About this site
Previous work
Projects
Discovered order
Date 2024-06-15
- Historical Hacks: SolarWinds
- The Vital Role of CISOs in Cybersecurity (Spiceworks)
- UnitedHealth leaders 'should be held responsible' for installing inexperienced CISO, senator says
- CISOs under pressure from boards to downplay cyber risk: study (Cybersecurity Dive)
- Inexpert CISO Blamed For Cyberattack On Change Healthcare
- After Recall's mess, Microsoft isn't beating the security loopholes allegation any time soon (MSPoweruser)
- Microsoft Ignored Whistleblower Warnings Before SolarWinds Attack (PCMag)
- Microsoft Security Failures Get Rough Treatment On Capitol Hill
- US Senator Demands Probe On Microsoft Cybersecurity Breach
- U.S. Ambassador to China Hacked in China-Linked Spying Operation (WSJ)
- Microsoft says new security protocols address whistleblower concerns
- Understanding the Impact of CVE-2024 (29003 on the SolarWinds Platform)
- Microsoft whistleblower says firm ignored early warnings about flaw exploited in SolarWinds breach (ITPro)
Date 2024-06-14
- What the Charges Against the SolarWinds CISO Mean for Security in 2024 (secblvd)
- SolarWinds Sunburst: One of the biggest cyber attacks targeting the software industry supply chain in history (secblvd)
- Microsoft Refused to Fix Flaw Years Before SolarWinds Hack — ProPublica
- Why public/private cooperation is the best bet to protect people on the internet (CSO Online)
Date 2024-06-13
- CVE-2024-28995: Trivially Exploitable Information Disclosure Vulnerability in SolarWinds Serv-U (Rapid7 Blog)
- “Trivially exploitable” bug in SolarWinds file server needs prompt fixing
- A Vulnerability in SolarWinds Serv (U Could Allow for Path Transversal)
- Many software makers will miss Biden’s cybersecurity deadline today
- NVD - CVE-2024 (28995)
- Rapid7 expects hackers to take advantage of ‘trivially exploitable’ SolarWinds file transfer bug (Cyber Daily)
- SolarWinds fixed multiple flaws in Serv (U and SolarWinds Platform)
- SolarWinds addressed critical RCEs in Access Rights Manager
- SolarWinds fixed three critical RCE flaws in its Access Rights Manager product
- Researchers shared the lists of victims of Solarwinds hack
- SolarWinds and the SEC.
- SolarWinds and the SEC.
- SolarWinds And The SEC. CyberWire Daily podcast
- Client Alert: Takeaways from SEC v. SolarWinds Motion to Dismiss Hearing (Jenner & Block - JDSupra)
- Are Your Online Security Statements Making Misrepresentations? Lessons Learned From The SEC Lawsuit Against SolarWinds (MarketScreener)
- CVE Record (CVE)
- Multiple vulnerabilities in SolarWinds Orion Platform
- CVE Record (CVE)
- Understanding CVE-2024 (28999: Race Condition Vulnerability in SolarWinds Platform)
- Multiple Vulnerabilities in SolarWinds Platform June 4th 2024 (Tenable®)
- SolarWinds Flaw Flagged by NATO Pen Tester
Date 2024-04-22
- Why Microsoft is a national security threat (Register)
Date 2024-01-21
- Microsoft executive emails hacked by Russian intelligence group
- Microsoft says state-backed Russian hackers accessed emails of senior leadership team members (ABC News)
- Microsoft says Russian hackers stole email from its executives (wapo)
- Inline XBRL Viewer
- SolarWinds hackers studied Microsoft source code for authentication and email (Reuters)
- Chinese hackers breach U.S. government email through Microsoft cloud (wapo)
- date: 2024-01 (19 flags: Microsoft, overhaul, attach, attribution, breach, passwords, disclosure)
- Microsoft says exec emails accessed in hack by Russian group (GeekWire)
- Microsoft Executives’ Emails Hacked by Group Tied to Russian Intelligence (nyt)
- Chinese Hackers Stole 60,000 State Dept. Emails in Breach Reported in July (nyt)
- Microsoft says Russia-linked group hacked employee emails (The Japan Times)
- Russian Espionage Group Tapped Microsoft Corporate E-Mails - (Redmondmag.com)
- Microsoft Executive Emails Hacked By Russian Intelligence Group: Company Confirms Security Breach, Assures No Impact On Customer Data - Microsoft (NASDAQ:MSFT) (Benzinga)
- Microsoft's Top Execs' Emails Breached in Sophisticated Russia (Linked APT Attack)
Date 2024-01-20
- Microsoft ‘senior leadership’ emails accessed by Russian SolarWinds hackers (Verge)
- Hackers backed by Russian government reportedly breached US government agencies (Verge)
- FireEye cybersecurity tools compromised in state-sponsored attack (Verge)
- Unauthorized Access of FireEye Red Team Tools (Mandiant)
- GitHub (mandiant/red_team_tool_countermeasures)
- Customer Guidance on Recent Nation-State Cyber Attacks | MSRC Blog (Microsoft Security Response Center)
- Security Advisory (SolarWinds)
- Move over, SolarWinds: 30,000 orgs’ email hacked via Microsoft Exchange Server flaws (Verge)
- HAFNIUM targeting Exchange Servers with 0-day exploits (Microsoft Security Blog)
- Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims (WIRED)
Date 2024-01-08
- SolarWinds Execs Targeted by SEC, CEO Vows to Fight
Date 2023-12-07
- SolarWinds CISO and CFO are focus of SEC’s Orion investigation (scmedia)
- CSP #78 – Solarwinds From the Inside: The Breach and the Aftermath – Tim Brown (scmedia)
- SEC notice to SolarWinds CISO and CFO roils cybersecurity industry (CSO Online)
Date 2023-11-01
- SEC Charges SolarWinds and Its CISO With Fraud and Cybersecurity Failures (SecurityWeek)
- SEC.gov (SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures)
- SolarWinds charged by SEC for failing to disclose cybersecurity problems (wapo)
- SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation (Cybersecurity Dive)
- SolarWinds Sunburst Attack: Lessons On Dealing With A Cyberattack
- SolarWinds (SolarWinds CISO Tim Brown Named CISO of the Year by Globee Cybersecurity Awards)
- SEC charges SolarWinds CISO with fraud for misleading investors before major cyberattack
- SEC sues SolarWinds for misleading investors before 2020 hack
- DOJ Detected SolarWinds Breach Months Before Public Disclosure (WIRED)
- SEC charges SolarWinds, CISO with fraud in 2020 supply chain attacks (scmedia)
- What to know about the SEC’s case against SolarWinds (wapo)
- US regulators sue SolarWinds and its security chief for alleged cyber neglect ahead of Russian hack
- Reuters Legal on X: "The SEC sued SolarWinds Corp and its top cybersecurity executive, saying they repeatedly misled investors and the public about a software product linked to one of biggest hackings targeting the US government https://t.co/ENR9Rioxaq ht
- US SEC sues SolarWinds for concealing cyber risks before massive hacking (Reuters)
- Techmeme: The US SEC charges SolarWinds for failing to disclose alleged cybersecurity failures ahead of a breach by suspected Russian hackers that began as early as 2019 (Tim Starks/Washington Post)
- SEC charges SolarWinds, its CISO with fraud (Cybersecurity Dive)
- BREAKING: Feds Take Unprecedented Action Against CISO in SolarWinds Case
- SolarWinds CISO Sued for Fraud by US SEC (secblvd)
- SEC charges SolarWinds with fraud over SUNBURST attacks (Register)
- SolarWinds, chief information security officer charged with fraud by SEC (NYSE:SWI) (Seeking Alpha)
- Austin's SolarWinds buying N.C. (based IT company for $350 million)
- SolarWinds faces SEC lawsuit after 2020 hack
- SEC Charges SolarWinds and CISO With Misleading Investors (Infosecurity Magazine)
- U.S. SEC sues SolarWinds and security chief for fraud (Fortune)
- SEC sues SolarWinds over massive cyberattack
- SolarWinds and CISO accused of fraud, control failures (Help Net Security)
- (2816) From Hexacon 2023 - A Demonstration of CVE-2022-47504: An RCE in SolarWinds NPM (YouTube)
- IANS LIVE-US SUES SUDHAKAR RAMAKRISHNA (RUN SOLARWINDS FOR MISLEADING INVESTORS BEFORE MASSIVE HACK)
- SolarWinds Misled Public on Cyber Risk Before Hack, SEC Claims (Bloomberg)
- Bob Ackerman on LinkedIn: US SEC sues SolarWinds for concealing cyber risks before massive hacking (13 comments)
- SolarWinds Patches High-Severity Flaws in Access Rights Manager (SecurityWeek)
- SEC Charges SolarWinds and CISO With Misleading Investors (Infosecurity Magazine)
- SEC charges SolarWinds, top security executive with fraud in 2020 incident
- SEC charges SolarWinds with fraud tied to its IPO and cybersecurity hack (Austin Business Journal)
- SEC Suit Claims SolarWinds Misled Investors On Cyber Risks (Law360)
- US regulators sue SolarWinds and its security chief for alleged cyber neglect ahead of Russian hack (ABC News)
- SolarWinds allegedly misled public on its security before Sunburst cyberattack: SEC (IT World Canada News)
- Ex (SolarWinds Adviser Warned Company of Security Issues in 2017: 'Incredibly Easy Target to Hack')
- SolarWinds Adviser Warned of Lax Security Years Before Hack (Bloomberg)
Date 2023-10-31
- SEC Sues SolarWinds Over 2020 Hack Attributed to Russians (WSJ)
- US SEC sues SolarWinds for concealing cyber risks before massive hacking (Reuters)
Date 2023-10-25
- Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover
- Critical RCE flaws found in SolarWinds access audit solution
Date 2023-08-08
- Microsoft Signing Key Stolen by Chinese (Schneier)
Date 2023-08-02
- US senator blasts Microsoft for “negligent cybersecurity practices” (ars)
- Solarwinds From the Inside: The Breach and the Aftermath – Tim Brown – CSP #78 (scmedia)
Date 2023-06-27
- SolarWinds Execs Targeted by SEC, CEO Vows to Fight
Date 2023-05-10
- SolarWinds: The Untold Story of the Boldest Supply-Chain Hack (WIRED)
Date 2023-03-10
- SolarWinds Breach Revealed Shortcomings At CISA, DHS IG Report Shows
- SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities (SecurityWeek)
Date 2022-12-22
- Layoffs at N-able came 'out of nowhere' (WRAL TechWire)
Date 2022-11-03
- Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply (Chain Attack)
Date 2022-05-23
- CVE-2021-35235 (SolarWinds Kiwi Syslog Server ASP.NET Debugging information disclosure)
- Reversing Golang used in SolarWinds : ReverseEngineering
- How the SolarWinds Hack (almost) went Undetected
- (1293) SEC-T 0x0D: Erik Hjelmvik - Hiding in Plain Sight - How the SolarWinds Hack Went Undetected (YouTube)
- Scientists create most detailed map of Uranus' mysterious auroras to date (Space)
- CISA exec calls SolarWinds hack a wake-up call for government cybersecurity | Secondary Sources | National (Westlaw Today)
- DOJ Won't Prosecute White Hat Hackers, Only Bad Cybercriminals
- SolarWinds Orion Platform 2020.2.0 < 2020.2.6 Multiple Vulnerabilities - Nessus (InfosecMatter)
- SolarWinds is ready to overcome violations and help customers manage them (Newjerseyupdates.com)
- One year after Biden executive order, cyber officials defend progress (The Record by Recorded Future)
- SonarSource Appoints Kevin Thompson on its Board of Directors
- SolarWinds and the Challenges of Patching: Can We Ever Stop Dancing With the Devil?
- The Four Horsemen of Software Supply Chain Attacks (MSSP Alert)
- Biden administration makes inroads amid zero trust rollout (Cybersecurity Dive)
- Conditions are cooling off for troubled SolarWinds (FRN)
- Third (Party Cyber Risk Management Primer)
- Court denies SolarWinds bid to throw out breach lawsuit
- SolarWinds breach lawsuits: 6 takeaways for CISOs (CSO Online)
- SolarWinds Board Sued by Pension Funds Over Cyberattack (1)
- SolarWinds data breach lawsuit takeaways for CISOs (Security Magazine)
- Shareholders Seek to Hold Current and Former SolarWinds Officials Liable for Massive 2020 Security Breach (Benesch - JDSupra)
Date 2022-04-24
- Another Hacking Group Has Targeted SolarWinds Systems
- 60% of Healthcare Orgs Say Third (Party Risk Management Needs Improvement)
- Federal News Network: SCuBA gears up agencies to survive the ‘next’ SolarWinds attack (G2Xchange FedCiv)
- CISA Seeks Comment on Visibility Effort Being Piloted with Cloud Service Providers (Nextgov)
- Secure Cloud Business Applications
- The SolarWinds hack pokes holes in Defend Forward (CISSAR)
- SCuBA gears up agencies to survive the ‘next’ SolarWinds attack (FRN)
- Lessons Learned from Cyberattacks on Critical Infrastructure (Toolbox It-security)
- SolarWinds Co. (NYSE:SWI) Sees Significant Decrease in Short Interest (ETF Daily News)
Date 2022-02-14
- Hacks Bring New Urgency to Moves by Congress and Agencies to Reduce Future Cybersecurity Risks (U.S. GAO)
- SolarWinds breach updates. Microsoft sinkholes Sunburst’s C&C domain. Facebook takes down inauthentic networks targeting Africa. (SDR News)
Date 2022-02-13
- GovCon Expert Dana Barnes: Reflections on White House Zero Trust Cybersecurity Plan
Date 2022-02-12
- SEC.gov (Statement on Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies)
- Ten Questions We Hope the Cyber Safety Review Board Answers—and Three It Should Ignore (Lawfare)
- DHS Launches First-Ever Cyber Safety Review Board (Homeland Security)
Date 2022-02-09
- NIST Suggests Agencies Accept the Word of Software Producers Per Executive Order (Nextgov)
Date 2022-01-21
- Microsoft: Hackers Exploiting New SolarWinds Serv (U Bug Related to Log4j Attacks)
Date 2022-01-14
- Statutory restrictions hindered federal response to SolarWinds, Microsoft Exchange
Date 2021-12-27
- SolarWinds investors allege board knew about cyber risks (Reuters)
Date 2021-12-25
- Threat actors behind SolarWinds compromise are still active, warns Mandiant (IT World Canada News)
- EETimes (SolarWinds Fallout: When Will Breach Reporting Become Mandatory?)
- Re: Is there a tool similar to Solarwinds Network Configuration Manager for... (The Meraki Community)
- Harris calls for 'cyber doctrine' to address increasing attacks (hill)
- Federal Agencies Issue New Breach Notification Rules for Banking Organizations and Banking Service Providers (Benesch - JDSupra)
- New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452 (Mandiant)
- FireEye finds new malware likely linked to SolarWinds hackers - AlienVault (Open Threat Exchange)
- Opinion (To keep our country safe, we need a national Cyber Academy. Think of it as West Point for technology defense. - The Washington Post)
- IT reseller challenges USDA’s ’20 (year tradition’ of sticking with Microsoft)
- White House national security adviser asks software companies to discuss cybersecurity (Reuters)
- White House national security adviser asks software companies to discuss cybersecurity
- Federal CISO Clarifies Support for a Standard that Could Make Passwords History (Nextgov)
- SolarWinds breach updates. Microsoft sinkholes Sunburst's C&C domain. Facebook takes down inauthentic networks.
- White House national security adviser asks software ...
- The new PseudoManuscrypt malware puts over 35,000 PCs at risk (TheDigitalHacker)
- From Cybercrime To National Security Priority: Biden’s War On Ransomware – Analysis (Eurasia Review)
- SolarWinds Orion sql injection [CVE-2021 (35234] – Yet Another News Aggregator Channel)
- CVE-2021-35234 (SolarWinds Orion sql injection)
- SolarWinds Government Data Breach Leads to Securities Action (Proskauer - Corporate Defense and Disputes - JDSupra)
- CVE-2021-35248 (SolarWinds Orion Settings access control)
- SolarWinds Trust Center Security Advisories (CVE-2021-44228)
- Massive Software Flaw With Global Reach Forces Quebec To Shut Government Websites (The Street Journal)
- Did a Russian Cyberattack Affect the Election? Officials Couldn't Be Sure
- Remote code execution in SolarWinds Database Performance Analyzer (Apache Log4j component)
- Research: Announcement of Periodic Review: Moody's announces completion of a periodic review of ratings of SolarWinds Holdings, Inc. (Moody's)
- SolarWinds (NYSE:SWI) Downgraded by JPMorgan Chase & Co. to Neutral (MarketBeat)
- NASA Probe Becomes First Spacecraft to Enter Sun’s Atmosphere
- EETimes (SolarWinds Fallout: When Will Breach Reporting Become Mandatory?)
- Nobelium gang malware evolves one year after SolarWinds
Date 2021-12-10
- Microsoft: Russia Behind 58% of Detected State (Backed Hacks)
- SolarWinds hack may have been more damaging than previously thought (TechRadar)
- Nobelium Makes Russia Leader in Cyberattacks (BankInfoSecurity)
- Microsoft Says Russia Behind Over 50% Of State (Sponsored Cyber Hacks)
- VA found ‘no evidence’ of compromise in SolarWinds hack: CISO Cunningham
- DOJ to Federal Contractors: Report Cyberattacks or Face the False Claims Act (Lexology)
- Part of Earth’s Water Came from the Sun, New Study Suggests (Sci-News.com)
- Microsoft says it identified 40+ victims of the SolarWinds hack | #microsoft | #hacking (#cybersecurity - NATIONAL CYBER SECURITY NEWS TODAY)
- Cybersecurity for Idiots (Lawfare)
- A Year After the SolarWinds Hack, Supply Chain Threats Still Loom (WIRED)
- You can't stop the 'next SolarWinds' -- but you can slow it down (VentureBeat)
- Reviewing the Biggest Data Breaches of 2021 (secblvd)
- Breach reporting requirement sputters as House passes NDAA (scmedia)
- House Passes NDAA Without Cyber Incident Reporting Legislation (Nextgov)
- Rules Committee Print 117 (21; Text of House Amendment to S. 1605)
- SolarWinds Attackers Spotted Using New Tactics, Malware (tpost)
- SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks (tpost)
- SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor (tpost)
- You can’t stop the ‘next SolarWinds’—but you can slow it down (Opera News)
Date 2021-12-09
- Russian group behind SolarWinds incident ramping up hacking efforts, analysis says (hill)
- SolarWinds hackers kept busy in the year since the seminal hack, Mandiant finds
- Suspected Russian Activity Targeting Government and Business Entities Around the Globe (Mandiant)
- Russian Actors Behind SolarWinds Attack Hit Global Business & Government Targets
- SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat
- SolarWinds hackers have been quietly targeting governments, cloud providers (scmedia)
- Mandiant: SolarWinds Attackers Continue to Innovate
- The Microsoft paradox: Contributing to cyber threats and monetizing the cure (Fortune)
Date 2021-12-08
- SolarWinds hackers have been quietly targeting governments, cloud providers (scmedia)
Date 2021-12-07
- SolarWinds hackers have a whole bag of new tricks for mass compromise attacks (ars)
Date 2021-11-15
- solarwinds serv (u vulnerabilities and exploits)
- Lawmakers introduce bill to identify and protect critical groups from cyber threats (hill)
- HILL TECH & CYBER BRIEFING: Senators Weigh Cyber Reporting Mandate
- Mandia Alerted NSA on FireEye’s SolarWinds Breach
- TSA to issue regulations to secure rail, aviation groups against cyber threats (hill)
- DOJ to go after government contractors that fail to report breaches (hill)
- Kevin Mandia: Coordination, Tech Among Keys to Cybersecurity Advancement (ExecutiveBiz)
- Warning as Microsoft malware attack 'creates backdoor for hackers' to enter servers
- Russian hackers behind SolarWinds hack are trying to infiltrate US and European government networks (CNNPolitics)
- Senate Panel Advances FISMA Reform Bill (MeriTalk)
- Mandiant Is Back: What to Expect From ‘Part Deux’ (SDxCentral)
- Lawmakers advocate for establishment of standalone House and Senate cyber panels (hill)
- Russian hackers behind SolarWinds hack trying to infiltrate US and European government networks - WRCBtv.com | #government | #hacking (#cyberattack - National Cyber Security News Today)
- Senate Committee Passes Major FISMA Changes—Including a New Definition of ‘Major Incident’ (Nextgov)
- Hackers in SolarWinds breach stole data on U.S. sanctions policy, intelligence probes -sources (National Post)
- Microsoft Digital Defense Report and Security Intelligence Reports
- Microsoft: Russia is behind 58% of detected state-sponsored hacks (Fortune)
- Hackers in SolarWinds breach stole data on U.S. sanctions policy, intelligence probes -sources (Nasdaq)
- Biden signs bill to strengthen K-12 school cybersecurity (hill)
- The SolarWinds hack may have been more damaging than previously thought
Date 2021-11-05
- Known Exploited Vulnerabilities Catalog (CISA)
Date 2021-11-02
- White House to convene 30-country cybersecurity meeting (ZDNet)
- Insurance carriers scrutinize cybersecurity controls (Crain's Cleveland Business)
- Hospital ransomware attack led to infant's death, lawsuit alleges (Healthcare IT News)
Date 2021-11-01
- Leading Cyber Officials Favor Fines Over Subpoenas to Enforce Incident Reporting (Nextgov)
- SolarWinds CEO Says Attackers Gained Entry, Began Recon in January 2019 (Opera News)
- EETimes (SolarWinds Fallout: Cloud Security is the Weak Link)
- EU 'denounces' Russian malicious cyber activity aimed at member states (hill)
- SolarWinds CEO talks about protecting IT in the wake of a sunburst (Fuentitech)
- Autodesk reveals it was targeted by Russian SolarWinds hackers | #computerhacking (#hacking - National Cyber Security News Today)
- A multi-party data breach creates 26x the financial damage of single-party breach (Help Net Security)
- SolarWinds attackers drop 'FoggyWeb' backdoor on AD SSO servers - Security - Software (iTnews)
- Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers
- Microsoft warning: This malware creates a 'persistent' backdoor for hackers (ZDNet)
- New malware from SolarWinds attackers leaves behind a backdoor (TechRadar)
- SolarWinds hackers Nobelium spotted using a new backdoor
- Microsoft Details FoggyWeb Backdoor Used by SolarWinds Hackers (SecurityWeek.Com)
- Russia (Linked Nobelium Deploying New 'FoggyWeb' Malware)
- How one red team exercise averted a new SolarWinds (style attack)
- Nearly all third-party containers deployed in the cloud harbor known vulnerabilities (scmedia)
- ‘Tomiris’ Backdoor Linked to SolarWinds Malware (tpost)
- House passes legislation to strengthen federal cybersecurity workforce (hill)
- Tomiris backdoor and its connection to Sunshuttle and Kazuar (Securelist)
- New Tomiris Backdoor Found Linked to Hackers Behind SolarWinds Cyberattack
Date 2021-10-08
- Hackers of SolarWinds stole data on U.S. sanctions policy, intelligence probes (Reuters)
Date 2021-10-04
- Suing the CISO: SolarWinds Fires Back
- Earnings are growing at SolarWinds (NYSE:SWI) but shareholders still don't like its prospects (Simply Wall St News)
- SolarWinds and the Holiday Bear Campaign: A Case Study for the Classroom (Lawfare)
- What’s Up With Apple: National Security, Google Pays Up, and More (24/7 Wall St.)
- An Update on Recent Major Breaches (Cyber Security Hub)
- Microsoft, Google Among Tech Giants Pledging Big Money to Cybersecurity (eSecurityPlanet)
- Zero trust is not enough: The case for continuous control validation - (GCN)
- House panel mulls mandatory disclosure bill - (FCW)
- Industry lobbies Congress to extend notification timeline after cybersecurity incidents (hill)
- Autodesk reveals it was targeted by Russian SolarWinds hackers – Techtwiddle (Technology News and Kicks)
- OMB directs agencies to increase log sharing to combat cyber incidents
- Eight US investment firms fined over inadequate cyber security policies (IT PRO)
- SolarWinds Attack Spurring Additional Federal Investigations
- The SEC gets tough on cybersecurity disclosure controls (Lexology)
- Venafi Survey: Execs Say Companies Negligent in Protecting Security Software Build Environments Should Face Clear Consequences (bizwire)
- SolarWinds CEO: Breach transparency 'painful' but necessary
- APT focus: ‘Noisy’ Russian hacking crews are among the world’s most sophisticated (The Daily Swig)
Date 2021-09-27
- Most IT executives fear nation-state hacking tools will be used on them (IT PRO)
- 2 million government records exposed online in 'no-fly' watchlist, researcher says (CNET)
- Microsoft touts role in meeting Biden's order to fend off major hacks on the US (ZDNet)
- Sights and sounds of a Venus flyby
- SolarWinds and the Challenges of Patching: Can We Ever Stop Dancing With the Devil?
