarWinds (Just Security)

Retrieved 2021-02-05

Multiple new SolarWinds vulnerabilities have been uncovered (TechRadar)

Microsoft: Office 365 Was Not SolarWinds Initial Attack Vector

Microsoft warns of increasing OAuth Office 365 phishing attacks

Microsoft: No Evidence SolarWinds Was Hacked Via Office 365

Retrieved 2021-02-04

SolarWinds CEO Confirms Office 365 Email ‘Compromise’ Played Role In Broad (Based Attack)

Retrieved 2021-02-02

Hackers Lurked in SolarWinds Email System for at Least 9 Months, CEO Says (WSJ)

Retrieved 2021-01-27

Tips to harden Active Directory against SolarWinds-type attacks (CSO Online)

Retrieved 2021-01-26

Mimecast Breach Linked To SolarWinds Hack, Allowed Cloud Services Access

Retrieved 2021-01-19

Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

Retrieved 2021-01-16

Hackers abusing Mimecast certs to target Microsoft 365 users

Retrieved 2021-01-14

Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender (MS Security)

Retrieved 2021-01-13

Mimecast compromised by a threat actor | 2021-01-13 (Security Magazine)

Mimecast: Hackers Compromised A Digital Certificate (My TechDecisions)

Miscreants Manipulate Mimecast Certificate -> Microsoft 365 Exchange Web Services: Welcome To The Pew Pew (secblvd)

Mimecast hit by “sophisticated threat actor”

Mimecast breach investigators probe possible SolarWinds connection (CyberScoop)

Retrieved 2021-01-12

Email security firm Mimecast says hackers hijacked its products to spy on customers (Reuters)

Important Update from Mimecast (Mimecast Blog)

SolarWinds Hackers' Attack on Email Security Company Raises New Red Flags (MarketScreener)

Hackers Compromise Mimecast Certificate For Microsoft Authentication

Mimecast Certificate Hacked in Supply-Chain Attack (tpost)

Retrieved 2021-01-08

A Golden SAML Journey: SolarWinds Continued (Splunk)

CISA: SolarWinds hackers also used password guessing to breach targets (ZDNet)

Retrieved 2021-01-07

CISA: SolarWinds Hackers Got Into Networks by Guessing Passwords (Nextgov)

CISA: Hackers access to federal networks without SolarWinds - (FCW)

CISA discovers token abuse around SolarWinds hack, calls for full rebuild of affected networks (scmedia)

Retrieved 2021-01-05

Azure-Sentinel/ADFSDomainTrustMods.yaml at master · Azure/Azure (Sentinel · GitHub)

Retrieved 2021-01-04

SolarWinds hack poses risk to cloud services' API keys and IAM identities

Retrieved 2020-12-29

Golden SAML Revisited: The Solorigate Connection (secblvd)

Retrieved 2020-12-26

VU#843464 (SolarWinds Orion API authentication bypass allows remote command execution)

Retrieved 2020-12-23

Cloud infrastructure is not immune from the SolarWinds Orion breach (secblvd)

Retrieved 2020-12-22

SolarWinds Campaign Focuses Attention on 'Golden ...

Retrieved 2020-12-18

Sygnia Advisory: Detection of Golden SAML attacks

NSA on Authentication Hacks (Related to SolarWinds Breach) (Schneier)

Retrieved 2020-12-17

Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps

GitHub (cyberark/shimit: A tool that implements the Golden SAML attack)

Retrieved 2020-12-16

We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext' (Register)

Retrieved 2020-12-15

SolarFlare Release: Password Dumper for SolarWinds Orion (secblvd)

GitHub (mubix/solarflare: SolarWinds Orion Account Audit / Password Dumping Utility)

SolarFlare Release: Password Dumper for SolarWinds Orion :: malicious.link — welcome

How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication (Schneier)

Retrieved 2020-12-14

SolarWinds, GitHub Leaks and Securing the Software Supply Chain (BluBracket)

Retrieved 2020-12-01

Agencies Need to Improve Implementation of Federal Approach to Securing Systems and Protecting against Intrusions

Retrieved 2019-01-23

Find cloud account credentials

Retrieved 2016-12-06

CJ03 Solar Flare Pulling apart SolarWinds ORION Rob Fuller (YouTube)