Date 2021-09-26
- Experts Uncover Several C&C Servers Linked to WellMess Malware (News Nation USA)
- Senators will vote for amendments to the infrastructure bill as the recess approaches.National news (Pennsylvania News Today)
- Hackers Linked to SolarWinds Return With Phishing Attack, Microsoft Says | #cybersecurity (#cyberattack - National Cyber Security News Today)
Date 2021-09-14
- Exclusive: Wide-ranging SolarWinds probe sparks fear in Corporate America (Reuters)
- Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack (News Nation USA)
- Wide-ranging SolarWinds probe sparks fear in Corporate America - Security - Software (iTnews)
- The imperative of the U.S. government’s Zero Trust measures (Digital Journal)
- Infosec Community Increasingly Concerned about SolarWinds Breach, Four Months In
- First on CNN Business: Moody's is spending $250 million to measure the risk of America's biggest companies getting hacked
- EarthSky (Jupiter’s energy crisis solved: Auroras roast upper atmosphere)
Date 2021-09-11
- Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0 (Day Attack)
- Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack (The Cyber Security News)
- Autodesk Disclosed it was Targeted in SolarWinds Hack (IT Security News)
- SolarWinds CEO Sudhakar Ramakrishna on 2020's Massive Hack (Time)
- Autodesk Says Company Was Targeted by SolarWinds Attackers - Latest Hacking News Today (HakTechs)
- Microsoft Reveals The Real Culprits Behind SolarWinds Serv-U SSH-0 Day Attack (Cyberintel Magazine)
- Attacks against SolarWinds Serv (U SW were possible due to the lack of ASLR mitigationSecurity Affairs)
- Congress seeks to compel infrastructure operators to report cyberattacks | National (union-bulletin.com)
- A deep-dive into the SolarWinds Serv-U SSH vulnerability (Microsoft Security Blog)
- Inside the response to the massive Russian SolarWinds hack (Axios)
- Lawmakers question impact of SolarWinds hack on US attorneys' offices (hill)
- Microsoft's $20 billion plan for cybersecurity's big spending problem
- Congress May Require Some Companies to Report Cyber Attacks
- SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy and Commerce Departments
- Congress Weighs Bills Requiring Firms to Report Cyberattacks (The Crime Report)
- Wide (ranging SolarWinds investigation sparks panic in U.S. business Reuters – Business Press, Business News Portal)
- EXCLUSIVE Wide-ranging SolarWinds probe sparks fear in Corporate America (Reuters)
- EXCLUSIVE- Wide-ranging SolarWinds probe sparks fear in Corporate America (Nasdaq)
- SolarWinds Hack: A wide-ranging SEC investigation has triggered fear in the US corporate world (Technology Shout)
- SolarWinds Hack: Extensive SEC Probes Cause Terror in Enterprise America (Fuentitech)
- Exclusive: Wide-ranging SolarWinds probe sparks fear in Corporate America (CBNC)
- This Week In Security: Ghoscript In Imagemagick, Solarwinds, And DHCP Shenanigans (Hackaday)
- SEC Advances Broad Theory of Required Disclosures of Security Incidents
- Corporate Execs Fear SEC's SolarWinds Probe Will Expose Unreported Cybersecurity Incidents - by Cynthia Brumfield (Metacurity)
Date 2021-08-15
- Russian Hackers Continue With Attacks Despite Biden Warning (Bloomberg)
- Russian hackers continue with attacks despite Biden warning | National (union-bulletin.com)
- Justice Department says Russians hacked federal prosecutors
- SolarWinds hackers accessed over two dozen federal prosecutors' offices: DOJ (hill)
- DOJ says SolarWinds hack impacted 27 US attorneys' offices (The Record by Recorded Future)
- US bids 'do svidaniya' to Russian staff at Moscow embassy
- SolarWinds releases security advisory after Microsoft discovers vulnerability (ZDNet)
- Microsoft blames a Chinese hacker group for the new SolarWinds attack (List23: Latest U.S. News & Breaking World News)
- SolarWinds: Russian hackers broke into email accounts at US attorney offices
- Lawmakers roll out bipartisan bill to help track cyber crimes (hill)
- Bitglass Security Spotlight: Ransomware Developments, Additional SolarWinds Victims, and More Data Breaches
- CISA's Easterly Unveils Joint Cyber Defense Collaborative
- SolarWinds (NYSE:SWI) Shares Gap Down After Analyst Downgrade (MarketBeat)
- DOJ states that Russians detained in SolarWinds have hacked federal prosecutors: NPR (Eminetra)
- Serendipitous double flyby of Venus provides unprecedented science opportunity | Imperial News (Imperial College London)
- Senate includes over $1.9 billion for cybersecurity in infrastructure bill (hill)
Date 2021-08-01
- Podcast: Why Securing Active Directory Is a Nightmare (tpost)
- Biden to Sign Cyber Security Executive Order (nyt)
Date 2021-07-27
- SolarWinds Corporation Loss Submission Form | Levi & Korsinsky, LLP (Securities Class Action Attorneys)
- DHS cybersecurity chief confirmed amid fallout from another ransomware attack (News Nation USA)
Date 2021-07-24
- Microsoft suspects hacker attacks on SolarWinds in another country
- Video - A Documentary on The SolarWinds Hack (MalwareTips Community)
- Senate appoints former NSA official as head of US cybersecurity agency (Engadget - News Nation USA)
- US puts trade restrictions on six Russian organisations (IT PRO)
- Biden administration to blame hackers tied to China for Microsoft cyberattack spree
- U.S., allies say Chinese intelligence service behind massive Microsoft hack (Washington Times)
- Cyber leaders officially join the ranks as White House grapples with remediation (Utility Dive)
- US and allies accuse China of hacking campaign
- US and allies accuse Chinese government of masterminding Microsoft Exchange cyberattack (Sports Grind Entertainment)
- Biden Administration Blames Hackers Tied to China for Microsoft Cyberattack Spree (WSJ)
- SEC Reportedly Probing SolarWinds Breach (Hacking - nativenewspost)
- Solarwinds Corp 2021 Current Report 8 (K)
- SolarWinds Corp. (SWI) Stock Plummets Following Announcement of Completion of Spin-Off Business (Stocks Telegraph)
- After failing to dissuade cyber-attacks, America looks to its friends for help (The Economist)
- SolarWinds Shares Rise, N-able Falls After Spinoff Completed (MarketWatch)
- SolarWinds Stock Flies Higher after Completing Spin-Off (Millennial Money)
- New bill would make some companies report cyberattacks to government
- Senators introduce bill requiring some critical groups to report cybersecurity incidents (hill)
- House GOP calls for Biden to sanction China over hacks
- SolarWinds spins off enterprise unit into new firm, N-able (News)
- Blunt, Colleagues Introduce Bipartisan Cyber Reporting Bill Following SolarWinds and Colonial Hacks (U.S. Senator Roy Blunt of Missouri)
- NIST Publishes 'Critical Software' Security Guidance
Date 2021-07-18
- SolarWinds patches critical Serv (U vulnerability exploited in the wild)
- SolarWinds patches critical Serv (U vulnerability exploited in the wild – News Block)
- Microsoft discovers critical SolarWinds zero-day under active attack (ars)
- Rosen Leads Bipartisan Call to Provide $10 Million in Funding for Cybersecurity Education and Training (Senator Jacky Rosen)
- Senate confirms Jen Easterly as head of U.S. cyber agency (POLITICO)
- Chris Inglis formally sworn in as national cyber director (hill)
- SolarWinds fixes critical Serv-U zero (day exploited in the wildSecurity Affairs)
- Microsoft Discovers SolarWinds Critical Zero-Day Under Active Attack (Insider Voice)
- SolarWinds Discloses Zero-Day Under Active Attack (NewsOpener)
- Microsoft detects critical SolarWinds zero (day during active attack)
- SolarWinds says unknown hackers exploited newly discovered software flaw (Reuters)
- SolarWinds Discloses Zero (Day Under Active Attack)
- Another zero-day vulnerability in SolarWinds Serv (U product exploited by cyber criminals)
- SolarWinds releases security advisory after Microsoft discovers vulnerability (ZDNet)
- SolarWinds issues software update – one it wrote for a change (to patch hole exploited in the wild • The Register)
- SolarWinds Trust Center Security Advisories (CVE-2021-35211)
- SolarWinds Serv-U FTP and Managed File Transfer CVE-2021-35211: What You Need to Know (Rapid7 Blog)
- SolarWinds releases patch for actively exploited zero (day vulnerability)
- SolarWinds warns of ‘targeted’ breach by hackers exploiting new software flaw (MarketWatch)
- Solarwinds Serv-U Zero-Day Vulnerability: Dataprise Defense Digest (Dataprise)
- SolarWinds issues yet another emergency patch after hackers strike again (TechRadar)
- Remote code execution in SolarWinds Serv (U)
- Microsoft warns SolarWinds customers that Serv-U is under attack (TechCentral.ie)
- SolarWinds patches critical Serv-U vulnerability (July 2021) (Born's Tech and Windows World)
- SolarWinds released security advisory for critical Serv-U vulnerability (Cloud7 News)
- SolarWinds Issues Patches in Wake of Zero (Day Attacks – Threat.Technology)
- SolarWinds patches sensitive Serv-U Vulnerability used in the Wild (Xiarch Solutions Private Limited)
- BreachExchange: SolarWinds Confirms New Zero (Day Flaw Under Attack)
- SolarWinds Zero-Day Critical New Vulnerability Under Active Attack – . (FR24 News English)
- SolarWinds Issues Hotfix for Zero-Day Flaw Under Active Attack (tpost)
- SolarWinds Identifies, Patches Critical Vulnerability in Serv-U (My TechDecisions)
- A New Critical SolarWinds Zero-Day Vulnerability Reported (Cyberintel Magazine)
- SolarWinds, Alerted By Microsoft, Patches Serv-U Vulnerability (MSSP Alert)
- New CISA Director Confirmed, W.H. Gains Cyber-Director (tpost)
- Microsoft links Serv-U zero-day attacks to Chinese hacking group (The Record by Recorded Future)
- SolarWinds 0-day gave Chinese hackers privileged access to customer servers (ars)
- New SolarWinds vulnerability under attack: RCE in Serv (U file sharing tool)
- Chinese hacking group DEV-0322 behind Solarwinds Serv (U 0day attacksSecurity Affairs)
- Microsoft Says SolarWinds Serv-U Zero-Day Exploited by Chinese Group (SecurityWeek.Com)
- SolarWinds Releases Patch for Active Vulnerability in Serv (U Software – Computer – News)
- Microsoft: Chinese Hackers Use Zero-Day to Exploit SolarWinds Software (Tech Times)
- Zero (Trust Implementation Using WHOIS, IP, and DNS Data)
- Microsoft attributes new SolarWinds attack to a Chinese hacker group (NewsBeezer)
- Microsoft says new SolarWinds zero-day was exploited by China (based threat actor)
- Chinese hackers behind SolarWinds attack: Microsoft
- SolarWinds Cyberattack: Chinese Hackers Behind SolarWinds Attack, Says Microsoft
- Microsoft links SolarWinds hacker group to China
- CVE-2021-35211 (SolarWinds Serv-U Managed File Transfer buffer overflow)
- Chinese Attack Group Exploiting SolarWinds Zero Day (Decipher)
- 'Chinese hackers behind SolarWinds attack' Says Microsoft (Sentinelassam)
- Chinese hackers behind new SolarWinds software attack: Microsoft
- Microsoft: SolarWinds cyberattack operated by hackers from China: Microsoft, IT Security News, ET CISO
- Chinese threat actor exploited zero-day SolarWinds (ExBulletin)
- Daily Roundup: SolarWinds Patches Critical Zero-Day Bug (Opera News)
- SolarWinds Patches Critical Zero-Day Bug Amid Targeted Attacks (SDxCentral)
- According to Microsoft, Chinese hackers used a SolarWinds exploit to carry out attacks
Date 2021-07-13
- Another Cybersecurity Attack: State Department in Russian Crosshairs This Time (ClearanceJobs)
- Biden warns Putin on Russian ransomware attacks (hill)
- Biden Tells Putin Russia Must Crack Down on Cybercriminals (Military.com)
- U.S. Cyber Chief in Limbo During REVil Attacks Set to Start Work
- Microsoft Is Said to Be Buying Cybersecurity Company RiskIQ (Bloomberg)
Date 2021-07-10
- Solarwinds Serv-U 15.2.3 Share URL XSS (CVE-2021-32604) (Trustwave)
- Russia ‘Cozy Bear’ Breached GOP as Ransomware Attack Hit (wapo)
- Republican National Committee Hack: Russian Cozy Bear Group Breached Computers (Bloomberg)
- Russian hackers targeted Republican National Committee last week, reports say (The Independent)
- RNC says contractor breached in hack, GOP data secure (hill)
- CRN
- Attempted Hack of R.N.C. and Russian Ransomware Attack Test Biden (nyt)
- A cyberattack on the R.N.C. was likely carried out by Russians, posing a challenge for Biden. (nyt)
- Attempted to hack RNC and Russian ransomware attack test Biden (Eminetra)
- Russian Hacker Group Cozy Bear Behind GOP Cyberattack: Reports (Tech Times)
- N-able Reveals Sales Hit From SolarWinds Hack Amid Spin (Off)
- The fencing built around the Capitol after the Jan. 6 riot is coming down. (nyt)
- Cyber Command lawyer calls for military operations against hackers (hill)
- FERC and NERC Publish Whitepaper on SolarWinds and Related Supply Chain Compromise (Akin Gump Strauss Hauer & Feld LLP - JDSupra)
- SolarWinds and Related Supply Chain Compromise (Federal Energy Regulatory Commission)
- Three new security plunders: Microsoft said it’s the same group behind SolarWinds hack
- GOP allegedly hacked by APT29, known as Cozy Bear | 2021-07-08 (Security Magazine)
- US, UK warn about Russia's brute force cyber campaign (Illinois News Today)
- 4 key takeaways from Biden’s Executive Order on cybersecurity (secblvd)
- FERC, NERC whitepaper warns of supply (chain risk)
- SolarWinds and Related Supply Chain Compromise
- Russia (linked ‘Cozy Bear’ Hackers Breach Republican Party Computer Systems From Harlem To Harare)
Date 2021-07-07
- SolarWinds hackers had access to Denmark’s central bank for months
- Microsoft admits certifying a driver loaded with rootkit malware, says 'small number' of customers compromised by SolarWinds hackers (HITBSecNews)
- Solar Winds Hackers Continue To Cause Grief (Cyber Security Hub)
- The Countdown Towards Zero Trust and MFA (Infosecurity Magazine)
- China Likely Outed Soon For Exchange Hacks - Breaking Defense Breaking Defense (Defense industry news, analysis and commentary)
- Understanding Zero Trust in the Cyber Executive Order for Federal Agencies (MeriTalk)
- Debate Heats Up as Senator Prepares to Introduce Incident-Reporting Legislation (Nextgov)
- Microsoft Customers Warned of Targeted Scams by NOBELLIUM (Data Privacy + Cybersecurity Insider)
- SolarWinds hack exposes Denmark’s central bank (IceNews - Daily News)
- Denmark's central bank affected by SolarWinds compromise. Notes from the underground. (Publicnewsportal)
- The Hope spacecraft records the aurora borealis of Mars in the most detailed images so far (science and health)
- CISA sees zero trust adoption coming into focus under cyber executive order (FRN)
Date 2021-07-02
- SolarWinds hackers breach new victims, including a Microsoft support agent – Ars Technica (Million Dollar Business Blog)
- SolarWinds hackers attack new victims, including Microsoft support agent – . (FR24 News English)
- Microsoft admits to signing rootkit malware in supply-chain fiasco (Business Standard News)
- Microsoft says a new breach was discovered in a suspected investigation into SolarWinds hackers (India News Republic)
- SolarWinds clients say they will face an investigation from the USSEC over disclosure of cyber breaches (Fuentitech)
- Microsoft says new breach was discovered in probe by suspected SolarWinds hackers by Reuters (My Blog)
- SolarWinds hackers breach new victims, including a Microsoft support agent (HITBSecNews)
- Microsoft says its own customer support tools were compromised by SolarWinds hackers (TechNewsBoy.com)
- SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers (The Cyber Security News)
- Microsoft support agent and some basic customer details hit by SolarWinds attackers (ZDNet)
- Microsoft (NASDAQ:MSFT) customers compromised in a cyberattack
- Microsoft Corporation (NASDAQ:MSFT) - Microsoft Says Its Customer Support Tools, Users' Information Were Exploited By The Hackers Behind SolarWinds (Benzinga)
- Microsoft says new breach discovered in probe of suspected SolarWinds hackers (Regina Leader Post)
- Microsoft says new breach discovered in probe of suspected SolarWinds hackers (The Star Phoenix)
- SolarWinds hackers attack Microsoft, shocking security analysts (Techzine Europe)
- Cybersecurity study: SolarWinds attack cost affected companies an average of $12 million (TechRepublic)
- New Research Finds the SolarWinds Cyber Attack Cost Affected Companies in Key Sectors 11% of Total Annual Revenue on Average
- Microsoft says hackers who compromised SolarWinds breached three new victims
- Microsoft Discovers New Attacks by SolarWinds Group, Including One Against Its Own Agent - by Cynthia Brumfield (Metacurity)
- Microsoft’s customer support targeted by SolarWinds hackers
- Cybersecurity study: SolarWinds attack cost affected companies an average of $12 million (TechRepublic)
- Russian hackers breached Microsoft customer support to try phishing targets in 36 countries
- Hassan, Cornyn float bill to create new federal cybersecurity training programs - (FCW)
- Microsoft support agent and some basic customer details hit by SolarWinds attackers (ZDNet)
- Bipartisan Bill Aims to Strengthen Federal Cyber Workforce (MeriTalk)
- Microsoft Tracks Attack Campaign Against Customer ...
- IT services firms shoulder undue amount of security risk
- Lawmaker, Tech Companies Clash on Software Transparency Requirements (Nextgov)
- Microsoft accidentally approved malware that could spy on Windows users
- Investigating and Mitigating Malicious Drivers (Microsoft Security Response Center)
- Microsoft customer support hacked in new campaign by APT29
- The SolarWinds hackers are attacking again. (Aluria Tech)
- Microsoft uncovers new breach while investigating SolarWinds hackers, Digital News (AsiaOne)
- Microsoft Signed Malware That Spreads Through Gaming (tpost)
- SolarWinds hack: Microsoft says new breach discovered during SolarWinds hack probe (The Economic Times)
- Details of basic customers attacked by Microsoft support agents and SolarWinds attackers (Fuentitech)
- Nobelium, After SolarWinds, Has Now Hit Microsoft (Cyberintel Magazine)
- Denmark's central bank exposed in SolarWinds hack, media report says
- Major Danish bank was attacked by SolarWinds (NewsLine)
- The Impact of the SolarWinds Cost Companies 11% of Their Annual Revenue
- Denmark's central bank exposed in SolarWinds hack, media report says (Reuters)
- Administration to release attribution for Microsoft vulnerabilities in 'coming weeks' (hill)
- Cybersecurity Survey: SolarWinds Attack Costs Impacted Enterprises On Average $ 12 Million (Fuentitech)
- Denmark's Central Bank hacked through SolarWinds vulnerability
- BreachExchange: SolarWinds hackers breach Microsoft support agent to target customers
- Hackers Disguise Rootkit as Microsoft Drivers
- SolarWinds Hackers Continue Assault With a New Microsoft Breach (Forbes Alert)
- SolarWinds hackers remained in Denmark's central bank for monthsSecurity Affairs
- Microsoft: malicious cyber group Nobelium tried to attack entities in 36 countries (Israel Defense)
- SEC Conducts Sweep Of Customers Impacted By SolarWinds Cyber Breach - Corporate/Commercial Law (United States)
- SEC Conducts Sweep of Customers Impacted by SolarWinds Cyber Breach (Securities Litigation and Regulatory Enforcement)
- Denmark’s Central Bank Compromised by SolarWinds Cyber Attack: Media Report
- Danmarks Nationalbank’s comments on media reports about SolarWinds
- Senators propose bill to help private sector defend against hackers (hill)
- Danish central bank denies suffering breach in SolarWinds hack (Central Banking)
- Russian hackers had months (long access to Denmark's central bank)
- SolarWinds Investigation Leads Microsoft to Another Security Breach Discovery (FindBiometrics)
- SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers (NY Press News)
- NSA discloses hacking methods it says are used by Russia (The Seattle Times)
- Hackers Had Secret Access to Danish National Bank for Seven Months After SolarWinds Attack – Report (SGT Report)
Date 2021-07-01
- SolarWinds hackers had access to Denmark's central bank for 7 months, report says (CyberScoop)
- Microsoft says new breach discovered in probe of suspected SolarWinds hackers (Reuters)
- Microsoft says SolarWinds hacking group has breached three new victims (The Record by Recorded Future)
- Bipartisan Legislation Would Establish Cybersecurity Literacy Campaign
- Microsoft says its own customer support tools were compromised by SolarWinds hackers (Verge)
- SolarWinds backdoor gang pwns Microsoft support agent to turn sights on customers (Register)
- Microsoft says its own customer support tools were compromised by SolarWinds hackers (Sports Grind Entertainment)
- Microsoft reports previously undetected security breach while investigating SolarWinds hack — RT USA News
- SolarWinds : Cyberattack Generates Recent Widespread SEC Enforcement Requests (MarketScreener)
- Microsoft: Russia (linked SolarWinds hackers breached three new entitiesSecurity Affairs)
- Senators propose bill to help tackle cybersecurity workforce shortage (hill)
- SolarWinds hackers breach new victims, including a Microsoft support agent (ars)
- Microsoft Discloses New Customer Hack Linked to SolarWinds Cyberattackers (WSJ)
- Microsoft says new breach discovered in probe of suspected SolarWinds hackers (Netscape Money & Business)
- Microsoft claims its own customer support tools have been compromised by SolarWinds hackers – . (FR24 News English)
- SEC FORM 3
- SolarWinds hackers breach new victims, together with a Microsoft help agent (EAUC News)
- SolarWinds Hackers Accessed Microsoft Customer Service Tools (Teller Report)
- SolarWinds hackers break into new victims, including Microsoft support agents (Fuentitech)
- SolarWinds Hackers Breach New Victims, Including Microsoft Support Agent (Salesground)
- Microsoft Says SolarWinds Hackers Attacked Three in New Breach (usnewsmail)
Date 2021-06-26
- US Seizes Domains Used by SolarWinds Hackers in Cyber Espionage Attacks (News Nation USA)
Date 2021-06-25
- Hillicon Valley: Cyber agency says SolarWinds hack could have been deterred | Civil rights groups urge lawmakers to crack down on Amazon's 'dangerous' worker surveillance | Manchin-led committee puts forth sprawling energy infrastructure proposal (TheHil)
- U.S. SEC probing SolarWinds clients over cyber breach disclosures -sources (Reuters)
- U.S. SEC seeks information from SolarWinds clients in cyber breach probe (Regina Leader Post)
- World Business Report: Update: US authorities open probe into SolarWinds' cyber breach on Apple Podcasts
- Cyber agency says SolarWinds hack could have been deterred by simple security measures
- U.S. SEC probing SolarWinds clients over cyber breach disclosures (sources)
- SolarWinds’ Breach Disclosures Being Painstakingly Examined by U.S. SEC (Byte News)
- Mandatory Cyber Reporting Within 24 Hours: Sen. Warner Bill - Breaking Defense Breaking Defense (Defense industry news, analysis and commentary)
- Software bills of materials (SBOM) could help improve cybersecurity (CNX Software)
- SolarWinds Hackers Could Have Been Waylaid by Simple Countermeasure -US Officials - Latest Tweet by Reuters (LatestLY)
- SolarWinds hackers may have been thwarted by simple security measures, officials say (Fuentitech)
- US SEC Requests Information from SolarWinds Customers in Cyber Attack Investigation (RB Tech Inc)
- The Cybersecurity 202: Defense contractors are yet another sector highly vulnerable to hacking, study finds (wapo)
- Government-mandated SBOMs to throw light on software supply chain security (CSO Online)
- US SEC investigates SolarWinds clients over cyber breach disclosures (IT PRO)
- Rethinking US Federal network defenses. Mandatory reporting laws. International CyberCrime Prevention Act, RICO, and money laundering.
- U.S. SEC has begun probe of cyber breach by SolarWinds – sources
- US SEC investigates SolarWinds clients over cyber breach disclosures (The Cyber Security News)
- SolarWinds hackers could have been waylaid by simple countermeasure – U.S. officials (102.5 Duke FM)
- SolarWinds Clients Said to Face US SEC Probe Over Cyberattack Disclosures (News Update)
- Could better cyber hygiene have prevented the SolarWinds attack?
- Hillicon Valley: Cyber agency says SolarWinds hack could have been deterred | Civil rights groups urge lawmakers to crack down on Amazon's 'dangerous' worker surveillance (Manchin-led committee puts forth sprawling energy infrastructure proposal - The Ne)
- The US Securities and Exchange Commission is investigating SolarWinds clients for hacking detection - Sources by Reuters (Asia Pacific Live Update)
- US SEC Investigates SolarWinds Clients for Cyber Breach: Report (Economy and Business News - Insider Voice)
- Total Solar Eclipses Shed Light on the Temperature of Solar Winds and Sun's Corona (Science Times)
- Politics: Cyber agency says SolarWinds hack could have been deterred by simple security measures - PressFrom (US)
- SolarWinds customers asked to face investigation from US SEC over cyber breach disclosure (Indian Lekhak)
- SEC Investigates If Companies Did Not Disclose Effects of SolarWinds Cyber Breach (UK Time News)
- CISA: Firewall Rules Could Have Blunted SolarWinds Malware
- SEC Reportedly Probing SolarWinds Breach | Hacking (TechNewsWorld)
- CISA believes SolarWinds attack could have been prevented with simple countermeasures | 2021-06-23 (Security Magazine)
- SolarWinds Cyberattack Generates Recent Widespread SEC Enforcement Requests (Troutman Pepper - JDSupra)
- CISA: No organization in the public or private sector could’ve prevented SolarWinds breach (FRN)
- Did Companies Fail to Disclose Being Affected by SolarWinds Breach? (The Cyber Post)
- Recent SEC Enforcement Requests Related to SolarWinds Cyberattack (Skadden, Arps, Slate, Meagher & Flom LLP - JDSupra)
- CISA believes SolarWinds attack could have been prevented with simple countermeasures (Cyber Reports Cybersecurity News & Information)
- SEC Reportedly Probing SolarWinds Breach (Hacking - newsbinding)
- SEC “Sweep” of Public Companies’ & Registrants’ Responses to the SolarWinds Cyberbreach
- Federal Agencies Could Have Neutralized SolarWinds Breach, CISA Says
- The SEC is reportedly investigating SolarWinds breaches (Hacking - Fuentitech)
- US SEC probing clients of SolarWinds over cyber (breach)
- SEC Reportedly Investigating SolarWinds Disruption (Breaking into - The Rv Article)
- Energy wants $201 million to bolster cybersecurity in wake of attacks
- House lawmakers introduce bill to increase American awareness of cyber threats (hill)
- SEC “Sweep” of Public Companies’ & Registrants’ Responses to the SolarWinds Cyberbreach (Faegre Drinker Biddle & Reath LLP - JDSupra)
- CMMC: The Dramatic Year of the Pentagon’s Contractor Cybersecurity Program (Nextgov)
- Key Lawmaker Calls on Pentagon Leadership to Act on Cyber Certification Program (Nextgov)
- Open Source Security: Google Has New Plans to Stop Software Supply Chain Attacks (Texas News Today)
- SEC.gov (In the Matter of Certain Cybersecurity-Related Events (HO-14225) FAQs)
Date 2021-06-23
- SEC still digging into SolarWinds fallout, nudges undeclared victims (Register)
- SP 800-216 (Draft), Recommendations for Federal Vulnerability Disclosure Guidelines (CSRC)
Date 2021-06-22
- Jake Sullivan: U.S. preparing more sanctions for Russia
- SolarWinds hackers could have been waylaid by simple countermeasure -US officials (National Post)
- Biden’s executive order on cybersecurity should include behavior transparency (TechCrunch)
- U.S. SEC probing SolarWinds clients over cyber breach disclosures -sources (Reuters)
- US SEC officials say government agencies have begun investigating SolarWinds cyber infringement (Texas News Today)
- SEC Investigating Companies’ Handling of SolarWinds Attack (Bloomberg)
- SolarWinds hackers could have been waylaid by simple countermeasure -US officials (Reuters)
Date 2021-06-21
- Cybersecurity Rule Could Prompt DoD Supplier Fallout (EE Times)
Date 2021-06-20
- SolarWinds response team recounts early days of attack
- Senate bill proposes requiring cyber incident notification to feds within 24 hours (CyberScoop)
- Senate confirms first White House cyber director
- What Microsoft officials know about Russian phishing hacks aimed at USAID (Illinois News Today)
- Open-source security: Google has a new plan to stop software supply chain attacks (ZDNet)
- Binary Authorization for Borg: how Google verifies code provenance and implements code identity
- Critical cyber targets: You can't touch this (again), Biden tells Putin
- Google dishes out homemade SLSA, a recipe to thwart software supply (chain attacks • The Register)
- Cybersecurity Rule Could Prompt DoD Supplier Fallout (EE Times)
- Systemic cyberattacks trigger response from insurers (Insurance Business)
- The Cybersecurity 202: The race is on to make hacked companies more accountable to government. (wapo)
- Google’s latest framework aims to prevent SolarWinds (like supply chain attacks)
- Senators Draft a Federal Breach Notification Bill
- Britain blames Putin's spies for massive SolarWinds cyber attack (Daily Mail Online)
Date 2021-06-18
- Cyber EO May Move Software Supply Chain Security From Neutral to Highway Speed (MeriTalk)
- NSA cyber director discusses US response, approach to apparent espionage operation
- Is an Attacker Living Off Your Land?
- SolarWinds hackers are attempting phishing attacks targeting 150 organizations, Microsoft said. (Illinois News Today)
- Tonya Ugoretz: FBI Needs Industry Cooperation to Address Cyber Incidents
- Microsoft's CISO: Why we're trying to banish passwords forever (ZDNet)
Date 2021-06-17
- Federal CISO forecasts one of toughest tasks in sweeping Biden cyber executive order
- Cyber EO response will involve leaders from every agency, Federal CISO says (FedScoop)
- Biden Signs Executive Order Intended to Improve the Federal Government's Cybersecurity (Troutman Pepper - JDSupra)
- How FireEye attributed the SolarWinds hacking campaign to Russian spies (CyberScoop)
- Preventing Supply Chain Attacks like SolarWinds (Linux Foundation)
- How LF communities enable security measures required by the US Executive Order on Cybersecurity (Linux Foundation)
- Federal Register :: Software Bill of Materials Elements and Considerations
- A New Kind of Trust Root. Announcing the Sigstore Root Key… | by Dan Lorenc | Jun, 2021 (sigstore)
Date 2021-06-16
- Key Senator Wants Biden to Raise SolarWinds in International Negotiations (Nextgov)
- DHS poised to remake federal hiring in September to confront cybersecurity gap - (FCW)
- Bank of America spends over $1 billion per year on cybersecurity
- Solarwinds Corp 2021 Definitive information statements DEF 14C
- Form DEF 14C SolarWinds Corp For: Jun 11
- Notification no (nos: What to avoid when alerting customers of a breach)
- Biden Signs Executive Order Aimed at Improving the Federal Government’s Cybersecurity (Troutman Pepper - JDSupra)
- Federal cyber spending to drive an M&A surge, analyst says (Washington Business Journal)
- Cyber regulation could come after a series of hacks and ransomware attacks (Voice of America - Texas News Today)
Date 2021-06-12
- US Cyber Command wants more money for network defense
- Biden moves closer to filling critical cyber roles as administra (WENY News)
- Sen. Warner teases bipartisan bill requiring some companies to report cyberattacks
- Time (lapse Video and Photos of Michigan's 2021 Solar Eclipse)
- We Already Know How to Stop SolarWinds (Like Hacks)
- Understanding the Biden Administration’s Cybersecurity Executive Order (ABA Banking Journal)
- How Attackers Exploit Active Directory: Lessons Learned from High-Profile Breaches (secblvd)
- DOJ Seizes Millions in Ransom Paid to Colonial Pipeline Hackers (Kramer Levin Naftalis & Frankel LLP - JDSupra)
Date 2021-06-11
- SolarWinds Corporation (Bernstein Litowitz Berger & Grossmann LLP)
- Consolidated Complaint for Violations of the Federal Securities Laws
Date 2021-06-09
- Security clearance demands are exploding and government must keep up - (FCW)
- DOJ recovers most of ransom Colonial Pipeline paid to DarkSide hackers | News (coloradopolitics.com)
- Zero Trust is the Only Way: President Biden’s Executive Order Simplified (secblvd)
- Biden prepping cybersecurity executive order in response to SolarWinds attack
- SolarWinds lawsuit expands to include private equity owners
- FireEye CEO Kevin Mandia On Ransomware: Businesses Must ‘Try To Reduce The Blast Radius’ Of Attacks
- SolarWinds lawsuit claims private equity owners ‘sacrificed cybersecurity to boost short-term profits’ (The Open Security)
- Russian SolarWinds hackers have launched a new campaign using their USAID email address, Microsoft said. (Illinois News Today)
- CISA launches platform to let hackers report security bugs to US federal agencies (TechCrunch)
- FireEye CEO: 'We are getting sucker (punched in cyberspace')
Date 2021-06-08
- Strengthening US Cybersecurity: Impacts of the Executive Order (NAVEX Global - JDSupra)
- America must repel and punish cyber-attackers | Editorials (mtexpress.com)
- India's Cybersecurity Breach Reporting Law: Time for an Overhaul? (Illinois News Today)
- Energy secretary backs ban on ransomware payments: 'You are encouraging the bad actors'
- Meatpacking giant JBS believes Russia behind hack that hit plants - Raw Story (Celebrating 17 Years of Independent Journalism)
Date 2021-06-05
- will over solarwinds latest massive phishing
- Biden weighs direct action against Russian targets following cyberattacks (WHAM)
- Russia's Nobelium uses USAID's email system for hacking, according to Microsoft (Illinois News Today)
- Biden Warns Businesses of Increased Cybersecurity Threat
- New Executive Order Issued on Improving Nation’s Cybersecurity (Lexology)
Date 2021-06-03
- Cybersecurity for U.S. critical infrastructure a ‘national (security imperative,’ NSC official says – Urgent Comms)
- Here Are Some Of The Major Hacks The U.S. Blamed On Russia In The Last Year
- Meatpacking giant JBS hit by cyberattack; believes Russia involved
- SolarWinds Threat Actors Behind New Email Attack Campaign
- Poisoned Installers Found in SolarWinds Hackers Toolkit (Flizzyy News)
- NobleBaron (New Poisoned Installers Could Be Used In Supply Chain Attacks - SentinelLabs)
- Justice Department seizes domains used in Nobelium-USAID phishing campaign (ZDNet)
- US seizes 2 domain names used in cyberespionage campaign (The Seattle Times)
- Feds seize two domains used by SolarWinds intruders for malware spear (phishing op • The Register)
- Senate Hearing Considers CMMC, and Ability to Stop a SolarWinds-Type Attack (PubKGroup)
- SolarWinds lawsuit claims private equity owners ‘sacrificed cybersecurity to boost short-term profits’ (The Cyber Security News)
- Cyberattack On World's Biggest Meat Company 'Likely Based In Russia'
- New Wave of Phishing Attacks: SolarWinds Hackers Target Government and NGOs
- SolarWinds Attackers Launch New Wave Of Nobelium Attacks - Malware News (Malware Analysis, News and Indicators)
- SolarWind Attackers Launch New Wave Of Phishing Attacks
- New sophisticated email-based attack from NOBELIUM (MS Security)
- US SolarWinds hackers seize domains used in cyber espionage attacks (Jioforme)
- U.S. seizes domains used in USAID hack (UPI)
Date 2021-06-02
- SolarWinds Hackers Return, Launch Phishing Campaign Using Compromised Account of US Foreign Aid Agency (CPO Magazine)
- Another Nobelium Cyberattack (Microsoft On the Issues)
- SolarWinds Attack Ongoing U.S. Sets Aside $750 Million to Respond (USA Herald)
- SolarWinds Engineer's Toolset vs. Splunk Enterprise vs. Terabit Security Comparison
- Solarwinds: 150 companies massively targeted by APT29
- Nobelium: The SolarWinds Hackers is Back With Another Cyber Attack (secblvd)
- US Proposes $750m For Federal SolarWinds Response (IT Security News)
- Russian hackers of SolarWinds back on the attack
- How SolarWinds Hackers ‘Nobelium’ Used Constant Contact in Mass Phishing Campaign
- Russian SolarWinds Hacker Launches New Phishing Campaign-Security (Illinois News Today)
- New breach by hackers behind SolarWinds 'mostly unsuccessful', says Microsoft (Secure books)
- Biden's $6T budget includes cybersecurity, broadband infrastructure (Healthcare IT News)
- GISEC 2021: SolarWinds CEO to deliver a keynote address titled SolarWinds: Secure by Design on June 2 (Enterprise Channels MEA)
- The Line in the Sand: How We Respond Today Impacts Our Security Tomorrow (secblvd)
- Cyberattacks on Companies' IP Threaten the Global Order (Barron's)
- Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber
- SolarWinds hackers launch phishing attack - (GCN)
- JBS cyber attack: 1/5 of beef production wiped out in massive hack (Axios)
- U.S. seizes two domains used in cyberattacks that mimicked USAID communications (Nasdaq)
Date 2021-06-01
- Gen. Alexander Says Russian Cyber Attacks Escalating, ‘More Blatant’ (News Talk WBAP-AM)
- Gen. Alexander Says Russian Cyber Attacks Escalating, 'More Blatant' (Newsmax.com)
- The SolarWinds hackers aren’t back—they never went away (ars)
- Keith Alexander Warns About Cyberattacks Linked to Russia
- Microsoft Says SolarWinds Hackers Are Back, USAID Breached
- SolarWinds Hackers Have Not Returned, They Have Never Been Removed (J99news)
- Implications Of Russian Solarwinds Hackers New Email Attack On Government Agencies (Information Security Buzz)
- US agencies lack supply chain best practices post (SolarWinds)
- Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach | #microsoft | #hacking (#cybersecurity - National Cyber Security News Today)
- Microsoft has discovered yet more SolarWinds malware | #microsoft | #hacking (#cybersecurity - National Cyber Security News Today)
- Written Sttement of jamie Dimon to Senate Banking Committee
- (16) Dimon: Cyberattacks are getting worse. DC must do more
- SolarWinds prevention, avoiding a cyber security disaster (CyberTalk)
- Hackers targeted SolarWinds faster than previously known (Florida News Times)
- Biden’s Cybersecurity EO: The Wrong Issues (tpost)
- SolarWinds attacker Nobelium targets almost 3,000 emails (ARN)
- Microsoft Catches NOBELIUM's Email Malware Plans, Also Known for its Part in SolarWinds' Attack (Tech Times)
- Microsoft: SolarWinds hackers target 150 orgs with phishing
- SolarWinds hack: Microsoft says SolarWinds hackers now targeting US agencies, NGOs (The Economic Times)
- Microsoft says group behind SolarWinds hack now targeting government agencies, NGOs (Reuters)
- Microsoft: SolarWinds hackers target 150 orgs with phishing | Govt. & Politics (yorknewstimes.com)
- Russian gang behind SolarWinds hack returns with phishing attack disguised as mail from US aid agency (Register)
- SolarWinds hackers are at it again, targeting 150 organizations, Microsoft warns
- Microsoft says group behind SolarWinds hack now targetting government agencies, NGOs (Regina Leader Post)
- Microsoft says SolarWinds hackers have struck again at the US and other countries (CNN)
- New York And Illinois Regulators Recommend Third Party Cybersecurity Review For Specific Vulnerabilities - Technology (United States)
- Khanna, Mace introduce bill to strengthen federal cyber workforce following major hacks (hill)
- MSFT warns group behind SolarWinds cyberattack's returned to target over 150 organizations
- Russian Hackers Of SolarWinds Back On The Attack
- SolarWinds hackers using NativeZone backdoor against 24 countries
- Kremlin says has no information on U.S. cyber attack, directs questions to Microsoft (The Star Phoenix)
- SolarWinds attacker Nobelium targets over 150 companies in new mass email campaign (CSO Online)
- Hackers are using Trump’s election fraud conspiracy to break into U.S. government agencies
- Microsoft warns that Russian hackers used US agency to mount huge cyberattack (CNET)
- 14 Alternatives To SolarWinds Network Bandwidth Analyzer, Pros, Cons & Questions (Hackers Pad)
- Annual FireEye Mandiant M (Trends Report Reveals Global Statistics and Insights From Hundreds of Diverse Intrusions)
- FireEye Mandiant M (Trends 2021 report)
- Fireeyye - [Report] M (Trends 2021)
Date 2021-05-27
- It's Time for Congress to Push Companies to Come Forward on Hacks (Just Security)
- Turn the Tables: Supply Chain Defense Needs Some ...
- United States House of Representatives : Chairman Foster Opening Statement for Hearing on SolarWinds and Improving the Cybersecurity of Software Supply Chains
- DoJ, FBI, IC reviewing supply chain threats posed by Russian companies (FRN)
- VIDEO: Congress Holds Joint Hearing On SolarWinds Hack And Cybersecurity (LiveTube)
- SolarWinds, Exchange attacks revive calls for mandatory breach notification, better information sharing (R Street)
- SolarWinds hack 'a big wakeup call,' NASA's human spaceflight chief says (Space)
- Biden urged by tech firms to embrace commercial software
- White House taps Matt Olsen, Uber security boss and former NSA lawyer, to lead key DOJ division
Date 2021-05-26
- Colonial ransomware hack spurs first-ever cybersecurity regulations for pipeline industry (wapo)
Date 2021-05-25
- 'Early recon activities' for SolarWinds hack may have started in early 2019 ⋅ Windows Global
Date 2021-05-23
- Plurilock Issues Statement Following U.S. Executive Order to Increase Cybersecurity Defenses
- Senate Homeland Security and Governmental Affairs Hearing on Cybersecurity (UPI)
- Parsing Biden’s Cybersecurity Order (secblvd)
- SolarWinds CEO extends hack timeline, rethinks intern blame (Cybersecurity Dive)
- Would CMMC compliance block a SolarWinds-style attack? - (FCW)
- How 2 New Executive Orders May Reshape ...
- How to Avoid Another Cybersecurity Disaster Like SolarWinds
- 12 Lessons Learned From The SolarWinds Breach: RSA Conference
- CrowdStrike breaks down 'Golden SAML' attack
- Hackers targeted SolarWinds earlier than previously known (WDHN - DothanFirst.com)
- Hackers targeted SolarWinds earlier than previously known (Arab News PK)
- New Bill Proposes that Americans Should Be Able to Sue Foreign Hackers (Faegre Drinker Biddle & Reath LLP - JDSupra)
- SolarWinds CEO: Attack Began Much Earlier Than Previously Thought (NewsOpener)
- Hackers targeted SolarWinds earlier than previously known (Inside Telecom)
- CISA and NIST Guidance on Software Supply Chain Attacks
- Is it time to test the limits -- and potential -- of expanding CMMC? - (Defense Systems)
- UPDATE 1 (SolarWinds CEO says hackers may have struck months earlier than thought)
- Hackers Targeted Solarwinds Earlier than Previously Known (VOA)
- What to do? GSA cyber advisor offers tips on supply chain risk management. (scmedia)
- Hackers targeted SolarWinds earlier than previously known
- SolarWinds hack: Nation-state attackers could have launched supply chain attack nine months before previously thought (The Daily Swig)
- SolarWinds CEO Apologizes For Blaming An Intern
- The 3 elements of a sound threat intelligence program (TechRepublic)
- SECURITY ALERT - SolarWinds CEO: Attack Began Much Earlier Than Previously Thought (MalwareTips Community)
- Veterans Affairs says no evidence of data loss from SolarWinds hack (FRN)
- CMMC is not as scary as you think (secblvd)
- Dave MacKinnon takes over as CSO of N-able (formerly SolarWinds MSP) | 2021-05-21 (Security Magazine)
- SolarWinds hackers had earlier access than previously thought; Russia denies role (Seeking Alpha)
- President Biden Announces Sweeping New Cybersecurity Reforms (Pillsbury Winthrop Shaw Pittman LLP - JDSupra)
- N-able Announces New Chief Security Officer and General Counsel to Its Executive Leadership Team (N-able)
- The UK’s Approach to Russian Cyber Operations Shows No Signs of Changing (RUSI)
- Hackers targeted SolarWinds earlier than previously known (Arab News)
- SimuLand: Understand adversary tradecraft and improve detection strategies (MS Security)
- Solar Storm Coming to Earth at 2.1 Million km per Hour: How Dangerous Is It? (Nature World News)
- Hackers targeted SolarWinds earlier than previously known
- SolarWinds CEO: Hackers Were Doing "Early Recon" As Early As January 2019 (My TechDecisions)
- Cybersecurity Legal Task Force
Date 2021-05-21
- SolarWinds: A Harbinger For a National Data Breach Reporting Law (Decipher)
- Microsoft Corporation (NASDAQ:MSFT), Solarwinds, Inc. (NYSE:SWI) - Biden Administration Prioritizes Cybersecurity Funding Following Multiple Hacks (Benzinga)
- How CISA limited the impact of the SolarWinds attack (FRN)
- SolarWinds CEO says hackers may have struck in January 2019, months earlier than thought (Reuters)
- Biden calls for $22 billion in cyber security funding (IT PRO)
- CEO: SolarWinds Attack Dates Back to at Least January 2019 (PCMag)
- SolarWinds CEO says hackers may have struck months earlier ...
- President Biden's Executive Order to Improve Cybersecurity Issued (King & Spalding - JDSupra)
- SolarWinds CEO apologizes for blaming an intern, says attack may have started in January 2019 (The Record by Recorded Future)
- SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern
- SolarWinds CEO says hackers may have struck months earlier than thought (Nasdaq)
- SolarWinds: The Detailed Account of the Incident Response (RSA)
- #RSAC: SolarWinds CEO Provides new details on attack and response (Jioforme)
- #RSAC: SolarWinds CEO Provides New Details into Attack and Response (The Cyber Security News)
- SolarWinds CEO says hackers may have struck months earlier than thought (Reuters)
- President Biden’s Cybersecurity Order Takes Security Seriously (Lowndes - JDSupra)
- House Panel Passes Bill to Explore Bringing State and Local Cybersecurity Workers into CISA (Nextgov)
- The Negligence behind the Colonial Pipeline Hack | Business (stltoday.com)
- To avoid insider threats, security strategies call for behavioral profiling and anomaly comparison | 2021-05-20 (Security Magazine)
- President Biden’s Recent Cybersecurity Executive Order Will Increase Compliance Obligations on the Private Sector (Lexology)
Date 2021-05-20
- Cyber Defense Isn't a Niche Issue Anymore (Bloomberg)
- CISA’s EINSTEIN had a chance to be great, but it’s more than good enough (FRN)
- Biden Proposes Billions for Cybersecurity After Wave of Attacks (Regina Leader Post)
- CISA Issues Guidance on Evicting Adversaries from Networks Following SolarWinds Attacks
- Nearly 40 defense companies were impacted in SolarWinds breach (FedScoop)
- Cybersecurity for All: President Biden Issues Sweeping Cybersecurity Executive Order (Holland & Knight LLP - JDSupra)
- Biden administration eyes cybersecurity funding after attacks | The Mighty 790 KFGO (KFGO)
- False Claims Act is a Weapon against Breaches and Whistlenlowers
- Gibson Dunn (President Biden Issues Executive Order to Enhance U.S. Cybersecurity in the Wake of Major Cyber Incidents)
- Legislation to secure critical systems against cyberattacks moves forward in the House (hill)
- CISA releases Eviction Guidance for SolarWinds, Microsoft O365 compromises
- #RSAC: Anne Neuberger Sets Out Biden Administration’s Plan to Modernize US Cyber-defenses (Infosecurity Magazine)
- Biden EO Has Teeth, But May Prove Difficult to Implement (secblvd)
- Biden administration eyes cybersecurity funding after hacks
Date 2021-05-19
- Biden's cyber order lays foundation for securing government - (Defense Systems)
- Voyager 1 discovers faint plasma 'hum' in interstellar space (Space)
- Biden Administration Issues Cybersecurity Executive Order
- CISA releases Eviction Guidance for SolarWinds Orion, Microsoft Office365 users (Industrial Cyber)
- Solarwinds : Security vulnerabilities
- Russia Sanctioned For Role In SolarWinds Supply Chain Attack - Technology (United States)
- SolarWinds breach exposes hybrid multicloud security weaknesses (Public News)
- CISA: Disconnect Internet for 3-5 Days to Evict SolarWinds Hackers From Network (SecurityWeek.Com)
- Can NTSB-style oversight work for cybersecurity? - (FCW)
- Zero trust moves from vision to reality - (GCN)
- DOD Zero Trust Reference Architecture
- Russian spy chief denies SVR was behind Solarwinds cyber ...
Date 2021-05-18
- How Hackers Infiltrated U.S. Government Servers Through A Texas (Based Company)
- Subscribe to read (FT)
- 1 - Unpacking the SolarWinds Breach: Now What? | Infrastructure Anywhere: A Podcast Series from CPP Associates | Podcasts on Audible (Audible.com)
- CISA Eviction Guide for SolarWinds, Microsoft O365 Compromises
Date 2021-05-17
- Congress to Speed up Efforts on Pushing out Hack Reporting Law (KMJ-AF1)
- Biden issues order to strengthen nationwide cyber defenses
- National Cyber Defense Is a "Wicked" Problem: Why the Colonial Pipeline Ransomware Attack and the SolarWinds Hack Were All but Inevitable
- SolarWinds breach exposes hybrid multicloud security weaknesses (VentureBeat)
- President Biden pens Executive Order to boost US cybersecurity
- The SolarWinds and Zero Trust Conversation You've Been Waiting For | The Well Aware Security Show | Podcasts on Audible (Audible.com)
- SolarWinds breach exposes hybrid multicloud security weaknesses (DNyuz)
Date 2021-05-16
- Cybersecurity Execs Weigh In On Biden Executive Order (SDxCentral)
- Executive Order on Improving the Nation's Cybersecurity (The White House)
- Biden Says Gov't To Disrupt Pipeline Ransomware Hackers (Law360)
- Biden's Cybersecurity Order Benefits CrowdStrike, Dragos: Experts
- President Biden signs cybersecurity executive order (SD Times)
- The politics and policy of SolarWinds (CSO Online)
- Supply Chain Cybersecurity Risks: What the SolarWinds Breach Should Teach Us (BTB Security)
- Cyber EO lays a foundation for securing government - (GCN)
- iTWire (New cyber rules will be judged by their efficacy: Tenable chief)
- Former CISA chief says Biden order on cybersecurity is "dramatic game change" (CBS News)
- Biden Order Aims To Tighten Software Security Practices - (Redmondmag.com)
- Responding With Strength To The SolarWinds Attack - Technology (United States)
- Joe Biden Signs Executive Order to Boost Cybersecurity
- Biden Takes Executive Action to Strengthen National Cybersecurity, Secure Supply Chains
- Opinion: Agencies Need More Reliable Authentication To De-Weaponize Stolen Data During SolarWinds Breach (Potomac Officers Club)
- CISA Publishes Eviction Guidance for Networks Affected by SolarWinds and AD/M365 Compromise (CISA)
- Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise (CISA)
- Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise: Risk decisions for Leaders
- Biden signs executive order to modernize cyberdefenses
- Lawmakers introduce bill to protect critical infrastructure against cyberattacks (hill)
- Biden signs executive order to bolster US cyber security following pipeline attack
- Microsoft Could Get $150 Million in US Cyber Spending Despite Recent Hacks (English Bulletin)
- White House cybersecurity order lands with a plea for private sector help (Utility Dive)
- Linux and open-source communities rise to Biden's cybersecurity challenge (ZDNet)
- Biden's Cybersecurity Order Likely To Reach Beyond Gov't (Law360)
- Cybersecurity Executive Order: Can automation fix the nation’s misconfiguration problem? (secblvd)
- Cybersecurity: Why the new White House executive order is a major turning point (Fortune)
- President Biden outlines new software policy following recent cyberattacks (TechRadar)
- Former head of U.S. cybersecurity Christopher Krebs on “The Takeout” - 5/14/2021 (CBS News)
- In EO, federal security provides impetus for far reaching cyber implications
- US sanctions 10 Pakistani individuals and companies for meddling in 2020 presidential election - World (Business Recorder)
- Security News in Review: Biden Administration Aims to Disrupt Ransomware Gangs (secblvd)
- Why the Colonial Pipeline Ransomware Attack and the SolarWinds Hack Were All but Inevitable (California News Times)
- UK and US confirm Russian responsibility for SolarWinds attack - Industry (update.com)
Date 2021-05-14
- Senators discuss federal cybersecurity following SolarWinds hack (WYTV)
- Senators Want FISMA Changes on Cyberattack Reporting (MeriTalk)
- Senators Cite Colonial Pipeline Hack in Calling for Cyber Response and Recovery Fund (Nextgov)
- Senate committee holds hearing on cybersecurity after massive SolarWinds hack (The Global Herald)
- RSAC insights: SolarWinds hack illustrates why software builds need scrutiny — at deployment (secblvd)
- Lawmakers eye tightening law to get more details on cyberattacks (Roll Call)
- Federal SolarWinds Recovery : FedNet
- SolarWinds CEO describes overhauled Orion build system after that ‘very small, unique’ security breach (IT Security News)
- CISA to pilot secure cloud instance in response to SolarWinds attack (FRN)
- Supply chain penetration: Here’s how you can protect yourself (HT Tech)
- Russia must do more to tackle cyber criminals operating from within its borders, says UK (ZDNet)
- Mark Warner calls for mandatory reporting of hacks after Colonial Pipeline attack
- Dark Reading | Security (Protect The Business)
- Statemtnt of Ryan A Higgins, CISO Dept Commerce reporting to DHS
- Moscow Cuts U.S. Embassy Staff Marking Latest Decline In U.S. (Russia Relationship)
- Biden signs executive order to strengthen cybersecurity after Colonial Pipeline hack
- Biden Signs Order to Boost Cybersecurity After Pipeline Hack (Bloomberg)
- Biden signs much-anticipated cybersecurity executive order - (FCW)
- House lawmakers roll out bill to invest $500 million in state and local cybersecurity (hill)
- How SolarWinds cyber-attack forced US to sanction Russia - CRN (India)
- FACT SHEET: President Signs Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Networks (The White House)
- Biden signs order to beef up federal cyber defenses (LV Sun)
- Biden cyber executive order reignites push to cloud, zero trust
- SolarWinds CEO describes overhauled Orion build system after that 'very small, unique' security breach • The Register (SecuritNEWS)
- Biden Plans Order to Strengthen U.S. Cyberattack Defenses (nyt)
- Biden signs executive order aiming to prevent future cybersecurity disasters (Verge)
- Biden issues executive order following mounting cyberattacks (Axios)
- Biden Orders IT Gov't Contractors To Report Data Breaches (Law360)
- Biden orders federal cyber upgrade after barrage of hacks (POLITICO)
- Biden signs cybersecurity executive order after ransomware attack on fuel pipeline (CBS 42)
- Biden signs order to improve federal cybersecurity
- How Biden's new executive order plans to prevent another SolarWinds attack (The Record by Recorded Future)
- Biden signs executive order to improve federal cybersecurity (hill)
- Biden Signs Cybersecurity Executive Order Following Colonial Pipeline Hack : NPR
- Biden cybersecurity order mandates new rules for govt ...
- Biden signs cybersecurity executive order in the wake of pipeline shutdown
- Biden signs security (focused executive order meant to accelerate breach reporting, boost software standards)
- Biden signs executive order aimed at boosting cybersecurity
- SolarWinds Hacking Claim a 'False Flag' by US Intelligence Seeking More Funding, Moscow Says (Sputnik)
- Biden Executive Order Follows Recent Cyberattacks : NPR
- Microsoft's new security feature locks hackers out with GPS (ZDNet)
- Biden's Executive Order Will Not Stop Cyber Attacks (LinkedIn)
- Biden cybersecurity order tackles software risks in energy, other sectors following Colonial hack (Utility Dive)
- Biden’s Cyber Strategy Must De-weaponize Civilian Data (Nextgov)
- Cybersecurity executive order or fire drill? (FRN)
- Biden Signs Executive Order to Bolster Federal Government’s Cybersecurity (nyt)
- President Biden signs executive order to strengthen U.S. cybersecurity defenses | 2021-05-13 (Security Magazine)
- Biden says Colonial Pipeline hackers based in Russia, but not government-backed (hill)
- Bahamas must ‘step up game’ on cyber security (The Tribune)
- Biden signs cybersecurity executive order, though rules wouldn't (WENY News)
- Joe Biden signs executive order to beef up federal cyber defenses following pipeline hack - ABC11 Raleigh (Durham)
- Biden Executive Order Mandates MFA, Zero Trust Model and Standardized Incident Reporting
- Everything You Need to Know about the New Executive Order on Cybersecurity (Lawfare)
- Biden's Cybersecurity Executive Order: 4 Key Takeaways
- Senator Proposes Cyber 'Academy' to Attract More to National Service (Military.com)
- Biden Executive Order on Cybersecurity Calls for Enhanced Software Supply Chain Security (secblvd)
- Education CISO Discusses Zero Trust, Automation Going Hand-in (Hand – MeriTalk)
- Rapid7 says attacker accessed its source code in Codecov supply chain hack
- Cyber Response Bill Advances in Senate (Nextgov)
- Biden Signs Executive Order On Cybersecurity In Wake Of Pipeline Hack (WXXI News)
Date 2021-05-13
- SolarWinds CEO describes overhauled Orion build system after that 'very small, unique' security breach (Register)
- Biden Signs Executive Order to Bolster Federal Government’s Cybersecurity (nyt)
Date 2021-05-12
- US spy agencies review software suppliers' ties to Russia following SolarWinds hack
- SolarWinds Says Hackers Probably Stole Data from Email Accounts — GigaLaw
- Mandatory Breach Notification Requirements Are Coming For Government Contractors - Technology (United States)
- Watch live: Acting CISA director testifies on cybersecurity following SolarWinds hack (hill)
- SolarWinds Opened the Door for Cybersecurity Culture Overhaul at DHS
Date 2021-05-11
- U.S., U.K. Reveal Code Flaws Abused by SolarWinds Hackers
- Hackers accessed SolarWinds' Office 365 since early 2019 - Security - Channel Meets (CRN Australia)
- SolarWinds Says Russian Group Likely Took Data During Cyber-Attack (HITBSecNews)
- Defending Against Software Supply Chain Attacks
- NIST and CISA Release Guidelines for Organizations and Vendors To Defend Against Software Supply Chain Attacks (CPO Magazine)
- SolarWinds Shares More Information on Cyberattack Impact, Initial Access Vector (SecurityWeek.Com)
- The Cybersecurity 202: Biden's new CISA director will confront a host of complex challenges (wapo)
- State (Sponsored Cyberattacks Aren’t Going Away — Here’s How To Defend Your Organization)
- Russia targeting these 11 vulnerabilities, US, UK cyber agencies
Date 2021-05-09
- CISA has a better understanding of critical software post (SolarWinds hack)
- NYDFS recommends critical new practices to reduce supply chain risk in wake of SolarWinds attack (Lexology)
- CISA used new subpoena power to contact US companies vulnerable to hacking
- NSA: Connecting OT to the net can lead to "indefensible levels of risk"
- US spy agencies review software suppliers' ties to Russia following SolarWinds hack (CyberScoop)
- Fact Sheet: Russian SVR Activities Related to SolarWinds Compromise
- US-UK Gov Warning: SolarWinds Attackers Add Open-Source PenTest Tool to Arsenal (SecuritNEWS)
- Further TTPs associated with SVR cyber actors
- SolarWinds: Hackers Accessed Our Office 365 Since Early 2019
- An Investigative Update of the Cyberattack (Orange Matter)
- DHS, DOC to Testify Tuesday at SolarWinds Hearing
- Joint advisory: Further TTPs associated with SVR cyber actors (NCSC.GOV.UK)
- SolarWinds Believes Russian Group Took Data During Cyber-Attack (Bloomberg)
- Lawmakers push for increased cybersecurity funds in annual appropriations (hill)
Date 2021-05-05
- Stopping the Next SolarWinds Requires Doing ...
Date 2021-05-04
- Administration drafting EO to help U.S. Gov’t secure digital supply chain
Date 2021-05-03
- NSA: OT Security Guidance in Wake of SolarWinds Attack
- Tips on Enhancing Supply Chain Security (DataBreachToday)
- APT actors increasingly turn to exploits to launch attacks (TahawulTech.com)
- Security News in Review: Emotet Uninstalled Worldwide; Babuk “Goes Dark” (secblvd)
Date 2021-05-01
- More US agencies potentially hacked, this time with Pulse Secure exploits (ars)
- New York State Department of Financial Services Releases Report on SolarWinds Cyber Espionage Attack
- Top US military intelligence official says Russian military pose (WENY News)
- Hunting Hackers: Reducing the Time to Discovery (CSO Online)
- ‘Accelerate change or lose’: Applying Gen. Brown’s action orders to cyberspace education and training
- Microsoft weighs revamping flaw disclosures after suspected leak (Pittsburgh Post-Gazette)
- NYDFS Issues Report on SolarWinds Response and Recommends Critical Cybersecurity Measures (Practical Law)
- Biden Order Will Require New Cybersecurity Standards In Response To SolarWinds Attack (88.5 WFDD)
- Warner says Senate committee working on bill to require mandatory reporting for cyber threats (FRN)
- NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses (Alston & Bird Privacy, Cyber & Data Strategy Blog)
- Supply Chain Security Hinges on Zero Trust, Partnerships: A MeriTV Discussion (MeriTalk)
- US Cuts Visa Services in Moscow Embassy as Russia Squeezes Embassy (Bloomberg)
- Stop Malicious Cyber Activity Against Connected Operational Technology
- The Ticking Time Bomb in Every Company's Code
- Biden Order To Require New Cybersecurity Standards In Response To SolarWinds Attack Morning Edition podcast
- NYDFS Issues Report on SolarWinds (Robinson+Cole Data Privacy + Security Insider - JDSupra)
- Biden Order To Require New Cybersecurity Standards In Response To SolarWinds Attack (Georgia Public Broadcasting)
- Survey Finds Broad Concern Over Third (Party App ...)
- CISA: 5 Agencies Using Pulse Secure VPNs Possibly Breached
- NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses (Alston & Bird - JDSupra)
- Sidechannel Interview with Alex Stamos and Chris Krebs by Kim Zetter - Zero Day (Free Listening on SoundCloud)
- A Tale of Two Hacks: From SolarWinds to Microsoft Exchange (tpost)
Date 2021-04-30
- SolarWinds : Biden Administration Issues New Sanctions On Russia In Connection With SolarWinds And Election Interference Efforts (MarketScreener)
- Biden Order To Require New Cybersecurity Standards In Response To SolarWinds Attack (WFSU News)
- CISA & NIST Publish Recommendations for IT Admins to Defend Against the Next ‘SolarWinds’ Event (HOTforSecurity)
- Biden Order To Require New Cybersecurity Standards In Response To SolarWinds Attack (Flipboard)
- Biden Order Will Require New Cybersecurity Standards In Response To SolarWinds Attack (VPM)
- Biden Order Will Require New Cybersecurity Standards In Response To SolarWinds Attack (Public Radio Tulsa)
- NIST, CISA Share Software Supply Chain Attack Defense Guidance
Date 2021-04-29
- An APT Group Exploits VPN to Deploy Supernova on SolarWinds Orion (Cyware Alerts - Hacker News)
- Anatomy of the SolarWinds Hack: Who What Where When How
- Another top VPN is reportedly being used to spread the SolarWinds hack
- Senate Intelligence panel working on legislation around mandatory cyber breach notification (hill)
- Another SolarWinds lesson: Hackers are targeting Microsoft authentication servers (All Tech News)
- Report: As result of SolarWinds breach, U.S. military concerned about updating software platforms (Israel Defense)
- APT actors increasingly turn to exploits to launch attacks (ITProPortal)
- The Cybersecurity 202: Lawmakers want to create a reserve corps of cybersecurity experts to respond to the next SolarWinds (wapo)
- New York Warns of Supply Chain Attack Dangers in Recent SolarWinds Report
- Dark Reading | Security (Protect The Business)
- Another SolarWinds lesson: Hackers are targeting Microsoft authentication servers (The Open Security)
- What Is Steganography? (Built In)
- SolarWinds, Microsoft Hacks Prompt Focus on Zero-Trust Security | News (CACM)
- The Cybersecurity 202: Lawmakers want to create a reserve corps of cybersecurity experts to respond to the next SolarWinds (R Street)
- GCHQ calls for more UK investment in cybersecurity. US Senate considering information (sharing bill. CISA and NIST offer supply chain security guidance.)
- In Wake of Recent Breaches, FAA Wants to Up Cybersecurity of National Airspace System (Nextgov)
- US poised to impose anti-Russian sanctions over cyberattacks, election meddling — media - World (TASS)
- With sanctions, let’s offer Russia incentives, too (The Seattle Times)
- SolarWinds Supply Chain Attack: How to Protect Your Business
- Lawmakers introduce legislation to create civilian reserve program to fight hackers (hill)
- New York: NYDFS issues report on investigation of SolarWinds cyberattack | News post (DataGuidance)
Date 2021-04-28
- SolarWinds hack analysis reveals 56% boost in command server footprint (ZDNet)
- SolarWinds, Microsoft Hack Quick Focus on Zero Trust Security (India News Republic)
- SolarWinds, Microsoft hacks prompt focus on zero (trust security)
- Well (known VPN used to steal credentials on SolarWinds servers)
- Supply Chain Compromise (CISA)
- A Contrarian View on SolarWinds (SANS Institute)
- The FireEye/SolarWinds cyber attack | Ivanti Insights | Podcasts on Audible (Audible.com)
- SolarWinds, Microsoft hacks prompt focus on zero-trust security (Samachar Central)
- New York State Department of Financial Services Issues Report On The Solarwinds Supply Chain Attack - Report Finds That DFS-regulated Companies Responded Quickly to the Attack (Report Identifies Key Cybersecurity Measures to Reduce Supply Chain Risk)
- Lawmakers Seek to Expand CISA's Role (GovInfoSecurity)
- Hackers are targeting Microsoft authentication servers
- Abusing Replication: Stealing AD FS Secrets Over the Network (fireeye)
- ‘Mandatory’ Cyber Info Sharing Bill Coming, Says Senate Intel Chair Warner « Breaking Defense (Defense industry news, analysis and commentary)
- House Solarium Commission Members Press for More CISA Funding (Nextgov)
- Cybersecurity roundup: U.S. agencies warn of Russian hacks, Australian hospitals struggle to get back online (Healthcare IT News)
- Russia accelerates its de-dollarization policy, chooses to settle exports in euro over dollar (Kitco News)
Date 2021-04-27
- Report: Russia 'likely' kept access to US networks after SolarWinds hack (Çukute)
- CISA warns of credential theft via SolarWinds and PulseSecure VPN (Public News)
- CISA warns of theft of credentials via SolarWinds and PulseSecure VPN
- http.title:solarwinds http.favicon.hash:-1776962843 (Shodan Search)
- SolarWinds hack and security - What is a software bill of materials? (JAXenter)
- SolarWinds, Microsoft Hacks Prompt Focus on Zero-Trust Security (WSJ)
- 'Cock.li' Admin Says He's Not Surprised Russian Intelligence Uses His Site
- Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders (CISA)
- Major US breaches, SolarWinds, prompts focus on zero trust model
- Another top VPN is reportedly being used to spread SolarWinds hack (TechRadar)
- New bill would task CISA with infrastructure risk assessments - (FCW)
- Lawmakers call for increasing the budget of key federal cybersecurity agency (hill)
- Before SolarWinds, US officials say SVR began stealthily targeting cloud services in 2018
Date 2021-04-26
- Top White House cyber official says action taken so far not enough to deter further Russia cyberattacks (CNNPolitics)
- SolarWinds executive explains their ‘security by design’ concept (TahawulTech.com)
- Researchers Find Additional Infrastructure Used By SolarWinds Hackers
- New analysis uncovers extensive SolarWinds attack infrastructure (TechRadar)
- SolarWinds hacking campaign puts Microsoft in the hot seat (Columbia Basin Herald)
- The SolarWinds Sunburst Attack: How to Protect Yourself from 5th Generation Cyberattacks (Secure Ops)
- Microsoft in the hot seat due to SolarWinds hacking campaign (Compsmag)
- Two sources close to the SolarWinds breach investigation say Russian intelligence agency SVR hackers are likely still maintaining access to U.S. networks (CNN) (Inverse Zone)
- Exclusive: Sources familiar with the investigation of SolarWinds breach say hackers from Russia's SVR intelligence agency likely still maintain access to US networks (CNN) (Last Bulletin)
- CISA warns of credential theft via SolarWinds and PulseSecure VPN (VentureBeat)
- Report: Russia 'likely' kept access to US networks after SolarWinds hack
- Report: Russia 'likely' kept access to US networks after SolarWinds hack
- Report: Russia 'likely' kept access to US networks after SolarWinds hack (Engadget)
- Report: Russia likely retained access to US network after SolarWinds hack (News Chant USA)
- Report: Russia 'likely' kept access to US networks after SolarWinds hack (My Droll)
Date 2021-04-25
- Senators introduce legislation to protect critical infrastructure against attack (hill)
- SOLARWINDS INVESTIGATION INITIATED by Former Louisiana Attorney General: Kahn Swick & Foti, LLC Investigates the Officers and Directors of SolarWinds Corporation (SWI)
- SOLARWINDS INVESTIGATION INITIATED by Former Louisiana Attorney General: Kahn Swick & Foti, LLC Investigates the Officers and Directors of SolarWinds Corporation - SWI (bizwire)
- SUPERNOVA malware discovered on SolarWinds Orion server (Malware Devil)
- Federal CISO DeRusha Cites SolarWinds Response as Promising ‘Use Case’ (MeriTalk)
- Top White House cyber official says action taken so far not enou (WENY News)
Date 2021-04-24
- cyber.dhs.gov - Emergency Directive 21 (03: pulse secure)
- Russian Cyber Threat Defense – Now and Looking Forward (secblvd)
- USA: Would CMMC have prevented SolarWinds? | Insights (DataGuidance)
- SolarWinds Hack Imparted Lessons to Work Across Silos and Not ‘Victim Blame,’ Says Federal CISO (Homeland Security Today)
- HAFNIUM Exploits Live On (secblvd)
- More SolarWinds command and control hacking servers found - Security (iTnews)
- The SolarWinds Attack: The Story Behind The Hack » RJR Empires
- Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion (Times News Express)
- Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion
- When a Ripple Becomes a Wave: Cyberattack Fallout (secblvd)
- U.S. Announces Sweeping New Sanctions Targeting Russia (Cozen O'Connor - JDSupra)
- Researchers shed more light on APT29 activity during SolarWinds attacks (Fuentitech)
- The Cybersecurity 202: Biden's pick for White House cyber director wants to see better relationship building with the private sector (wapo)
- New analysis uncovers extensive SolarWinds attack infrastructure (TechRadar)
- APT abused Pulse Secure, SolarWinds appliances to plant Supernova webshell on enterprise network
- Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion (IT Security News)
- Supernova Attack Leveraged SolarWinds, Pulse Secure
- CISA Discovers Advanced Malware In VPN Device (Potomac Officers Club)
- CISA Finds New Attacker Using Supernova Malware on SolarWinds Orion (Decipher)
- Analysts Uncover More Servers Used in SolarWinds Attack
- Hackers exploit SolarWinds, Pulse Secure for credential theft: Feds - Security (CRN Australia)
- SolarWinds hacking campaign puts Microsoft in the hot seat
- SolarWinds hacking campaign puts Microsoft in the hot seat (WFTV)
- Supernova Attack Leveraged SolarWinds, Pulse Secure
- Researchers Find New Chunk of SolarWinds Attackers' Infrastructure (Decipher)
- Supernova Malware Actors Masqueraded as Remote ...
- New analysis uncovers extensive SolarWinds attack infrastructure (TechRadar)
Date 2021-04-23
- SolarWinds: Illuminating the Hidden Patterns That Advance the Story (RiskIQ)
- SolarWinds: Advancing the Story (RiskIQ Community Edition)
- Research Uncovers New Command Servers Used in SolarWinds Campaign (Zero Day)
- House Passes State Department Cybersecurity Legislation (KMJ-AF1)
- Democracy in The Daily: Russia against the West (The Tufts Daily)
- New cyber (hardening mandates may be coming for defense firms)
- Biden Administration Announces Expansion Of Sanctions Against Russia And Signals Potential Additional Restrictions Following SolarWinds Cyber-Attack - International Law (United States)
- Ex-Sen. Saxby Chambliss lobbying for SolarWinds (LegiStorm)
- U.S. takes steps to protect electric system from cyberattacks (Chattanooga Times Free Press)
- CISA Identifies SUPERNOVA Malware During Incident Response (CISA)
- Sanctioned Firm Accused of Helping Russian Intelligence Was Part of Microsoft’s Early Vuln Access Program — MAPP (Zero Day)
- Researchers shed more light on APT29 activity during SolarWinds attack
- Ex-NSA top lawyer: Here's how to block next SolarWinds mega hack (The Jerusalem Post)
- SolarWinds juggles stakeholders involved in response, recovery to level out business (Cybersecurity Dive)
- Cybersecurity expert: If you use SolarWinds, they got you (POWERGRID International)
- CISA Ties SUPERNOVA Malware to Pulse Secure, SolarWinds Exploits
- Analysts Estimate SolarWinds (SWI) to Report a Decline in Earnings: What to Look Out for
- Hackers Exploit SolarWinds, Pulse Secure For Credential Theft: Feds
- Why indict foreign cyber operators? IoT security regulation in the UK. Anti (ransomware measures and surveillance limitations in the US.)
- US agencies assess Pulse Secure VPN exploitation. New Sunburst infestation found. Facebook shuts down Paletinian spy groups.
- Cisco CEO Chuck Robbins: Moving To The Cloud Alone Isn’t A Security Cure (All)
Date 2021-04-22
- White House 'Stands Down' SolarWinds, Exchange Response Groups
- Biden Administration Ratchets Up Russia Sanctions (Michael Volkov - JDSupra)
- White House Scales Back Response to SolarWinds & ...
- White House Winds Down SolarWinds, Exchange Cyber Teams « Breaking Defense (Defense industry news, analysis and commentary)
- DISA and JFHQ-DODIN's Orchestrated Response to SolarWinds (SIGNAL Magazine)
- The SolarWinds Attack: The Story Behind The Hack (Delaware First Media)
- UK and US call out Russia for SolarWinds compromise
- Russia’s Positive Technologies responds to US Treasury sanctions. US Government stands down its SolarWinds and Microsoft Exchange task forces. FCC security priorities charted.
- House passes legislation to elevate cybersecurity at the State Department (hill)
- The Danger of Treating SolarWinds as a Russia Cyber Attack
- SolarWinds : New US Sanctions Targeting Russia's "Harmful Foreign Activities," Including Restrictions On Dealings In Russian Sovereign Debt (MarketScreener)
- Biden administration sanctions Russia over 2020 election interference, SolarWinds hack (FoxBiz)
- Nakasone deflects senators' invitations to seek domestic spying powers - (Defense Systems)
- United States sanctions six Russian companies for aiding Russia's cyber (attacks against the US)
- Russia Sanctioned For Role In SolarWinds Supply Chain Attack (Alston & Bird - JDSupra)
- New cyber (hardening mandates may be coming for defense firms)
- SUNBURST: Reflections to Secure By (secblvd)
- In Tit-For (Tat Move, Russia Expels 10 U.S. Embassy Workers In Moscow)
- Former SolarWinds CEO Kevin Thompson to be the new CEO of Tricentis, a Mountain View software test company (Silicon Valley Business Journal)
- Russia Sanctioned For Role In SolarWinds Supply Chain Attack (Alston & Bird Privacy, Cyber & Data Strategy Blog)
- SolarWinds security chief: ‘We ran a pretty good shop’ (The Record by Recorded Future)
Date 2021-04-21
- White House stands down groups tackling SolarWinds, Microsoft Exchange - (FCW)
- Russia sanctioned over SolarWinds, election interference -- even as cyber espionage continues - (GCN)
- SolarWinds: A Catalyst for Change & a Cry for ...
- What Hack? Top SolarWinds Executives Made $65 Million Last Year
- Positive Technologies denies involvement in SolarWinds attack (TechRadar)
- SolarWinds affair. Russia expels US, Polish diplomats in counterretaliation. Codecov compromise. Big data gangs.
- Great Power Cyber Party (War on the Rocks)
- Malware Wants to Phone Home. Trinity Cyber Doesn’t Try to Block It
- President Biden Signs New Executive Order Escalating US Sanctions Against Russia (WilmerHale - JDSupra)
- US Senator Mark Warner calls for urgent transatlantic cooperation on cybersecurity (POLITICO)
- Investigation announced for Long (Term Investors in shares)
- Cyberattacks and Security Breach Disclosures: U.S. Federal Law Coming? (MSSP Alert)
- Statement by Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger on SolarWinds and Microsoft Exchange Incidents (The White House)
- Supply chain risk: Addressing a multitude of single points of failure - (FCW)
- UK, US say Russian hackers carried out SolarWinds attack
- The SolarWinds Breach and CMMC - What’s the Impact? (Pivot Point Security)
- The Biden Administration has officially responded to the SolarWinds attack! by Nick Espinosa | Security Fanatics (Free Listening on SoundCloud)
- SolarWinds hacking campaign puts Microsoft in the hot seat
- solarwinds stock price chart (Unese.campusquotient.org)
- Utility Regulator Says SolarWinds Backdoor Was Downloaded by 1/4 of Electric Utilities on the North American Power Grid (CPO Magazine)
- Russia Will Expel 10 Diplomats In Response To US Sanctions (Law360)
- The SolarWinds Attack: The Story Behind The Hack : NPR
- Exploring three more serious flaws in SolarWinds Orion products (TechNative)
- SolarWinds (NYSE:SWI) Upgraded at Zacks Investment Research (MarketBeat)
- A new direction in response to cyberespionage? Co (opting criminal gangs as instruments of state policy.)
- Sun starts to set on SolarWinds attack as White House scales back efforts (Windows Central)
- SolarWinds cyberattack: How SolarWinds cyberattack forced US to sanction Russia, Telecom News, ET Telecom
- From the attack on Alexei Navalny to SolarWinds hack, every Russian move under scrutiny as NATO Allies support US action plan on Russia's 'destabilising activities' (IBTimes India)
- Feds Find More Malware Tied to SolarWinds Supply Chain Compromise
- Biden Administration Imposes Sanctions on Russia for SolarWinds (Schneier)
- White House stands down SolarWinds, Microsoft Exchange cyber response groups - (GCN)
- 5 signs a trucking company has been hacked (Commercial Carrier Journal)
Date 2021-04-20
- United States imposes sanctions on Russia for SolarWinds Cyber Attack
- U.S. sanctions Russian government, security company for SolarWinds violations, election interference (Eminetra New Zealand)
- Company officials, victims, experts, and intel officials discuss the SolarWinds hack, which successfully compromised ~100 companies and a dozen govt. agencies (Dina Temple-Raston/NPR) (The Global Valley)
- Samir on Twitter: "if you see an instance of dwDrvInst.exe (unsigned by Solarwinds) running with cmdline like "smartcard -install" that could be a sign of successful RCE exploitation of CVE-2019 (3980 https://t.co/FyZvQ2IYVj https://t.co/8OIarbbqeQ" / Twit)
- Increasing Demand of Database Monitoring Software Market 2027 (Datadog,Solarwinds,PRTG Network Monitor – The Courier)
- Poland supports allies' response to aggressive politics of Russia (The First News)
Date 2021-04-19
- OODA Loop (Cyber Retaliation Needs to Be Decisive, Swift, and Meaningful)
- Swinburne University confirms over 5,000 individuals affected in data breach (Bestgamingpro)
- SolarWinds : Russia Russia Russia! The Biden Administration Imposes Tough Sanctions On Russia (MarketScreener)
- In Punishing Russia for SolarWinds, Biden Upends U.S. Convention on Cyber Espionage
- Some White House Officials Reportedly Asked Biden Not to Tie New Sanctions to SolarWinds Hack (Sputnik)
- Biden agencies could find key lawmakers in accord on hack-attack alerts (Newsday)
- US imposes sanctions on Russia over cyber (attacks)
- SolarWinds hacking campaign puts Microsoft in hot seat (News, Sports, Jobs - Tribune Chronicle)
- Australia: Cyber insurance adoption rates see steady increases
- SolarWinds execs earned US$65M in 2020 despite hack - Security (CRN Australia)
Date 2021-04-18
- U.S. Fingers Putin’s Cozy Bear for SolarWinds Attacks (secblvd)
- Days after sanctions, House to vote again on Cyber Diplomacy Act - (FCW)
- US expels Russian diplomats, imposes sanctions for hacking
- SolarWinds cyber strike: Russia did it, say US and UK (Attivo Networks)
- SolarWinds hacking campaign puts Microsoft in the hot seat
- Sanctioned Russian IT firm was partner with Microsoft, IBM
- SolarWinds compromise attributed to Russian state actor (Beehive.govt.nz)
- White House blames Russian spy agency SVR for SolarWinds hack: statement (95 KQDS)
- CISA and CNMF Analysis of SolarWinds (related Malware)
- VirusTotal Community profile for CYBERCOM_Malware_Alert (VirusTotal)
- Russia blocks key Biden Cabinet officials from entering in retaliation for sanctions (hill)
- Holding Russia To Account (U.S. Embassy in Georgia)
- Australian Government Blames Russia For SolarWinds Cyber Attack
- US Pulls Back Curtain on Russian Cyber Operations
- Ep 31 - SolarWinds Hack | Modern Day Apocrypha | Podcasts on Audible (Audible.com)
- Russia objects to US sanctions; US gets UK, EU support. Vaccine cold chain remains a target. Iran says Natanz back in business.
- Russia sanctions eight US officials and expels diplomats in reta - Erie News Now (WICU and WSEE in Erie, PA)
- Russian SVR Behind the SolarWinds Hack, According to U.S. Government
- 6 out of 11 EU agencies running Solarwinds Orion software were hackedSecurity Affairs
- Russia to expel 10 US diplomats in 'tit-for-tat response' to Biden sanctions | National (pdclarion.com)
- Russia: UK exposes Russian involvement in SolarWinds cyber compromise (UK Government) (CompanyNewsHQ)
- US attributes SolarWinds campaign to Russia's SVR and calls out Russian disinformation shops. New APT34 activity.
- It was Russia wot did it: SolarWinds hack was done by Kremlin’s APT29 crew, say UK and US (Cyber Security Review)
- It was Russia wot did it: SolarWinds hack was done by Kremlin's APT29 crew, say UK and US (Register)
- Kaspersky Lab autopsies evidence on SolarWinds hack (Register)
- Russia Retaliates Against Biden's New Sanctions, Expelling 10 U.S. Diplomats (KENW)
- Biden's CISA Cybersecurity Budget Proposal: $2.1B (MSSP Alert)
- Russian SVR blamed for SolarWinds supply chain compromise, cyber espionage action (Industrial Cyber)
- In Punishing Russia for SolarWinds, Biden Upends U.S. Convention on Cyber Espionage (ADVFN)
- SolarWinds hacking campaign puts Microsoft in the hot seat (StarTribune)
- US Institutes Sanctions Against Russia Over SolarWinds Hack
- In Punishing Russia for SolarWinds, Biden Upends U.S. Convention on Cyber Espionage (WSJ)
- SolarWinds : Russia Russia Russia! The Biden Administration Imposes Tough Sanctions On Russia (MarketScreener)
- NSA: 5 Security Bugs Under Active Nation-State Cyberattack (tpost)
- Biden Administration Issues Russian Sanctions in Response to SolarWinds
- SolarWinds hacking campaign puts Microsoft in the hot seat (ABC News)
- Solarwinds, Inc. (NYSE:SWI) - White House Holds Russia's SVR Responsible For SolarWinds Cyber Hack: Reuters (Benzinga)
- Russia announces expulsion of 10 U.S. diplomats and ban some U.S. officials (Sandhills Express)
- The Story of the SolarWinds Hack (Hacker News)
- Macron says international community must draw “clear red lines” with Russia (Sandhills Express)
- Russia expels 10 US diplomats as part of retaliation for sanctions
Date 2021-04-17
- Russia Solarwinds hack sanctions announced (wtsp.com)
- Biden: U.S. 'could have gone further' in sanctions on Russia
- U.S. set to slap new sanctions on Russian officials as soon as Thursday -sources (The Star Phoenix)
- Biden to sanction Russian authorities for massive SolarWinds hack (Biden administration - Eminetra)
- Official: Biden administration set to announce new sanctions against Russia for SolarWinds hack, election interference | National News (newsadvance.com)
- Biden announces sweeping new sanctions against Russia (CBS News)
- US is expected to sanction Russia and expel Russian officials in response to hacks and election interference | (kctv5.com)
- Biden's sanctions against Russia demands diplomats leave tomorrow - Raw Story (Celebrating 17 Years of Independent Journalism)
- White House sanctions Russia over SolarWinds campaign, election interference - (FCW)
- NERC finding 25% of utilities exposed to SolarWinds hack indicates growing ICS vulnerabilities, analysts say (Utility Dive)
- Pentagon believes it escaped unscathed from SolarWinds, Microsoft hacks (FRN)
- Lesson From SolarWinds: Cyberattacks Have a Lingering Impact (IndustryWeek)
- EU's Borrell voices solidarity with US in SolarWinds hack
- U.S. Agencies: Russian SolarWinds Hackers Leveraging Five Older Vulnerabilities (My TechDecisions)
- Biden administration imposes new sanctions against Russia, expels 10 diplomats
- US hits Russia with sanctions following SolarWinds cyberattack (TechRadar)
- Sanctioning Russia for SolarWinds: What Normative Line Did Russia Cross? (Lawfare)
- US expels Russian diplomats, imposes new sanctions over SolarWinds hack, election interference
- Biden imposes new sanctions on Russia over SolarWinds hack, election interference (trib)
- SOLARWINDS INVESTIGATION INITIATED BY FORMER LOUISIANA ATTORNEY GENERAL: Kahn Swick & Foti, LLC Investigates the Officers and Directors of SolarWinds Corporation (SWI)
- White House blames Russian spy agency SVR for SolarWinds hack: statement (Reuters)
- U.S. set to sanction Russia over SolarWinds hack, election interference: reports (MarketWatch)
- Cybercriminals get bolder as impact from SolarWinds and ransomware grows (SiliconANGLE)
- US expels Russian diplomats and issues sanctions over SolarWinds hacking attack | News | DW (15.04.2021)
- US government strikes back at Kremlin for SolarWinds hack campaign (ars)
- Biden Boots 10 Russian Diplomats After SolarWinds Mega (Hack)
- Risch Addresses SolarWinds Sanctions, Underscores Cyberthreats from State Actors at Intelligence Hearing - Press Releases (James E Risch, U.S. Senator for Idaho)
- Official: Biden administration set to announce new sanctions against Russia for SolarWinds hack, election interference | Govt. & Politics (swvatoday.com)
- U.S. Sanctions Russia Over SolarWinds Cyberattack, Election Interference (MSSP Alert)
- Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks > National Security Agency Central Security Service > Article View
- If 25% of US utilities downloaded the malicious SolarWinds software, could the grid go down Ukraine-style? (Power Engineering)
- US Formally Attributes SolarWinds Attack to Russian ...
- SolarWinds Fallout: Are the Feds to Blame? (EE Times)
- US Cyber Command, DHS (CISA release Russian malware samples tied to SolarWinds compromise > U.S. Cyber Command > News)
- MAR-10327841-1.v1 – SUNSHUTTLE (CISA)
- Australia blames Russia for SolarWinds attack (InnovationAus)
- iTWire (US alleges Russia behind SolarWinds compromise, imposes curbs on six firms)
- SolarWinds compromise attributed to Russian state actor (Mirage News)
- Deutsche Welle: US expels Russian diplomats and issues sanctions over SolarWinds hacking attack (KyivPost - Ukraine's Global Voice)
- US expels 10 Russian diplomats, sanctions others for hack with Triangle connection (WRAL TechWire)
- Biden Sanctions Dozens Of Russians Over Hacking, Elections (Law360)
- Biden Sanctions Russia, Restricts Buying New Debt After Hacking
- US expels 10 Russian diplomats, imposes new sanctions in response to election interference and cyber hacks : The Tribune India
- Russia 'most acute threat' to national security, UK gov’t says
- West Virginia Sen. Joe Manchin stresses importance of improving cybersecurity practices | WDVM25 & DCW50 (Washington, DC)
- US institutes new Russia sanctions in response to SolarWinds hack (Sports Grind Entertainment)
- FACT SHEET: Imposing Costs for Harmful Foreign Activities by the Russian Government (The White House)
- US White House blames Russia’s foreign intelligence for cyberattack on SolarWinds software - World (TASS)
- Rubio: Biden Order on Russia a 'Legality' to Allow Action on SolarWinds (Newsmax.com)
- Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks (Homeland Security Today)
- Russian SVR Targets U.S. and Allied Networks
- Biden imposes new sanctions on Russia | National and World (dailylocal.com)
- Russia's SVR Spy Agency Calls U.S. Hack Allegations 'Nonsense': Ifax | Top News (US News)
- NATO to improve cyber defense in bid to boost alliance resilience
- US Gov sanctions Russia and expels 10 diplomats over SolarWinds hackSecurity Affairs
- US pins SolarWinds cyberattack on Russian intelligence agency (Washington Examiner)
- White House blames Russia's SVR agency for SolarWinds breachl (Seeking Alpha)
- US Sanctions on Russia Rewrite Cyberespionage's Rules (WIRED)
- Background Press Call by Senior Administration Officials on Russia (The White House)
- US imposes sanctions on Moscow, expels Russian diplomats (News24)
- EU’s Borrell voices solidarity with US in SolarWinds hack (wapo)
- SolarWinds: Russian intelligence behind major cyber attack, Raab reveals as US expels diplomats (The Independent)
- US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack
- SolarWinds Sanctions Far From Last Word On Russian Hacks (Law360)
- Figuring out SolarWinds hack as US sanctions Russia (Macau Business)
- How SolarWinds cyber (attack forced US to sanction Russia)
- Britain, United States accuse Russia of ‘Solar Winds’ cyber attack (Evening Standard)
- White House Names, Blames, Sanctions Russian Govt for Cyber, Election Assaults (MeriTalk)
- US names 6 Russian tech firms aiding govt hackers - Security (CRN Australia)
- Poland Expels Three Russian Diplomats In 'Solidarity' With U.S.
- Statement on Solar Winds Orion cyberattacks - Ministry of Foreign Affairs Republic of Poland (Gov.pl website)
- Furious Dominic Raab & US slam 'malicious' Russian 'CosyBear' hack attack which 'undermines democracy'
- UK and US call out Russia for SolarWinds compromise | National Cyber Security Centre (Official Press Release)
- White House formally blames Russian intelligence service SVR for SolarWinds hack (The Record by Recorded Future)
- US sanctions six tech firms for supporting Russian intelligence services
- US expels Russian diplomats, imposes sanctions for hacking
- Opinion (Biden is finally pivoting foreign policy to bigger threats - The Washington Post)
- Britain and United States accuse Russia of ‘Solar Winds’ cyber attack
- White House: Russians Behind SolarWinds and 5 More Technology Attacks
- More Countries Officially Blame Russia for SolarWinds Attack (SecurityWeek.Com)
- Biden blames and sanctions Russia for the massive SolarWinds hack (Vox)
- Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? (Krebs on Security)
- US blames Russia spies for SolarWinds hack | The Canberra Times (Canberra, ACT)
- Biden says sanctions against Russia are proportionate response: 'Now is the time to de-escalate' | US & World News (azfamily.com)
- The Biden Administration Just Accused A $1 Billion Russian Cybersecurity Company Of Recruiting Spies
- Biden’s Russia Strike Marks Shift in U.S. Cybersecurity Strategy
- White House Hints at ‘Hallmark’ of Expected Cybersecurity Order (MeriTalk)
- Biden imposes new sanctions on Russia | Tn Exchange (newspressnow.com)
- SolarWinds cyber strike: Russia did it, say US and UK
- Biden says he warned Putin he could have gone further on sweeping Russia sanctions (ABC7 San Francisco)
- SolarWinds: Accountability, Attribution, and Advancing the Ball
- SolarWinds Execs Earned $65M In 2020 Despite Huge Hack
- How Russia Used SolarWinds To Hack Microsoft, Intel, Pentagon, Other Networks : NPR
- Russia to expel 10 US diplomats in 'tit-for-tat response' to Biden sanctions | National (keysnews.com)
- H-ISAC Supply (Chain Insights Aim to Prevent Next SolarWinds Cyberattack)
- Russia Expels 10 U.S. Diplomats in Limited Sanctions Response (Bloomberg)
- US Issues Russian SVR Warning (Infosecurity Magazine)
- Himes: Biden didn’t show Putin “strong hand,” says cyber offensive is needed (CTInsider.com)
- US imposes new sanctions on Russia, expels 10 diplomats : The Tribune India
- SolarWinds hack affected six EU agencies (The Record by Recorded Future)
- Foreign Intelligence Service of the Russian Federation
- NATO - News: North Atlantic Council Statement following the announcement by the United States of actions with regard to Russia, 15-Apr. (2021)
- Snort Blog: Snort rule update for April 15, 2021
- US government strikes back at Kremlin for SolarWinds hack campaign (ars)
- US Sanctions Russia Over SolarWinds Attack, Election Meddling
- Attribution of cyber incident to Russia (Australian Minister for Foreign Affairs, Minister for Women)
- White House Blames Russian Foreign Intelligence for SolarWinds, Imposes Sanctions on Rival Nation (HOTforSecurity)
- Experts On Russia Being Held Accountable For SolarWinds (Information Security Buzz)
- US sanctions Russian government, security firms for SolarWinds breach, election interference (CSO Online)
- Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? (secblvd)
- Biden team’s tall task: Building cyber defenses against Russia, China (CSMonitor.com)
- GOP lawmakers say something important missing from Biden’s Russia sanctions (Washington Examiner)
- How SolarWinds’ Approach to Cybersecurity Made It Vulnerable to an Attack (TTI)
Date 2021-04-16
- Biden’s decision: How hard to punch back at Putin's hackers (POLITICO)
Date 2021-04-15
- U.S. intelligence community details destructive cyber capabilities, growing influence threats
- SolarWinds says dealing with hack fallout cost at least $18 million | 1450 AM 99.7 FM WHTC (Holland)
- Experts see 'unprecedented' increase in hackers targeting electric grid (hill)
- IC warns that U.S. adversaries are ramping up cyber attacks - (FCW)
- SolarWinds says dealing with hack fallout cost at least $18 million | Y100 WNCY | Your Home For Country & Fun (Green Bay, WI)
- STRATEGIC THREAT INTELLIGENCE: PREPARING FOR THE NEXT “SOLARWINDS” EVENT
- Biden Warns Putin Over Hacking But Proposes Summit in a Call (2)
- Hundreds of electric utilities downloaded SolarWinds backdoor, regulator says (CyberScoop)
- SolarWinds says hack fallout cost at least $23.5 million - Security (iTnews)
- SolarWinds says dealing with hack fallout cost at least US$18m, Technology (THE BUSINESS TIMES)
- SolarWinds spends $18 mn in 3 months after cyber attack (InfotechLead)
- NERC Says 375 Electricity Providers Installed the Laced SolarWinds Update (TechNadu)
- Digital Detectives: Occam’s Razor — A SolarWinds Perspective for Law Firms on Apple Podcasts
- Sunburst Hack Costs SolarWinds At Least $18M (CFO)
- SolarWinds says dealing with hack fallout cost at least US$18 million - Security (CRN Australia)
- Protecting The Integrity Of The Software Factory
- Cyber Cartels Are Committing Modern Bank Heists (Barron's)
- White House Names National Cyber Director, CISA Chief (FedTech Magazine)
- Where VCs Are Putting Their Money As Cybersecurity Funding Hits Record High (Crunchbase News)
- Senators Push for Changes in Wake of SolarWinds Attack
- U.S. spy chiefs warn of ‘unparalleled’ China threat in return to Congress | The Mighty 790 KFGO (KFGO)
- Biden to Name Morgan Stanley’s Easterly as CISA Head
- Misuse of X.509 Certificates & Keys Involved in SolarWinds Attack
- SolarWinds says dealing with hack fallout cost at least $18 million (The Hindu)
- U.S. Poised to Impose Russia Sanctions Over Election, SolarWinds (Bloomberg)
- Hillicon Valley: Intel leaders push for breach notification law | Coinbase goes public (hill)
- US spy chiefs to warn of threats from SolarWinds to North Korea (Maju Saham)
Date 2021-04-14
- Former DHS Secretary Details SolarWinds Hackers’ Access to His Email (Nextgov)
- Biden names 2 ex (NSA officials for senior cyber positions)
- The Anatomy of the SolarWinds Attack: A CyberArk Labs Perspective
- SolarWinds and Microsoft Exchange: Hacks Wrapped in a Cybersecurity Dilemma Inside a Cyberspace Crisis (Georgetown Journal of International Affairs)
- SolarWinds and Cozy Bears: How Russian Hackers Compromised the U.S. Government and How We Can Reduce the Chances of It Happening Again (Ricochet)
- Ex-DHS chief confirms suspected Russian hackers targeted his email account (CyberScoop)
- Spy Chiefs to Warn of Threats From SolarWinds to North Korea (Bloomberg)
- ‘They knew I was running late to meetings’: Former DHS chief on reports that SolarWinds hackers targeted his emails (The Record by Recorded Future)
- Biden names 2 ex (NSA officials for senior cyber positions)
- What You Need to Know about the Cyber (Espionage Attack Linked to Russia)
- Biden Warns Putin Over Hacking But Proposes Summit in a Call (Bloomberg)
- Former DHS Leader Shares Details on SolarWinds Attack
- White House announces CISA, national cyber directors (Utility Dive)
- TIA, CTIA, NAB press Biden to let industry lead on telecom security (FierceTelecom)
- Satya Nadella: SolarWinds Hack Underscores Need For ‘Moving To The Cloud’
Date 2021-04-13
- City of Tampa among 18,000 targets of SolarWinds hack; exposing government data, personal info - Tampa, Florida (Eminetra)
- Biden Needs To Respond To Russia Hacking (Technology Times)
- Satya Nadella: SolarWinds Hack Underscores Need For ‘Moving To The Cloud’
- Biden's cybersecurity dream team takes shape
- Biden will name cybersecurity agency head after Russian hackers accessed government accounts (Daily Mail Online)
Date 2021-04-12
- Biden Seeks to Boost CISA's Budget by $110 Million
- SolarWinds Hack — New Evidence Suggests Potential Links to Chinese Hackers (The Cyber Post)
- FireEye, Microsoft create kill switch for SolarWinds backdoor
- After high profile hacks hit federal agencies, CISA demands drastic SolarWinds mitigation (scmedia)
- Massive hack of US government launches search for answers as Russia named top suspect
- Russian hack into Treasury, Commerce, DHS raises federal alarms (Axios)
- Mitigating Cloud Supply-chain Risk: Office 365 and Azure Exploited in Massive U.S. Government Hack (CipherCloud)
- In wake of giant software hacks, defenders & dev teams must fix AppSec
- Fed Chairman Jerome Powell: The 2021 60 Minutes Interview (CBS News)
- SOLARWINDS INVESTIGATION INITIATED BY FORMER LOUISIANA ATTORNEY GENERAL: Kahn Swick & Foti, LLC Investigates the Officers and Directors of SolarWinds Corporation - SWI (NY Press News)
Date 2021-04-11
- Audit of DoD Actions Taken to Protect DoD Information Network Resulting From the SolarWinds Orion Compromise
- Understanding the Results of the Audit of the DoD FY 2020 Financial Statements > Department of Defense Office of Inspector General > DoD OIG Reports
- Biden Needs to Respond to Russian Hacking
- SolarWinds Pingdom vs. Rigor Monitoring & Optimization vs. germainAPM Comparison
- Biden Looks To Up Cybersecurity Spending With Budget Plan (Law360)
- SolarWinds Cyberattack: Lessons Learned
- The long tail of the SolarWinds breach (Axios)
- The U.S. Government Needs to Overhaul Cybersecurity. Here’s How. (secblvd)
Date 2021-04-10
- Top Biden cyber official: SolarWinds breach could turn from spying to destruction 'in a moment'
- Russia prepares US sanctions due to Alexei Navalny jailing, Solarwinds hack and election meddling (Daily Mail Online)
- Lavrov says US policy towards Russia is 'dumb,' ineffective (StarTribune)
- Why the U.S. Shouldn’t Play Games With Cyberwarfare as Its Power Declines
- Biden administration sets the stage for retaliation against Russia over SolarWinds, election interference: report (Business Insider India)
- US May Expel Russian Diplomats, Impose New Sanctions: Media - Other Media news (Tasnim News Agency)
- SolarWinds bolsters cybersecurity in wake of hack (Business Insurance)
- Top Biden cyber official: SolarWinds breach could turn from spying to destruction 'in a moment' (Democratic Underground)
- Biden weighs retaliation against Russia for SolarWinds, election interference (KOMO)
- AP sources: SolarWinds hack got emails of top DHS officials
- Russia's top diplomat: US policy toward Moscow is 'dumb' (hill)
- Long (Term SolarWinds Investors Who Have Held Their Stock Continuously Since September 2019 Encouraged To Contact Kehoe Law Firm, P.C.)
- Russia prepares US sanctions due to Alexei Navalny jailing, Solarwinds hack and election meddling (Internewscast)
- Federal watchdog investigating State Department cybersecurity pr (WENY News)
- Biden administration sets the stage for retaliation against Russia over SolarWinds, election interference: report
- The SolarWinds hack timeline: Who knew what, and when?
- Biden weighs retaliation against Russia for SolarWinds, election interference (WKRC)
- Biden Eyes Russia Retaliation After Meddling, Hacking Review (Bloomberg)
- Viewpoint: Preventing the next SolarWinds breach calls for rapid training and education (Baltimore Business Journal)
- DHS CISA Shares SolarWinds Post (Threat Compromise Activity Tool)
- Releases · cisagov/Sparrow (GitHub)
- Investors Could Be Concerned With SolarWinds' (NYSE:SWI) Returns On Capital (Simply Wall St News)
- The U.S. Government Needs to Overhaul Cybersecurity. Here’s How. (Lawfare)
- Biden budget request calls for major investments in cybersecurity, emerging technologies (hill)
- Renewed Concerns Raised on Agency Cybersecurity
- Cyber Cases May Offer Clues to SEC ESG Enforcement
- Biden FY22 Budget Request Seeks $500M for TMF, $750M ‘Reserve’ for IT Fixes (MeriTalk)
- CISA Launches New Threat Detection Dashboard
- Using Aviary to Analyze Post-Compromise Threat Activity in M365 Environments (CISA)
- Biden Needs to Get Serious About Russian Hacking (Bloomberg)
- White House preps new requirements for industrial control system security - (GCN)
- What the Titans of Industry Reveal about SolarWinds Attack (secblvd)
- White House asks for additional $110 million in CISA funding to address cyber threats (CyberScoop)
Date 2021-04-09
- Senators press for more on SolarWinds hack after AP report
- Senators Press for Details on SolarWinds Hack (Manufacturing Business Technology)
- Biden Eyes Russia Retaliation for SolarWinds, Election Meddling: Report
- Supply‑chain attacks: When trust goes wrong, try hope? (WeLiveSecurity)
- Should cyberwar be met with physical force? Moral philosophy can help us decide
- After A Major Hack, U.S. Looks To Fix A Cyber 'Blind Spot' (Georgia Public Broadcasting)
- SolarWinds TechPod: Secure by Design (Securing the Supply Chain)
- The Need for Zero Trust Workload Protection (secblvd)
- Experts fear that Biden’s cybersecurity executive order will repeat mistakes of the past (CSO Online)
- 4 things you can do to minimize cyberattacks on supply and value chains (Help Net Security)
- SolarWinds Pingdom vs. RapidSpike vs. SpyCloud Comparison
- Long (Term SolarWinds Investors Who Have Held Their Stock Continuously Since September 2019 Encouraged To Contact Kehoe Law Firm, P.C.)
- Nation-state cyber attacks could lead to cyber conflict (TechRepublic)
- SolarWinds just keeps getting worse: New strain of backdoor malware found in probe (Register)
Date 2021-04-08
- Senators press for more details on scope of SolarWinds hack (MarketWatch)
- Senators seek details on Einstein's performance and limitations - (FCW)
- Former CISA chief cautions on push for national cyber director - (Defense Systems)
- Debate: How Should the US Respond to the SolarWinds Breach? (Russia Matters)
- Why Didn't Government Detect SolarWinds Attack?
- Long (Term SolarWinds Investors Who Have Held Their Stock Continuously Since September 2019 Encouraged To Contact Kehoe Law Firm, P.C.)
Date 2021-04-07
- Russia Suspected of Stealing Thousands of State Department Emails (Homeland Security Today)
- Examining the SolarWinds/Holiday Bear Hack (Columbia SIPA)
- European Institutions Were Targeted in a Cyber-Attack Last Week (BNN Bloomberg)
- Minority Media | Homeland Security & Governmental Affairs Committee (Homeland Security & Governmental Affairs Committee)
- Senators want federal government to take accountability for SolarWinds hack (Washington Times)
- The SolarWinds hack timeline: Who knew what, and when? (CSO Online)
- Top Homeland Security Senators Want Details on Agencies Hit in SolarWinds, Microsoft Intrusions (Nextgov)
- IG: Cybersecurity Weaknesses Persist in US Energy Dept.
- The SolarWinds hack timeline: Who knew what, and when? (Reseller News)
- Senators press for more on SolarWinds hack after AP report
- Senators press for more on SolarWinds hack after AP report | Govt-and-politics (tulsaworld.com)
Date 2021-04-06
- Veterans Affairs Officials Blow Off Briefing on SolarWinds Hack
- Microsoft exec Brad Smith praises FireEye in SolarWinds hack testimony
- Security Council Reveals Russia behind SolarWinds hack not China (WaZoBia9ja)
- Carriers growing increasingly skittish after major cyber incidents (Insurance Business)
- Supply chain attacks: what we know about the SolarWinds ‘Sunburst’ exploit, and why it still matters (Check Point Software)
- President Biden’s new executive order could oblige software vendors to tell Uncle Sam about security breaches (The Daily Swig)
- Supply Chain Hackers Strike Hard at Government Entities
- US government to respond to SolarWinds hackers in weeks - Security (iTnews)
- Infamous Solarwinds attack started with just two simple mistakes (ABC News)
- An update on the SolarWinds hack and data bre... (CBS News)
- An update on the SolarWinds hack and data breach (CBS News)
- Biden administration prepares to impose sanctions on Russia over Navalny poisoning and SolarWinds hack (CNNPolitics)
- White House Weighs New Cybersecurity Approach After Failure to Detect Hacks (nyt)
Date 2021-04-05
- Russian hackers stole thousands of emails from US State Department: Report
Date 2021-04-04
- DOE Watchdog Detailed Its Cybersecurity State Amid SolarWinds Hack (Nextgov)
- Russian SolarWinds hackers were so ‘sophisticated’ that they even targeted DHS cybersecurity experts (Alternet.org)
- Hunting the hunters: How Russian hackers targeted US cyber first responders in SolarWinds breach
- US looks to keep critical sectors safe from cyberattacks | Election Hq (fox5vegas.com)
- After hack, officials draw attention to supply chain threats
- SolarWinds supply chain breach threatens government agencies and enterprises worldwide (ScienceDirect)
Date 2021-04-03
- Senators Ready to Give NSA More Domestic Power Over SolarWinds Hack (News From Antiwar.com)
- SolarWinds Hack Obtained Emails of Top U.S. Department of Homeland Security Officials (FISM TV)
- Homeland Security Orders Cyber ‘Sprints’ as Part of U.S. Plan Against Hacks
- DHS Secretary Previews Six ‘Sprints’ to Improve Federal Cybersecurity (MeriTalk)
- SolarWinds Hackers Accessed US Department of Homeland Security (DHS) officials
- Hunting the hunters: How Russian hackers targeted US cyber first (KAKE)
- DHS Secretary Outlines 60 (Day Cybersecurity Recovery Plan)
- As SolarWinds Announces More Patches, Analysts Offer Advice
- The Cybersecurity 202: DHS head seeks to quickly solve some major cybersecurity problems (wapo)
- DHS Secretary Outlines Biden Administration’s Cybersecurity Vision (Infosecurity Magazine)
- Hunting the hunters: How Russian hackers targeted US cyber first responders in SolarWinds breach (CNNPolitics)
- After hack, officials draw attention to supply chain threats - U.S. (Stripes)
- More Surveillance Isn’t the Answer to the SolarWinds Hack (EIN Presswire)
- Broken trust: Lessons from Sunburst (Atlantic Council)
Date 2021-04-02
- SolarWinds surprise: Department of Homeland Security emails leaked?
- SolarWinds hacker sneaks into Trump's top executive email (Texas News Today)
- Cybersecurity, browser security, SolarWinds (Homeland Security Newswire)
- SolarWinds Hackers Obtained Emails of Top US Department of Homeland Security Officials (Cyberintel Magazine)
- SolarWinds Attack Has Growing, Worsening Impact on Cybersecurity Pros
- Revelations About Securing Hybrid Cloud Environments Post-SolarWinds (secblvd)
- U.S. Launches Cyber ‘Sprints’ in the Wake of Nation-State Hacks (Bloomberg)
- When do cyber ops constitute "threats to use force?" Continuity in US cyber response. Questions about disclosure rules.
- The Emails of the Department of Homeland Security exposed
- SolarWinds cyberhack gained access to then (acting DHS chief’s emails: Sources – Illinois News Now)
- Top DHS Officials’ E-Mails Compromised in SolarWinds Hack, (Saudi Press)
- SolarWinds breach severity perception increasing over time (Help Net Security)
- USA to publish detailed analysis of SolarWinds hacking tools
- After SolarWinds, Lawmakers Want Companies to Come Clean About Cyberattacks
- Mayorkas pledges to modernize US cyber-defenses after their failure to detect alleged Russian spies (CyberScoop)
- Blackberry Jarvis
- The Fortune 500 Companies That Want To Be Hacked (The Tennessee Tribune)
- Russian hackers have once again been accused of carrying out cyber (attacks on the United States)
- Hearing | Hearings (United States Commitee on Armed Services)
- Mind the Gap: How the NSA might use SolarWinds campaign to do warrantless spying (Zero Day)
- SolarWinds Hack Shows Why We Need a National Cyber Director
- SolarWinds Hack Demonstrates Need for Cloud Security
- Cyber Daily: After SolarWinds, Lawmakers Want Companies to Come Clean About Hacks (State Department Emails Stolen)
- CISA Orders More Microsoft Exchange Checks in Hunt for Undetected Compromises (MeriTalk)
- cyber.dhs.gov - Emergency Directive 21 (02)
- Microsoft Safety Scanner Download - Windows security (Microsoft Docs)
- Russian FM says relations with West have 'hit the bottom' :: WRAL.com
- NSA Director Says More Domestic Surveillance Might Stop Foreign Hacking; Fails To Explain Why NSA Isn't Stopping Much Foreign Hacking (Techdirt)
- Analysts expect the worst if Biden doesn't turn his focus toward protecting the grid (WCTI)
- Biden's cyber executive order to include new rules for federal agencies, contractors
- SolarWinds breach severity perception increasing over time (IT Security News)
Date 2021-04-01
- Lessons of the SolarWinds hack
- SolarWinds cyberhack gained access to then-acting DHS chief's emails: Sources (ABC News)
- Atlantic Council: SolarWinds, Microsoft Hacks Reveal ‘Strategic Failure’ (MeriTalk)
- How SolarWinds Is Recovering and Sharing What It Has Learned Over The Last Three Months (My TechDecisions)
- SolarWinds attack makes us distrust the software we buy (TechRepublic)
- What Would Happen If States Started Looking at Cyber Operations as a “Threat” to Use Force? (Lawfare)
- News Briefs | (bedfordgazette.com)
- Expected breach disclosure mandates will test government-industry cooperation - (FCW)
- Zero Trust Security Is Essential for Neutralizing Supply Chain Attacks (TechBullion)
- SolarWinds Attack Makes Us Distrust The Software We Buy (NewsOpener)
- Oklahoma CISO says pandemic accelerated zero (trust implementation)
- Hillicon Valley: Officials say cyber executive order with 'a dozen' actions forthcoming | Epic Games submits Apple complaint to UK watchdog | Facebook's chief revenue officer to leave company (hill)
- Officials say executive order with 'a dozen' actions forthcoming after SolarWinds, Microsoft breaches (hill)
- Russia suspected of stealing thousands of State Department emails
- Head of Homeland Security had his email hacked in SolarWinds attack (IT PRO)
- SolarWinds Hackers Said to Have Accessed Emails of Top US Security Officials (NewsDeal)
- SolarWinds hacker accessed Homeland Security email (Texas News Today)
- Solarwinds, Inc. (NYSE:SWI), (CRWD) - SolarWinds Hackers Breached Homeland Security Officials Emails: Report (Benzinga)
- SolarWinds hack obtained emails of top U.S. Department of Homeland Security officials: AP (Reuters)
- AP report: SolarWinds hack obtained emails of top DHS officials (Techzine Europe)
- Email accounts of DHS members were compromised in the SolarWinds hackSecurity Affairs
- SolarWinds highlights "alarming" cyberattack trend (Insurance Business)
- Punitive Response to SolarWinds Would Be Misplaced, But Cyber Deterrence Still Matters (Russia Matters)
- US to publish details on suspected Russian hacking tools used in SolarWinds espionage
- SolarWinds Hack Affected Emails Of Homeland Security Leaders (Potomac Officers Club)
- Department of Homeland Security email accounts exposed in SolarWinds hack (Cyber Security Review)
- Russians suspected of 'stealing thousands of State Department emails' in latest hack targeting US (Daily Mail Online)
- ZDI-21-373 (Zero Day Initiative)
- Companies Must Report Hacks to U.S. Within Days in Draft Order (Bloomberg)
- Russian hackers stole thousands of State Department emails, reports claim (The Independent)
Date 2021-03-31
- SolarWinds Hackers Breached Homeland Security Officials Emails: Report
- NSA Opens Door to Domestic Internet Spying, Privacy Advocates Say
- Unencrypted | What is SolarWinds? Are updates still safe? (THE DEVIL STRIP)
- Cybersecurity Needs a New Alert System (WSJ)
- NIST Seeks Small Business to Help Develop Cybersecurity Standards (Nextgov)
- Putin calls on nations across world to create new ‘legally binding’ global cyberspace treaty, as hack attack row with US escalates — RT Russia & Former Soviet Union
- SolarWinds Breach Exposed 'Climate Change' Level of Threat to U.S. Cybersecurity: Experts (The Crime Report)
- Head of Homeland Security had his email hacked in SolarWinds attack (IT PRO)
- SolarWinds Attackers Accessed DHS Emails, Report (tpost)
- What We Know (and Don't Know) So Far About the ...
Date 2021-03-30
- AP sources: SolarWinds hack got emails of top DHS officials (StarTribune)
- AP Sources: SolarWinds Hack Got Emails of Top DHS Officials (NBC10 Philadelphia)
- US Vows Consequences for Russian Actions
- AP sources: SolarWinds hack got emails of top DHS officials (WTMJ)
- AP sources: SolarWinds hack got emails of top DHS officials (ConchoValleyHomepage.com)
- NIST SP 800 (172 release couldn’t come at a better time)
- SolarWinds hack obtained emails of top US Department of Homeland Security officials (AP)
- (ISC)2 Survey Finds Cybersecurity Professionals Have Increasing Level of Concern About SolarWinds Incident
- The Lawfare Podcast: The Generals vs. the Armed Services Committee with No Bull (Lawfare)
- Lawmakers Press Biden to Nominate Federal Cybersecurity Leader Now (MSSP Alert)
- SolarWinds Patches Four New Vulnerabilities in Their Orion Platform
- SolarWinds: Who’s to Blame? Going Beyond the Cloud (Credit Union Times)
- Biden faces few great options for SolarWinds, Exchange retaliation (POLITICO)
- CISA Builds Out Defensive Tools for Security Teams
- 'Small number' of DHS email accounts accessed during SolarWinds breach (FedScoop)
- Associated Press: SolarWinds hack got emails of top DHS officials (KyivPost - Ukraine's Global Voice)
- In wake of giant software hacks, defenders & dev teams must fix AppSec
- AP sources: SolarWinds hack got emails of top DHS officials | Govt-and-politics (tulsaworld.com)
- White House Weighs ‘Seen and Unseen’ Responses to Major Hack (Bloomberg)
- SolarWinds hack: US weighs ‘seen and unseen’ responses to major cyber attack (Hindustan Times)
- NSA Opens Door to Domestic Internet Spying, Privacy Advocates Say
Date 2021-03-29
- Raindrop Loader delivers Cobalt Strike; SolarWinds - AlienVault (Open Threat Exchange)
- Boards still aren’t taking cybersecurity seriously, warns new NCSC boss. That means everyone is at risk (Bestgamingpro)
- Cybersecurity Board Reform Blows Into Place For SolarWinds
- Opinion (The United States has a major hole in its cyberdefense. Here’s how to fix it. - The Washington Post)
- Biden's National Cyber Director Nominee Delayed Amid Turf Battle (Newsmax.com)
- Software vendors would have to disclose breaches to US - Security (CRN Australia)
- Biden Cyber Director Nominee Delayed Amid Turf Battle (News Talk WBAP-AM)
- iTWire (SolarWinds speaks out, and software dev can never be the same again)
- The cybersecurity problem we should really worry about (hill)
Date 2021-03-28
- Trend data on the SolarWinds Orion compromise
- SolarWinds CEO: Here’s What We’re Doing to Prevent Another Attack (SDxCentral)
- Shareholder Alert: Robbins LLP Reminds Shareholders it is Investigating SolarWinds Corporation (SWI)
- Time for cyber teams, not stovepipes: Telos' CEO tells Wall Street - (Washington Technology)
- SolarWinds, cyberattacks (Homeland Security Newswire)
- New, critical vulnerability discovered that could let attackers gain entry to SolarWinds systems (The Cyber Security News)
- New, critical vulnerability could give attackers access SolarWinds systems
- Solarwinds Orion Platform Has New Code Execution Flaws
- Shareholder Alert: Robbins LLP Reminds Shareholders it is Investigating SolarWinds Corporation (SWI) (bizwire)
- SolarWinds-Linked Attackers Target Microsoft 365 ... (PG-Intel)
- SolarWinds Experimenting With New Software Build ... (Go Decrypt)
- SolarWinds hack: the mystery of one of the biggest cyberattacks ever (CyberNews)
- SolarWinds Orion Platform < 2020.2.5 Multiple Vulnerabilities (Tenable®)
- New, critical vulnerability could give attackers access SolarWinds systems (PG-Intel)
- SolarWinds Experimenting With New Software Build ...
- SOLARWINDS INVESTIGATION INITIATED by Former Louisiana Attorney General: Kahn Swick & Foti, LLC Investigates the Officers and Directors of SolarWinds Corporation - SWI (bizwire)
- White House to Require Software Firms to Disclose Breaches to Government Customers
- New, critical vulnerability discovered that could let attackers gain entry to SolarWinds systems (TerabitWeb Blog)
- SOLARWINDS INVESTIGATION INITIATED by Former Louisiana Attorney General: Kahn Swick & Foti, LLC Investigates the Officers and Directors of SolarWinds Corporation (SWI)
- SolarWinds experimenting with new software builds … (Jioforme)
- SolarWinds Orion Update Fixes New Holes (ISSSource)
- Cybersecurity Board Reform Blows Into Place For SolarWinds
Date 2021-03-27
- The Cybersecurity 202: NSA director says intelligence has a big blind spot: domestic Internet activity (wapo)
- How an advanced architecture can dramatically mitigate massive data breaches - (GCN)
- Cyber Defense Triad For Where Security Matters | November 2016 (CACM)
- Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft (Reuters)
- New “CISO View” Survey on Zero Trust Highlights Credential Theft Trends for New Types of Identities (Odessa American: Business)
- NSA director says U.S. has a ‘blind spot’ for detecting attacks like SolarWinds, Microsoft Exchange (The Record by Recorded Future)
- Why the modern CISO should plan for greater Cybersecurity Regulations in the Biden Era (scmedia)
- EXCLUSIVE (Software vendors would have to disclose breaches ...)
- How the heck did US Intelligence miss SolarWinds AND Microsoft Exchange!? by Nick Espinosa (Security Fanatics)
- Fed Breach Disclosure Rule Planned After SolarWinds Hack: Report
- Biden executive order would force software vendors to disclose breaches (Seeking Alpha)
- SolarWinds Attack Illustrates Evolving Russian Cyber Tactics
- Bragar Eagel & Squire is Investigating Certain Officers and Directors of Zoom and SolarWinds Corporation on Behalf of Long (Term Stockholders and Encourages Investors to Contact the Firm)
- General says attacks by foreign hackers are 'clarion call' (StarTribune)
- Senators urge Energy chief to prioritize cybersecurity amid growing threats (hill)
- Why 2021 Is the Year for Zero Trust Security
- Biden Urged To Name National Cyber Czar Amid Breaches (Law360)
- Another Critical RCE Flaw Discovered in SolarWinds Orion Platform
- Another Critical RCE Flaw Discovered in SolarWinds Orion Platform (Times News Express)
- Another serious RCE flaw found on the SolarWinds Orion platform (Jioforme)
- What was so striking to Microsoft’s president about SolarWinds and Exchange Server attacks? (CyberNews)
- What Lessons Should We Learn From The Suspected Russian Hack Of SolarWinds And Other U.S. Agencies And Companies?
- Software vendors would have to disclose breaches to U.S. government users under new order (The Hindu)
- Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft (Reuters)
- Biden reportedly planning an executive order on cybersecurity breach notifications (SiliconANGLE)
- SolarWinds patches critical code execution bug in Orion Platform
- Solarwinds Orion Platform updates fix two remote code execution issuesSecurity Affairs
- Exec Order Could Force Software Vendors to Disclose ...
- Mimecast’s Forensic Investigation Found That SolarWinds Hackers Copied Limited Number of Source Code Repositories (CPO Magazine)
- Senators Offer to Let NSA Hunt Cyber Actors Inside the US (Defense One)
- Nakasone Warns Adversaries Hack Unseen In US « Breaking Defense (Defense industry news, analysis and commentary)
- U.S. military launched over 2 dozen cyber operations before 2020 election (Axios)
- NSA Chief Says Recent Hacks Expose Limits of U.S. Cyber Protections (WSJ)
- Agency Dealing With US Nuclear Reserves Hacked In SolarWinds Hack
- Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft (Reuters)
Date 2021-03-26
- Where's the accountability for Solarwinds? - (Defense Systems)
- ‘Accelerate change or lose’: Applying Gen. Brown’s action orders to cyberspace education and training
- King: Mandatory breach disclosure bill coming soon - (Defense Systems)
- The SolarWinds Senate hearing: 5 key takeaways for security admins (CSO Online)
- Swiss Firm Says It Accessed SolarWinds Attackers' Servers
- New Code Execution Flaws In Solarwinds Orion Platform (SecurityWeek.Com)
- US Response to SolarWinds Cyber Penetrations: A Good Defense Is the Best Offense (Russia Matters)
- Robert W. Baird Stick to Their Hold Rating for SolarWinds Corporation By Investing.com
- 'Trust no one' becomes cyber mantra after massive hacking attacks (The Japan Times)
- Impatient lawmakers press Biden for cyber director nominee - (FCW)
Date 2021-03-25
- Swiss Cyber Security Firm Says It Accessed Servers of a SolarWinds Hacking Group
- SolarWinds Attackers Manipulated OAuth App Certificates
- SolarWinds compromise leaves Senate questioning agency cyber defenses (Utility Dive)
- Biden ‘Will Cyberattack Putin’ (Because SolarWinds) (secblvd)
- Exchange Server updates. SolarWinds victim list "solidified." AFCEA and Shell disclose third (party breaches. MangaDex down.)
- NYSE: SWI Investors should contact the Shareholders Foundation in connection with the Lawsuit against SolarWinds Corporation
- Discussions About Mandated Cyber Incident Reporting Resurface After Nation-State Hacks (My TechDecisions)
- Swiss Cybersecurity Firm says it Accessed Servers of a SolarWinds Hacker
- CHIRP Tool to Detect SolarWinds Malicious Activity
- Swiss cybersecurity firm says it accessed servers of SolarWinds hacking group (The Bharat Express News)
- Acting CISA Director Considers List Of SolarWinds Victims To Be Complete (Potomac Officers Club)
Date 2021-03-24
- Three Vulnerabilities Exposed During SolarWinds Attack & How It Could Have Been Prevented (CPO Magazine)
- Does Microsoft share blame for the SolarWinds hack? (Computerworld)
- CISA head: Group of SolarWinds victims is 'solidified' - (FCW)
- US government calls for better information sharing in wake of SolarWinds, Exchange attacks (CSO Online)
- SilverFish: Swiss researchers identify threat actor with links to SolarWinds hack
- US plans 'aggressive' cyber offensive against Russia in retaliation for SolarWinds attack
- Swiss firm says it has accessed servers of a SolarWinds hacker that attacked 4,700 targets, Tech News News & Top Stories (The Straits Times)
- Researchers discover threat actors with links to SolarWinds hack (IT PRO)
- Swiss firm accesses servers of hacking group linked to SolarWinds breach, Tech News News & Top Stories (The Straits Times)
- The cybersecurity problem we should really worry about (hill)
- The ‘Frankencloud’ model is our biggest security risk (TechCrunch)
- Recent attacks may drive government’s zero trust adoption - (GCN)
- House Lawmakers Ask Agencies to Provide More Details on SolarWinds Hack
- Mimecast: SolarWinds Attackers Stole Source Code - Micro Focus Community (2864117)
Date 2021-03-23
- CISA releases CHIRP, a tool to detect SolarWinds malicious activitySecurity Affairs
- New malware uncovered by experts examining SolarWinds strike Blog (Galaxkey)
- CISA releases CHIRP, a tool to detect SolarWinds malicious activity (TerabitWeb Blog)
- SolarWinds remains 'rare story in software,' says Jefferies SWI (The Fly)
- Government Monitoring Won't Stop the Next SolarWinds Campaign, Experts Say (Zero Day)
Date 2021-03-22
- SolarWinds explainer
- Swiss Firm Says It Has Accessed Servers of a SolarWinds Hacker
- Using CHIRP to Detect Post-Compromise Threat Activity in On-Premises Environments (CISA)
- Biden under growing pressure to nominate cyber czar (hill)
Date 2021-03-21
- SolarWinds compromise leaves Senate questioning agency cyber defenses (Cybersecurity Dive)
- SolarWinds (Linked Attackers Target Microsoft 365 ...)
- Congress gives four agencies 10 days to report on SolarWinds damage (FRN)
- Burnt by SolarWinds attack? US releases tool for post-compromise detection (ZDNet)
- GitHub (cisagov/CHIRP: A forensic collection tool written in Python.)
- Interview: Sai Venkataraman, Co-Founder and CEO, SecurityAdvisor (Infosecurity Magazine)
- White House reviewing National Cyber Director role as Congress presses for governmentwide leadership (FRN)
- Agency hacks could accelerate push to zero trust security model - (FCW)
- CISA Releases New Tool To Scan For SolarWinds Compromise Activity (My TechDecisions)
- Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool (CISA)
- Here's what Chinese and Russian hackers are doing in Americans' emails
- Solarwinds Orion Attack
- SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests (Cyber Security Review)
- Swiss Firm Says It Has Accessed Servers of a SolarWinds Hacker (Bloomberg)
- U.S. cyber agency releases tool to help SolarWinds Orion defenders (IT World Canada News)
- DHS CISA Shares Incident Response Tool for On (Prem Threat Activity)
- The Cybersecurity 202: Wyden calls for 'time out' in government cybersecurity contracting (wapo)
- [Security Weekly] Mimecast Source Code Stolen by Hackers Exploiting SolarWinds Sunburst Backdoor (Penta Security Systems Inc.)
- Did you get burned by the SolarWinds attack?US Releases Tools for Post-Infringement Detection (Texas News Today)
- Swiss Cybersecurity Firm Reveals Vital Details of Solarwinds Hackers (KoDDoS Blog)
- What SolarWinds Taught Us About Third Party Risk Management (SANS Institute)
Date 2021-03-20
- iTWire (Ohio senator lashes govt over accountability for SolarWinds attack)
- Why the SolarWinds Attack Easily Slipped by All EDR/EPP Solutions (secblvd)
- SilverFish Group Threat Actor Report
- Senate Security Leaders Eye FISMA Revamp, SolarWinds Accountability
- The Lawfare Podcast: Dmitri Alperovitch on SolarWinds and Microsoft Exchange on Apple Podcasts
- Senator Hassan Presses Top Administration Officials on Strengthening Cybersecurity Across All Levels of Government Following SolarWinds & Microsoft Exchange Breaches (U.S. Senator Maggie Hassan of New Hampshire)
- Solarwinds stock forecast
Date 2021-03-19
- Officials urge Biden to appoint cyber leaders after SolarWinds, Microsoft hacks (hill)
- Why America will never be safe from cyberattacks
- Bipartisan Group of Lawmakers Request Information on SolarWinds Cyber Attack (Democrats, Energy and Commerce Committee)
- Suspected Chinese hackers used SolarWinds bug to spy on US payroll agency (sources)
- Hearings to examine the SolarWinds supply chain attack, focusing on the Federal perspective. | Congress.gov (Library of Congress)
- Lawmakers press federal agencies on scope of SolarWinds attack (hill)
- Russia's Efforts At Information Warfare Against The West Continue : NPR
- SolarWinds hackers stole some of Mimecast source code (RedPacket Security)
- Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code
- Mimecast Ax SolarWinds Orion for Cisco NetFlow After Hack - CRN (OLTNEWS)
- Mimecast Update: SolarWinds Hackers Stole Source Code
- Mimecast: SolarWinds Attackers Stole Source Code (tpost)
- Mimecast confirms hackers behind SolarWinds supply chain attack accessed limited amount of customer information (The Daily Swig)
- SolarWinds Attackers Accessed Mimecast Source Code (Decipher)
- Mimecast Says SolarWinds Attackers Accessed its ...
- SolarWinds hackers gain access to Mimecast production grid environment
- Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code
- Mimecast dumps SolarWinds after hackers breached its network (IT PRO)
- Mimecast Discovers That Solarwinds Hackers Stole Some of Their Source Code (TheDigitalHacker)
- Patch Management in the Post-SolarWinds Era (secblvd)
- Mimecast reveals source code theft in SolarWinds hack (ZDNet)
- The Cybersecurity 202: Senate panel delves into SolarWinds hack (wapo)
- "The SolarWinds Hack - What we know & what to look for next" -- An MTUG Webinar - Mar 18, 2021 - LA Metropolitan Chamber of Commerce | Lewiston, ME - LA Metropolitan Chamber of Commerce (Lewiston, ME)
- Mimecast dumps SolarWinds after hackers breached its network (The Cyber Security News)
- SecurityScorecard snags $180M Series E to measure a company’s security risk (TechCrunch)
- Mimecast Says SolarWinds Hackers Stole Source Code (SecurityWeek.Com)
- SolarWinds attackers stole Mimecast source code (IT Security Guru)
- Source code for Mimecast stolen for SolarWinds breach (Texas News Today)
- SolarWinds hackers stole Mimecast source code
- HAGENS BERMAN, NATIONAL TRIAL ATTORNEYS, Invites SolarWinds (SWI) Investors with Significant Losses to Contact Firm Before March 5, 2021 Deadline, SEC Investigating Company
- NSA, Homeland Security Push Service to Mitigate Cyber-Attacks (Bloomberg)
- US advised not to criticize Russian & Chinese cyberattacks given its history of doing the same
- Mimecast releases report on SolarWinds security incident investigation | 2021-03-18 (Security Magazine)
- Mimecast's source code stolen in SolarWinds breach
- Bipartisan lawmakers push Biden's Cabinet for answers on fallout from SolarWinds hack (Washington Times)
- Has Your Organization Been Breached By Solar Winds Malware?
- SolarWinds hackers stole source code from email security firm Mimecast
- SolarWinds hackers gain access to Mimecast production grid environment (PG-Intel)
- SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests (ZDNet)
- Can the Biden Administration Get Russia Policy Right? (Russia Matters)
- Senators press for federal agency accountability over SolarWinds - (FCW)
- Fed CISO DeRusha Calls New Funding ‘Down Payment’ on Security Improvements (MeriTalk)
- The Case for 'Zero Trust' Approach After SolarWinds Attack
- Feds aren't well prepared to spot SolarWinds-style hacks at agencies, CISA official says (CyberScoop)
- TTP Table for Detecting APT Activity Related to SolarWinds and Active Directory/M365 Compromise (Homeland Security Today)
- House Energy Committee Requests SolarWinds Update from Agencies
Date 2021-03-18
- Mimecast Axes SolarWinds Orion For Cisco NetFlow After Hack
- House lawmakers seek answers on SolarWinds from agency chiefs - (FCW)
- Mimecast dumps SolarWinds Orion for Cisco NetFlow after hack - Software (CRN Australia)
- Mayorkas Addresses Cyber Hacks at House Hearing (MeriTalk)
- Russia's Efforts At Information Warfare Against The West Continue : NPR
- What 2020 taught us about the need for deception technology (scmedia)
- New York Regulator Issues Cyber Insurance Guidelines (Newmeyer Dillion - JDSupra)
- For US cyber defense, helpful hackers are only half the battle (hill)
Date 2021-03-17
- White House considers cybersecurity ratings to boost visibility - (GCN)
- Microsoft could be set for a US government windfall (TechRadar)
- 3 ways agencies can restore cybersecurity trust - (GCN)
- SolarWinds Attacks Recovery Effort Could Take U.S. Government 18 Months
- Security Vendors Understate Risks in Senate Hearing on SolarWinds
Date 2021-03-16
- Google, Microsoft Feud Over Antitrust, Hacking Issues (Silicon UK)
- US government to respond to SolarWinds hackers in weeks
- Capitol Hill angry over Microsoft’s security upcharge (POLITICO)
- The US must adopt Software Bill of Materials to thwart cyberattacks (hill)
- Microsoft Pitches Cybersecurity To U.S., (Campaigns & Elections)
- SolarWinds Attacks Recovery Effort Could Take U.S. Government 18 Months (secblvd)
- Cybersecurity Officials Call for Network Visibility, Software Assurance After Russian Hack (FedTech Magazine)
- Michael Dell: Public Cloud Isn’t More Secure Than On (Premise)
- Biden Administration to Respond to SolarWinds Hackers in Weeks, Not Months
- The Obama administration had a plan to stop cyberattacks like SolarWinds—and blew it.
- Top SolarWinds Alternatives (eSecurityPlanet)
- US Should Create New 3-Pronged Approach To Cybersecurity (Law360)
- Exchange Hacks: How Will the Biden Administration Respond?
Date 2021-03-15
- U.S. government to respond to SolarWinds hackers in weeks: senior official | Article [AMP] (Reuters)
- U.S. government to respond to SolarWinds hackers in weeks: senior official — Agenparl
- US moves closer to retaliation over hacking as cyber woes grow | World (Malay Mail)
- Why ‘blaming the intern’ won’t save startups from cybersecurity liability – TechCrunch (Bestgamingpro)
- SolarWinds and Microsoft hacks spark debate over western retaliation (World News Curatory)
- SolarWinds, SUNBURST, and supply chain security.
- "In Weeks, Not Months," Will the US Government Respond to Solarwinds Hackers Said a Senior Official (TheDigitalHacker)
- U.S. government to respond to SolarWinds hackers in weeks: Senior Official (.:: CHASLES CORP. ::.)
Date 2021-03-14
- Cisco Talos Intelligence Group (Comprehensive Threat Intelligence: Talos Takes Ep. #44: A roundtable discussion on SolarWinds)
- SolarWinds Case 1:21-cv-00002-RP -- Motion to Consolidate Class Actions (DocumentCloud)
- Despite hacks, US not seeking widened domestic surveillance (FRN)
- SolarWinds Case 1:21-cv-00138-RP Order to consolidate class actions (DocumentCloud)
- (190) Roundtable: What we've learned (and what we still don't know) about SolarWinds (YouTube)
- US moves closer to retaliation over hacking as cyber woes grow
- SolarWinds NYC Carpenters Complaint (DocumentCloud)
- US government to respond to SolarWinds hackers in weeks: Senior official (CNA)
- Despite hacks, Biden admin not planning to step up government surveillance (Hindustan Times)
- Why ‘blaming the intern’ won’t save startups from cybersecurity liability (TechCrunch)
Date 2021-03-13
- After SolarWinds, Companies Turn to Insurers, Not Feds, for Protection
- Hacked Firms Face ‘Frankenstein’ of State (Based Cyber Notification Laws)
- Relief Package Includes Less for Cybersecurity
- Opinion: A 'Cyber Pearl Harbor' Looms for America Amid Widespread Digital Complacency (Times of San Diego)
- SolarWinds attack and Executive Order on America's Supply Chain illuminate gaps in supply chain risk management, spur innovative solutions by Fortress Information Security
- Why embedded devices are the dangerous blind spot in the SolarWinds attack (hill)
- There is Still More to SolarWinds Attack (Cyware Alerts - Hacker News)
- Windows Exchange, Senate SolarWinds Hack Hearing & NSA’s Zero Trust Recommendations by TFIR: Open Source & Emerging Technologies (Free Listening on SoundCloud)
- The Impact of the SolarWinds Breach on Cybersecurity
- SolarWinds data breach was warning sign to FINRA, cybersecurity chief says | Secondary Sources | National (Westlaw Today)
- Windows Exchange, Senate's SolarWinds Hack Hearing & NSA’s Zero Trust Recommendations (TFiR: Interviews, News & Analysis by Swapnil Bhartiya)
- Marco to Hold Webinar on SolarWinds Orion Attack
- SolarWinds Co. (NYSE:SWI) Receives Consensus Rating of "Hold" from Brokerages (MarketBeat)
- Evolving Cybersecurity Takes More Than Money
- SolarWinds CEO blames intern for cyber attack (Lexology)
- Why 'Layered Security' Should Be Your New Mantra
- Amundi expects no U.S. sanctions on Russia sovereign debt (Reuters)
- SolarWinds (NYSE:SWI) Takes On Some Risk With Its Use Of Debt (Simply Wall St News)
- Microsoft Probing Whether Leak Played Role in Suspected Chinese Hack (WSJ)
- There’s a vexing mystery surrounding the 0-day attacks on Exchange servers (ars)
- SolarWinds and Microsoft hacks spark debate over western retaliation
- Here's What To Make Of SolarWinds' (NYSE:SWI) Returns On Capital
- Google accuses Microsoft of using 'naked corporate opportunism' to distract from SolarWinds hack (Windows Central)
- Our ongoing commitment to supporting journalism
- The Cybersecurity 202: Democrats' new infrastructure bill highlights cybersecurity concerns (wapo)
- Biden administration to respond in weeks to SolarWinds hackers-senior official | The Mighty 790 KFGO (KFGO)
- Retaliation Options: US Cyber Responses To SolarWinds, Exchange Hacks « Breaking Defense (Defense industry news, analysis and commentary)
- U.S. government to respond to SolarWinds hackers in weeks: senior official
- How Should the U.S. Respond to the SolarWinds and Microsoft Exchange Hacks? (Lawfare)
- Biden administration to respond in weeks to SolarWinds hackers-senior official (The Star Phoenix)
- SolarWinds Investors Get Lead Plaintiff in Server Hack Risk Case
- Post-SolarWinds, IT departments increase vendor scrutiny (CIO Dive)
- Biden administration mulls software security grades after SolarWinds
- Microsoft: SolarWinds hack was 'largest and most sophisticated attack' ever: Microsoft president Brad Smith, Telecom News, ET Telecom
- SolarWinds stockholders begin documenting financial losses
- US to Respond to SolarWinds Hackers in Weeks: Senior Official (KMJ-AF1)
- U.S. government to respond to SolarWinds hackers in weeks: senior official (Reuters)
- SolarWinds lawsuits merge as stockholders begin documenting financial losses (TerabitWeb Blog)
Date 2021-03-12
- Nevada CIO says state’s IT is 8 years behind others’ (StateScoop)
- PodcastOne: In the wake of the SolarWinds breach, lawmakers turned to industry for recommendations
- FireEye CEO: Reckless Microsoft hack odd for China
- Russian hack targeting US government places SolarWinds financial model in the cross hairs (KPIC)
- FireEye CEO: Reckless Microsoft hack unusual for China | (leadertelegram.com)
- The SolarWinds Cyber-Attack – The Devastation and Wreckage (Michael Volkov - JDSupra)
- Microsoft: SolarWinds hackers studied Microsoft source code for authentication and email, Telecom News, ET Telecom
- White House Cyber Group Discusses How to Stop Another SolarWinds
- Gary Davis on Twitter: "Lawmakers blame #SolarWinds hack on ‘collective failure’ to prioritize #cybersecurity https://t.co/IIXbsitaBr" / Twitter
- Lawmakers blame SolarWinds hack on 'collective failure' to prioritize cybersecurity
- Patching, with special attention to Hafnium and the rest. Responding to the SolarWinds incident. Hactivists don’t like cameras. Dragnet in the Low Countries.
- Be on the Lookout: Impact of SolarWinds Orion Compromise on
- SolarWinds And Microsoft Exchange Attacks: Lay Down The Cyber Law
- What the Quad Must Learn From the SolarWinds Hack (The National Interest)
Date 2021-03-11
- Air Force Only Service to Develop Cybersecurity Requirements for Weapon Systems Contracts, GAO Says (Nextgov)
- FireEye and Microsoft Uncover More Malware Strains Used in SolarWinds Hack (Toolbox Security)
- Why the SolarWinds Hack Is a Wake-Up Call (CoFR)
- SolarWinds: 9 federal agencies and about 100 companies hit by SolarWinds hack: The White House, Telecom News, ET Telecom
- Microsoft: SolarWinds, Microsoft, FireEye, CrowdStrike defend actions in major hack: U.S. Senate hearing, Telecom News, ET Telecom
- NCP (National Checklist Program Repository)
- CISA: ‘Identity is everything’ for cyber defense post-SolarWinds (FRN)
- Chinese suspected of two attacks on internet (facing SolarWinds server)
- SolarWinds Unlikely to Be an Isolated Event as Attackers Become More Sophisticated (Infosecurity Magazine)
- The SolarWinds Hack Hits Home (DevPro Journal)
- Kremlin and other Russian official websites down; experts doubt US involvement, World News (wionews.com)
- US 'planning all (out cyberwar on Russia in retaliation for SolarWinds hack' and may take action in next three weeks)
- DHS CISA Shares Remediation, Risk Guidance for SolarWinds Compromise
- Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise (CISA)
- Chinese threat actor exploited SolarWinds vulnerability. Second (stage backdoor possibly linked to SolarWinds compromise. Dependency confusion updates.)
- Bill Would Eliminate Immunity for Foreign Hackers (Nextgov)
- Congress's latest hacking investigation should model its most recent (hill)
- Security researchers discover Supernova web shell activity linked to Chinese hackers | 2021-03-10 (Security Magazine)
- Chinese hackers presumably behind SolarWinds hack new evidence revealed (Secure Blink)
- Cyber Command: ‘No evidence’ that SolarWinds attackers compromised DoD networks (The Record by Recorded Future)
Date 2021-03-10
- ‘Retaliation’ for Russia's SolarWinds Spying Isn't the Answer (WIRED)
- Preparing for Retaliation Against Russia, U.S. Confronts Hacking by China (nyt)
- Will the US Government Recognize SolarWinds as a Cyber Inflection Point? (Data Core Systems)
- U.S. cyberattacks against Russia may be underway in reprisal for SolarWinds hack, experts say (Just The News)
- Biden Plans Cyber Attacks Against Russia For SolarWinds Hack, Ignores Chinese Involvement (National File)
- Understanding Third (Party Hacks, Learning from SolarWinds Hack)
- Latest target for hackers: A popular file-transfer program (WRAL TechWire)
- Is it time to adopt an ‘assumed breach’ cyber policy? (BIC Magazine)
- SolarWinds Hack (CEPA)
- SolarWinds Sunburst backdoor supply chain attack: Why it still matters | Security (ITP.net)
- What to Do About Cybersecurity (Law, Policy -- and IT?)
- The SolarWinds attack and best practices for code (signing)
- CISA demands US govt agencies to update SolarWinds Orion softwareSecurity Affairs
- China (linked hackers exploited SolarWinds software in 2020 breach, researchers say)
- Microsoft: Microsoft failed to shore up defenses that could have limited SolarWinds hack (U.S. senator, Telecom News, ET Telecom)
- US plans mix of 'seen and unseen' actions against Russia over SolarWinds attacks
- Beazley on the implications of the Solar Winds hacking incident (Insurance Business)
- Kremlin calls NYT report on planned U.S. cyberstrikes on Russia 'alarming' (Reuters)
- How the SolarWinds attack may affect your organization's cybersecurity (TechRepublic)
- Kremlin: Report On Planned U.S. Cyberstrikes On Russia 'Alarming'
- Biden challenged by early cyber threats (hill)
- Episode 124: Solarwinds recap (Cyber24)
- New survey examines the impact of SolarWinds breach on cybersecurity | 2021-03-08 (Security Magazine)
- NYSE: SWI Shareholder Notice: Lawsuit against SolarWinds Corporation Announced by Shareholders Foundation | 2021-03-09 | Press Releases (Stockhouse)
- Registration
- More clues appear to link Supernova web shell activity to Chinese hackers (TechRadar)
- Chinese hackers targeted SolarWinds customers in parallel with Russian op (ars)
- Russia Warns Against U.S. Retaliation for SolarWinds Amid Fears of Cyberwar | World Report (US News)
- SolarWinds Attack Could Have Been Much Worse, Former NSA Chief Says | National News (US News)
- Hackers hiding Supernova malware in SolarWinds Orion linked to China
- More clues appear to link Supernova web shell activity to Chinese hackers (TechRadar)
- [Update] SolarWinds Hack Finds Possible Link to China, Say Researchers-- Supernova Malware Detected (Tech Times)
- SolarWinds attack and Executive Order on America's Supply Chain illuminate gaps in supply chain risk management, spur innovative solutions by Fortress Information Security
- Was SolarWinds a Different Type of Cyber Espionage? (Lawfare)
- The SolarWinds Hack Gets Worse, But Offers A Tiny Bit Of Amusement (PC Perspective)
- Security Policies Do Matter, but Really Only So Much
- Bill Would Allow Americans to Sue Foreign Hackers
- Researchers Describe a Second, Separate SolarWinds Attack
- Guidance on Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise (CISA)
- Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
- SolarWinds, cyberattacks (Homeland Security Newswire)
- World Wide Technology (TEC37: 26. Security – Would Zero Trust Have Prevented the SolarWinds Breach? on Apple Podcasts)
- SolarWinds Aftermath Threat Hunting Survey Yields Mixed News
Date 2021-03-09
- Security report: Lessons learned investigating the SUNBURST software supply chain attack (ITWeb)
- Server Management Software Market Segmentation 2021, by Key Players: Datadog, SolarWinds MSP, ManageEngine, Microsoft, BMC Software, Central Solutions etc. (Breakout Live)
- Researchers Identify More Malware Used By SolarWinds Hack Group
- Cybersecurity in 2021: Stopping the madness (CSO Online)
- Security report: Lessons learned investigating the SUNBURST software supply chain attack (ITWeb)
- Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks (ZDNet)
- Microsoft adopted ‘aggressive’ strategy for sharing SolarWinds Attack intel (Urgent Comms)
- Hearings On The SolarWinds Hack And Possible Policy Responses - Technology (United States)
- White House juggling response to Microsoft, SolarWinds hacks
- Casting a wide intrusion net: Dozens burned with single hack | (leadertelegram.com)
- Hearings On The SolarWinds Hack And Possible Policy Responses (MarketScreener)
- EXCLUSIVE: I am Groot - POLITICO: one-on (wine with lead house cyber chair)
- New Cyber Insurance Risk Framework Provides Best Practices for the Insurance Industry (Bradley Arant Boult Cummings LLP - JDSupra)
- Gen. Paul Nakasone on CYBERCOM’s Response to SolarWinds Breach, ‘Defend Forward’ Concept
- Proposal Would Let Foreign Gov'ts Be Sued For Cyberattacks (Law360)
- Hacked Companies Caught in Maze of Notification Requirements
- US plans 'a mix of actions' against Russia over SolarWinds cyberattack (Engadget - News WWC)
Date 2021-03-08
- China’s and Russia’s spying sprees will take years to unpack (ars)
- Microsoft Adopted an 'Aggressive' Strategy for Sharing SolarWinds Attack Intel (News AKMI)
- Microsoft: We've found three more pieces of malware used by the SolarWinds attackers (ZDNet - PressboltNews)
- DIB Take Note: SolarWinds Hack and DHS CISA Emergency Directive on Cyber Vulnerabilities Point to the Need to be Prepared for APTs (Stinson - Government Contracting Matters - JDSupra)
- Did you acquire SolarWinds (SWI) before October 18, 2018? Should management be held responsible for investor losses? Contact Johnson Fistel (OLTNEWS)
- Did You Acquire SolarWinds (SWI) Before October 18, 2018? Should Management Be Held Accountable For Investors Losses? Contact Johnson Fistel SWI
- SolarWinds : Did You Acquire SolarWinds (SWI) Before October 18, 2018? Should Management be Held Accountable for Investors Losses? Contact Johnson Fistel (MarketScreener)
- Casting a wide intrusion net: Dozens burned with single hack
- Casting a wide intrusion net: Dozens burned with single hack (StarTribune)
- Microsoft: We’ve found three more pieces of malware used by the SolarWinds attackers (Bestgamingpro)
- Did You Acquire SolarWinds (SWI) Before October 18, 2018? Should Management be Held Accountable for Investors Losses? Contact Johnson Fistel (NeighborWebSJ)
- SolarWinds Password Fail, Chinese Hacking Exchange, Google to stop Tracking Cookies
- Shareholder Alert: Pawar Law Group Announces A Securities Class Action Lawsuit Against Solarwinds Corporation (SWI)
- GoldMax, GoldFinder, and Sibot, are the 3 new Malwares Used by SolarWinds Hackers (IT Security News)
Date 2021-03-07
- Protect, Detect, and Respond to Supply Chain Cyber Attacks (e.g. Solarwinds) Using Splunk Enterprise Managed Security Services - (Redmondmag.com)
- Who Broke SolarWind with Mat and Mike - S3E8 | The Cyber Tap | Podcasts on Audible (Audible.com)
- CMMC Project Update: Rule Comments and the Impending Split (ClearanceJobs)
- Researchers Find 3 New Malware Strains Used by SolarWinds Hackers (WP Guy News)
- Microsoft shares details on three new malware strains used in SolarWinds hack
- SolarWinds Orion Security Breach: Cyberattack Timeline and Hacking Incident Details (ChannelE2E)
- SWI DEADLINE ALERT: ROSEN, TOP RANKED IVNESTOR COUNSEL, Encourages SolarWinds Corporation Investors with Large Losses to Secure Counsel Before Important Deadline Today in Securities Class Action (SWI)
- Second (stage backdoor in SolarWinds compromise victim. Exchange Server exploitation. RedEcho as staging. Leaky clouds.)
- U.S. Weapons Programs Lack 'Key' Cybersecurity Measures (tpost)
- Did You Acquire SolarWinds (SWI) Before October 18, 2018? Should Management be Held Accountable for Investors Losses? Contact Johnson Fistel
- SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis (Cybersecurity Insiders)
- Second (stage backdoor possibly linked to Solorigate campaign. Hafnium exploits Exchange Server vulnerabilities.)
- This Week In SolarWinds, with a key unexpected lesson (The Business of Tech)
- GoldMax, GoldFinder, and Sibot, 3 new malware used by SolarWinds attackers (IT Security News)
- Microsoft Reveals 3 New Malware Variants Relating to SolarWinds Cyberattack
Date 2021-03-06
- The danger in calling the SolarWinds breach an ‘act of war’
- Congressional Hearings on SolarWinds Hack
- Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers (tpost)
- SolarWinds Hack Potentially Linked to Turla APT (tpost)
- SolarWinds blames at least some of its poor cybersecurity on an intern and a bad password.
- Lesson From SolarWinds Attack: It's Time to Beef Up IAM
- SolarWinds hack a wake-up call to the tech sector (GZERO Media)
- Researchers Disclose More Malware Used in SolarWinds Attack
- The March IronNet Threat Intelligence Brief (secblvd)
- China’s and Russia’s Spying Sprees Will Take Years to Unpack (WIRED)
- Citigroup Begins Coverage on SolarWinds (NYSE:SWI) (MarketBeat)
- SolarWinds : Announcing ‘Cyber Insurance Risk Framework,' NY DFS Joins OFAC In Discouraging Carriers From Making Ransomware Payments (MarketScreener)
- Biden makes cybersecurity ‘top priority’ in national security guidance (FRN)
- Lessons from the SolarWinds Breach (BeyondTrust)
- What’s the message about Cloud Contracts since AWS declined to testify to the Senate about SolarWinds? | Blogs | Internet, IT & e-Discovery Blog (Foley & Lardner LLP)
- Microsoft, FireEye Uncover More Malware Used in the ...
- SolarWinds Deadline Alert
- Microsoft: We've found three more pieces of malware used by the SolarWinds attackers (ZDNet)
- SWI Deadline: Bronstein, Gewirtz & Grossman, LLC Reminds SolarWinds Corporation Shareholders of Class Action and Lead Plaintiff Deadline: March 5, 2021
- DIB Take Note: SolarWinds Hack and DHS CISA Emergency Directive on Cyber Vulnerabilities Point to the Need to be Prepared for APTs (Lexology)
- After SolarWinds breach, White House preps executive order on software security (CyberScoop)
- SWI FILING DEADLINE TOMORROW: Bernstein Liebhard LLP Reminds Investors of the Deadline to File a Lead Plaintiff Motion in a Securities Class Action Lawsuit Against SolarWinds Corporation
- CYBERCOM Plays ‘Key Role’ As SolarWinds Unfolds: Gen. Nakasone « Breaking Defense (Defense industry news, analysis and commentary)
- SWI ALERT: The Klein Law Firm Announces a Lead Plaintiff Deadline of March 5, 2021 in the Class Action Filed on Behalf of SolarWinds Corporation Limited Shareholders
- Microsoft Corporation (NASDAQ:MSFT), Solarwinds, Inc. (NYSE:SWI) - Microsoft's Emergency Security Patch After Cyber Attack Attracts White House Monitoring: Reuters (Benzinga)
- It’s Time for a Cybersecurity Quid Pro Quo (Nextgov)
- Risky business: 3 timeless approaches to reduce security risk in 2021 (Help Net Security)
- The Cybersecurity 202: Companies are doing a terrible job of reporting cybersecurity risks to investors, a new study says (wapo)
- SolarWinds Hackers Hit Qualys, Other Cybersecurity Vendors (SDxCentral)
- Lawsuits Filed Against SWI, XOM and ATNX (Jakubowitz Law Pursues Shareholders Claims)
- Cyber Attacks: Tech’s natural disasters (Gadget)
- Atense Says Its Computer Vaccine Will Prevent Future “SolarWinds” Hacking Events - Press Release (Digital Journal)
- Microsoft Drops 'Solorigate' for 'Nobelium' in Ongoing SolarWinds Attack Investigations - (Redmondmag.com)
- Microsoft discovers more malware used by SolarWinds attacker while FireEye finds new backdoor (IT World Canada News)
- Microsoft Adopted an 'Aggressive' Strategy for ...
- Researchers Find 3 New Malware Strains Used by SolarWinds Hackers
- SolarWinds: "IT's Pearl Harbor." (InsiderPro)
- FINAL DEADLINE TOMORROW: The Schall Law Firm Announces the Filing of a Class Action Lawsuit Against SolarWinds Corporation and Encourages Investors with Losses to Contact the Firm
- Microsoft reveals GoldMax, Sibot and GoldFinder new malware strains used by SolarWinds hackers (Cyber Security Review)
- Three New Malware Strains Linked to SolarWinds Hackers (TerabitWeb Blog)
- The Klein Law Firm Reminds Investors of Class Actions on Behalf of Shareholders of SWI, VLDR and REGI
Date 2021-03-05
- SolarWinds Incident May Bring Data Breach Notification Rules
- DEADLINE ALERT for SWI, QS, TCDA: Law Offices of Howard G. Smith Reminds Investors of Class Actions on Behalf of Shareholders
- Is Solarwinds safe? - General Software Forum (Spiceworks)
- New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452 (fireeye)
Date 2021-03-04
- SolarWinds blaming intern is symptom of "security failures"
- Vinoth Kumar on Twitter: "https://t.co/H18DCF44El is an intern service according to the Solarwinds ceo so an intern who worked for only for 3 months(2017) had an access to the FTP server and credential was not rotated after he left. So so
- U.S. Matches EU, U.K. Sanctions on Russia for Navalny Attack (Bloomberg)
- SolarWinds Says It’s Cooperating with Probes by SEC, Justice
- How to prevent data leaks
- Recovering from the SolarWinds hack could take 18 months (Worldwide Tweets)
- SolarWinds Attack Prompts Calls for Companies to Disclose Hacks (Bloomberg)
- SolarWinds Says It’s Cooperating with Probes by SEC, Justice (Bloomberg)
- Will the SolarWinds hack make us tighten security in the tech industry?
- FBI Director Suggests Multi-Pronged Response to SolarWinds Hack (News Talk WBAP-AM)
- SolarWinds executives blame intern for leaked password (Cloud7 News)
- SolarWinds Hacking Damage Could Take up to 18 Months to Recover (Tech Times)
- Cloud Vs On (premise Debate Flares Up In The Wake Of Solarwinds Attack)
- CLASS ACTION UPDATE for SWI, JFU and CLOV: Levi & Korsinsky, LLP Reminds Investors of Class Actions on Behalf of Shareholders
- Okta CEO: After SolarWinds hack, leaders must think about 4 points
- Microsoft: SolarWinds Attack Highlights Growing Sophistication of Nation-State Actors (Infosecurity Magazine)
- SolarWinds CEO Blames Intern for GitHub Password Fiasco (Toolbox Security)
- Cybersecurity and IT top GAO’s High Risk List, yet again
- SolarWinds attack – What is Known and How to Stay Protected (Check Point Software)
- Cybersecurity Journalist says SolarWinds Hack is a “Harbinger” of Threats to Come — Fraud Conference News
- A Briefing on the SolarWinds Threat (ACT-IAC)
- How SolarWinds Busted Up Our Assumptions About Code ...
- SolarWinds Senate Hearing: Moving Forward It’s All About Zero Trust (secblvd)
- SolarWinds Says SEC, DOJ, State AGs Probing Cyberhack (Law360)
- CISA Official Calls for Update of Identity Management Guidance in Wake of SolarWinds Compromise (Nextgov)
- Microsoft opens CodeQL queries to public after SolarWinds hack
- Blinken vows renewed focus on emerging tech after hack (hill)
- Best practices for Securing Office 365 against pervasive cloud collaboration risks (secblvd)
- Still more questions than answers on SolarWinds attack - (Defense Systems)
- SolarWinds Senate Hearing: Moving Forward It’s All About Zero Trust
- What happened at SolarWinds? - sunburst in action! (Stinet)
Date 2021-03-03
- SolarWinds faces an SEC inquiry following insider stock sales that took place before Russian hack (wapo)
- SolarWinds security fiasco may have started with simple password blunders (ZDNet)
- Incident Response to SolarWinds Orion Software Compromise for SMEs
- After SolarWinds debacle, the U.S. needs to keep software makers from being hurt by cost (cutting owners)
- Massive SolarWinds Hack Prompts Up to $25 Million in New Expenses
- Equifax CISO Jamil Farshchi on SolarWinds and Supply Chains
- SolarWinds: Undervalued Despite The ORION Hack (NYSE:SWI) (Seeking Alpha)
- What the SolarWinds Attacks Mean for Cloud Data Protection - (Redmondmag.com)
- SolarWinds: Look Beyond The Hack (NYSE:SWI) (Seeking Alpha)
- If the Walls Fall: Federal Agencies Must Layer Cyber Defenses to Ensure Data Protection (MeriTalk)
- National Security Risks of Late-Stage Capitalism (secblvd)
- The SolarWinds Body Count Now Includes NASA and the FAA (WIRED)
- SHAREHOLDER ALERT: Pawar Law Group Announces a Securities Class Action Lawsuit Against SolarWinds Corporation (SWI)
- Cyber risks loom over Covid-prompted corporate IT shifts (POLITICO)
- NTIA Software Component Transparency (National Telecommunications and Information Administration)
- Sai Huda’s best-selling book Next Level Cybersecurity reveals signals missed in world’s largest hacks such as SolarWinds (EIN Presswire)
- SolarWinds Orion Web Performance Monitor (WPM) Remote Detection (Tenable®)
- How SolarWinds is turning the Orion breach into competitive advantage (Weirdware)
- SolarWinds Cyberattack Prompts Calls for Aggressive Countermeasures | The Well News (Pragmatic, Governance, Fiscally Responsible, News & Analysis)
- SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020 (TI Forense)
- Cloud (based dev teams must shift security left to avoid fate of SolarWinds)
- SolarWinds (Morgan Stanley Technology, Media and Telecom Conference)
- Comment: Mystery — and fear — mounts over SolarWinds hack (HeraldNet.com)
- NYSE:SWI Shareholder Notice: Deadline on March 5, 2021 in Lawsuit Against SolarWinds Corporation - Press Release (Digital Journal)
- Secure by Design: Our Plan for a Safer SolarWinds and Customer Community (Orange Matter)
- SolarWinds is being investigated by the Securities and Exchange Commission, filing shows (MarketWatch)
- HAGENS BERMAN, NATIONAL TRIAL ATTORNEYS, Invites SolarWinds (SWI) Investors with Significant Losses to Contact Firm Before March 5, 2021 Deadline, SEC Investigating Company
- SolarWinds, Cyber ‘Regression,’ CDM Loom Large in GAO High (Risk Update – MeriTalk)
- Wray hints at federal response to SolarWinds hack (hill)
- SolarWinds: Intern leaked passwords on GitHub (secblvd)
- SolarWinds executives blame intern for 'solarwinds123' password lapse
- SolarWinds Corporation Investors: Last Days to Participate Actively in the Class Action Lawsuit; Portnoy Law Firm
- AWS Used By Bad Guys: SolarWinds Hackers Used Elastic Compute Cloud (CTOvision.com)
- SolarWinds reports $3.5 million in expenses from supply (chain attack)
- Expert Reaction On Solarwinds Blames Intern For Weak Passwords (Information Security Buzz)
- The Law Offices of Frank R. Cruz Reminds Investors of Looming Deadline in the Class Action Lawsuit Against SolarWinds Corporation (SWI)
- Extreme : SolarWinds – A Supply Chain Compromise (MarketScreener)
- Hacking group targets organizations via Microsoft server software -researcher | WKZO | Everything Kalamazoo (590 AM · 106.9 FM)
- Biden Administration Sanctions Russia Over Kremlin Critic Alexei Navalny’s Poisoning (WSJ)
- SolarWinds (A Supply Chain Compromise)
- Document
- Solarwinds Form 10-K filing 2020-12 (31)
- Breached software firm SolarWinds faces SEC inquiry after insider stock sales (Flipboard)
- Recovering from the SolarWinds hack could take 18 months (MIT Technology Review)
- The Law Offices of Frank R. Cruz Reminds Investors of Looming Deadline in the Class Action Lawsuit Against SolarWinds Corporation (SWI) (bizwire)
- cybersecurity: Tech executives face round two of Congressional grilling over SolarWinds breach, Telecom News, ET Telecom
- The Gross Law Firm Announces Class Actions on Behalf of Shareholders of SWI, FUBO and MPLN
Date 2021-03-01
- Jeff Elder on Twitter: "SolarWinds leaders told Congress today the password "solarwinds123" was a mistake by an intern. An email from the company in 2019 links the issue to "publicly accessible" data and "exposed credentials." https://t.co/UTfYWYNTFP" / T
- At House SolarWinds hearing, bipartisan lawmakers announce breach disclosure bill (TerabitWeb Blog)
- Former SolarWinds CEO blames intern for ‘solarwinds123’ password leak (WKSM-FM)
- Jeff Elder on Twitter: "SolarWinds leaders told Congress the password "solarwinds123" was a quickly fixed intern's error. Records show it was a publicly accessible software (update server with password visible for two years. A company email from 2019 notes)
- Solarwinds blamed intern for weak password – experts have doubts (FR24 News English)
- SolarWinds Officers Blame Intern for ‘solarwinds123’ Password (The Times Hub)
- Congress has new appetite for breach law following SolarWinds hack: lawmaker | Business Information & News | FE (Westlaw Today)
- Solarwinds blamed intern for weak password ( experts have doubts)
- Experts Call for Increased Cyber Info Sharing in Wake of SolarWinds Breach (MeriTalk)
- Accusation: Microsoft failed with security in the SolarWinds hack (Born's Tech and Windows World)
- SolarWinds Officials Blame Intern for ‘solarwinds123’ Password
- The SolarWinds Body Count Now Includes NASA and the FAA (Tech Exec)
- RABET (V Pilot Update and SolarWinds Mitigations)
- Former SolarWinds CEO blames the intern for the “solarwinds123” password leak (Security – 6Park News En)
- SHAREHOLDER ALERT: SWI QS CLOV: The Law Offices of Vincent Wong Reminds Investors of Important Class Action Deadlines
- SolarWinds hack pits Microsoft against Dell, IBM over how companies store data
- Solarwinds Class Action Reminder
- Congress has new appetite for breach law following SolarWinds hack - Security (iTnews)
- Former SolarWinds CEO Blames Intern for Password Security Breach
- Hearing on Hack Prompts Call for Review of Government’s Cloud Procurement (Nextgov)
- Hackers seized on the pandemic. Some states are fighting back | National (bakersfield.com)
- Buy Palo Alto Networks (PANW) On Weakness; Unlocking Value Of Cloud Business (Seeking Alpha)
- iTWire (Microsoft chief's claims on cloud security result in sharp rejoinder)
- ‘The Marriage Pact’ and the risks we take with data (Charlotte Observer)
- iTWire (John Capobianco)
- Former SolarWinds CEO blames intern for "solarwinds123" password leak (CNNPolitics)
- Microsoft slams Amazon's AWS over Solarwinds silence (MSPoweruser)
- SolarWinds to spend up to US$25M on security following attack - Software (CRN Australia)
- FireEye cyber CEO: American internet users will be targeted in next war
- Jake Williams on Twitter: "I've been thinking a LOT about Brad Smith's testimony this week about #SolariGate. He repeatedly implies that if organizations "just" adopt a cloud first model, they won't experience these sorts of attacks. I called that reckles
- CyberSec Chey on Twitter: "Former SolarWinds CEO ("We had no password rules, didn't audit accounts, and were basically crap at security but, hey, that's why I got the big bucks!"" / Twitter)
- Senate Intelligence Hearing on SolarWinds Hacking (C-SPAN.org)
Date 2021-02-28
- Microsoft could've prevented some SolarWinds damage (IT Security Guru)
- Katko Opening Statement at Hearing on SolarWinds Cyber Campaign - Committee on Homeland Security (Republicans)
- The SolarWinds Hack and Its Hidden Impacts on Small & Medium Size Enterprises (Fairfax County EDA)
- SolarWinds hack calls for data breach laws, cyber funding, lawmaker told | Secondary Sources | National (Westlaw Today)
- Miller-Meeks says ‘SolarWinds’ hack a wake up call for all (Sioux County Radio)
- WEBINAR: How to avoid being the next SolarWinds security incident Tickets, Thu, Mar 4, 2021 at 10:00 AM (Eventbrite)
- Risk & Repeat: Inside the SolarWinds Senate hearing
- Basic cybersecurity standards must start with procurements, experts say
- File Integrity Monitoring Market Current and Future Demand 2027 (Solarwinds, Alienvault, Logrhythm, Trustwave, Manageengine, Trend Micro, and more – NY Market Reports)
- Microsoft: We've open-sourced this tool we used to hunt for code by SolarWinds hackers (ZDNet)
- U.S. Government Cybersecurity Vulnerabilities Flow Down to Private Companies and Federal Court Litigants (New York Law Journal)
- US may announce new sanctions on Russia within weeks - White House press secretary - World (TASS)
- Former NSA and Cyber Command Chief Keith Alexander on SolarWinds, Cyberwar, and China (The Record by Recorded Future)
- SolarWinds Executives Blame Intern for Leaking Password 'solarwinds123', Leading to Largest Security Breach in The US (Tech Times)
- Over 18,000 companies attacked - Microsoft slams Google & Amazon for hiding information (Gizchina.com)
- Microsoft releases open (source CodeQL queries to assess Solorigate compromiseSecurity Affairs)
- Cyber Week in Review: February 26, 2021 (CoFR)
- Here's Why I Continue to Be on the Zscaler Bandwagon (RealMoney)
- Microsoft Conclusion on SolarWinds Hack 'Conflicts' with Other Messages
- The SolarWinds Body Count Now Includes NASA and the FAA (WIRED)
- SolarWinds’ security practices questioned by lawmakers following cyber attack
- Tech executives testify in Solorigate hearing. Accellion breach updates. Silver Sparrow targets Macs.
- Critical VMware vSphere Vulnerability Is a Must (Patch)
- Former SolarWinds CEO Blames Intern for “solarwinds123” Password Leak (FR24 News English)
- Microsoft’s Brad Smith Drags AWS, Google Over SolarWinds Response
- Microsoft makes CodeQL queries public post SolarWinds attack
- Kamala Harris To Prioritize Cybersecurity And Global Health In Foreign Policy Platform (MITechNews)
- SolarWinds Hack Pits Microsoft Against Dell, IBM Over How Companies Store Data (WSJ)
- Microsoft president criticizes Amazon and Google's public response to SolarWinds hack (Washington Times)
- RABET-V Pilot Update and SolarWinds Mitigations (NASS)
- Former SolarWinds CEO blames intern for 'solarwinds123' password leak | (foxcarolina.com)
- MSFT Stock - Microsoft makes CodeQL queries public post SolarWinds attack (Fintech Zoom - World Finance)
- SolarWinds' Former CEO Blames Intern for 'solarwinds123' Password Leak (Slashdot)
- Oversight and Homeland Security Committees Discussed Next Steps for Government and Private Tech Following SolarWinds Breach (House Committee on Homeland Security)
Date 2021-02-27
- Haeggquist & Eck, LLP Is Investigating Claims Against SolarWinds Corporation’s Directors and Officers for Breach of Fiduciary Duty (bizwire)
- Assessing Fallout from the SolarWinds Breach (eWEEK)
- Lawmakers angered over Amazon’s lack of public disclosure on SolarWinds hack (MarketWatch)
- SOLARWINDS SHAREHOLDER ALERT BY FORMER LOUISIANA ATTORNEY GENERAL: Kahn Swick & Foti, LLC Reminds Investors with Losses in Excess of $100,000 of Lead Plaintiff Deadline in Class Action Lawsuits Against SolarWinds Corporation (SWI)
- AWS: SolarWinds hackers used our elastic compute cloud - Security (CRN Australia)
- Here's the Big Problem With Too Much Trust
- SolarWinds Update: Russian Threat-Actor Re (Used Components from Other)
- Former SolarWinds CEO blames intern for "solarwinds123" password leak (CNNPolitics)
- Microsoft Releases Queries for SolarWinds Attack Detection
- Solarwinds Corporation (SWI) Q4 2020 Earnings Call Transcript (The Motley Fool)
- Microsoft shares tool to hunt for compromise in SolarWinds breach (CyberScoop)
- It’s Not Such a Breeze: Assessing Your Service Providers After SolarWinds (New York Law Journal)
- Watch live: Congressional hearing on SolarWinds breach (hill)
- SolarWinds Plans Cybersecurity Investment After Supply Chain Compromise (ExecutiveBiz)
- Fallout From the SolarWinds Hack (Bloomberg)
- Miller-Meeks says 'SolarWinds' hack a wake up call for all (Radio Iowa)
- Hillicon Valley: Second SolarWinds hack hearing | TikTok to settle privacy lawsuit | Facebook apologizes for removing lawmaker post (hill)
- Congress has new appetite for breach law following SolarWinds hack -lawmaker (The Star Phoenix)
- The anatomy of the SolarWinds attack chain (ITWeb)
- SHAREHOLDER ALERT: Levi & Korsinsky, LLP Notifies Shareholders of SolarWinds Corporation of a Class Action Lawsuit and a Lead Plaintiff Deadline of March 5, 2021 (SWI)
- CrowdStrike Exec Points to Active Directory 'Structural Problems' in Senate Solorigate Hearing - (Redmondmag.com)
Date 2021-02-26
- SolarWinds Hackers Targeted Cloud Services as a Key Objective (AI Trends)
- SolarWinds, SUNBURST, and the Latest in Supply Chain Security, Compromises, & Breach Litigation | Events ( Crowell & Moring LLP)
- 16 Minutes News by a16z on Apple Podcasts
- SolarWinds hackers targeted NASA, Federal Aviation Administration networks
- First Blackbaud, then SolarWinds. Supply chain cyber (attacks are proliferating – how secure is your business?)
- Netenrich and Industry Leaders Discuss the Rise in Third Party Attacks Post (SolarWinds and Techniques to Maximize Security Effectiveness)
- Tech Talk: SolarWinds, Microsoft, FireEye, CrowdStrike defend actions in major hack: US Senate hearing
- DEADLINE ALERT: Bragar Eagel & Squire, P.C. Reminds Investors That a Class Action Lawsuit Has Been Filed Against SolarWinds Corporation and Encourages Investors to Contact the Firm (Benzinga)
- SolarWinds hack was work of 'at least 1,000 engineers', tech executives tell Senate
- White House plans executive action in response to massive breach - (Defense Systems)
- SolarWinds Corporation Investors: Last Days to Participate Activ (The Cowboy Channel)
- AWS linked to SolarWinds hack - Security (CRN Australia)
- Microsoft: No Evidence SolarWinds Was Hacked Via Office 365
- Tech firms say there's little doubt Russia behind major hack (LV Sun)
- IPAM Software Market to See Huge Growth by 2025 (Infoblox, SolarWinds Worldwide, Cisco Systems – NY Market Reports)
- Infosec expert says mandatory cyber incident reporting is worth considering in Canada (IT World Canada News)
- Hillicon Valley: Biden signs order on chips | Hearing on media misinformation | Facebook's deal with Australia | CIA nominee on SolarWinds (hill)
- SolarWinds Orion Network Performance Monitor Installed (Windows) (Tenable®)
- Guest post: Kurt Sanger on “The ‘SolarWinds’ Hack and the Need to Reframe U.S. Cybersecurity Information Sharing” (Lawfire)
- At least 1,000 engineers worked on supply chain hack, tech exec says - (GCN)
- Biden administration prepares to impose sanctions on Russia over Navalny poisoning, SolarWinds hack (english.lokmat.com)
- Cloud Monitoring Market 2025 Global Industry Trends and Forecast: CA Technologies, Solarwinds, Dynatrace, Idera, Sevone, Cloudyn, Zenoss, Datadog, Kaseya, Logicmonitor, Opsview (NY Market Reports)
- Katko Calls on Administration to Fully Leverage CISA Capabilities in SolarWinds Response - Committee on Homeland Security (Republicans)
- Committee on Homeland Security (Letter from John Katko)
- DEADLINE ALERT: Bragar Eagel & Squire, P.C. Reminds Investors That a Class Action Lawsuit Has Been Filed Against SolarWinds Corporation and Encourages Investors to Contact the Firm (bizwire)
- Microsoft president asks Congress to force private (sector orgs to publicly admit when they've been hacked • The Register)
- More Money Won’t Prevent the Next SolarWinds - But Better Detection Strategies Will (secblvd)
- DOJ could start looking closer at cybersecurity fraud on government technology providers (FRN)
- Data Archiving Software Market 2025 Global Industry Trends and Forecast: SolarWinds MSP, TitanHQ, CloudBerry Lab, DocuXplorer Software, Jatheon Technologies, GFI Software, ShareArchiver, Relay Communications, Professional Advantage, MessageSolution (NY)
- SolarWinds (SolarWinds Announces Fourth Quarter 2020 Results)
- SolarWinds Corp. to Host Earnings Call
- King: SolarWinds Hack Highlights Need for Increased Deterrence of Cyberattacks
- SolarWinds: 4Q Earnings Snapshot
- The massive Solarwinds attack is still shrouded in mystery
- SolarWinds stock rallies after profit, revenue rise above expectations (MarketWatch)
- SolarWinds Announces Fourth Quarter 2020 Results
- Amazon’s Lack of Public Disclosure on SolarWinds Hack Angers Lawmakers (WSJ)
- CrowdStrike: After The SolarWinds Breach, This Is Your Best Cybersecurity Stock (CRWD) (Seeking Alpha)
- SolarWinds Corp. to Host Earnings Call
- Amazon com : Lack of Public Disclosure on SolarWinds Hack Angers Lawmakers (MarketScreener)
- More Money Won’t Prevent the Next SolarWinds (But Better Detection Strategies Will)
- Senator Collins Questions Technology Leaders on SolarWinds Hack That Compromised Data Across Multiple Federal Agencies (Senator Susan Collins)
- How to Avoid Falling Victim to a SolarWinds (Style ...)
- SolarWinds Profit Forecast Trails Estimates After Hack (Bloomberg)
- SolarWinds: 4Q Earnings Snapshot (Lexington Herald Leader)
- SolarWinds Announces Fourth Quarter 2020 Results (bizwire)
- SolarWinds (SWI) Q4 Earnings and Revenues Beat Estimates (Nasdaq)
- The Law Offices of Frank R. Cruz Announces the Filing of a Securities Class Action on Behalf of SolarWinds Corporation (SWI) Investors | State (montereycountyweekly.com)
- Open Text : After SolarWinds, worldwide governments can trust no one (MarketScreener)
- [PDF] Global Data Archiving Software Market 2021 (SolarWinds MSP, TitanHQ, CloudBerry Lab – The Courier)
- File Integrity Monitoring Market to Watch: Solarwinds, Alienvault, Logrhythm, Trustwave, Manageengine, Trend Micro (NY Market Reports)
- Website Monitoring Software Market 2021 Precise Outlook – SolarWinds, AlertBot (InfoGenius), Zoho, LogicMonitor, New Relic, SmartBear, Nagios, Freshworks, Monitis (FLA News)
- The Klein Law Firm Reminds Investors of Class Actions on Behalf of Shareholders of SWI, FUBO and EBIX
- SolarWinds: 4Q Earnings Snapshot | Business News (scnow.com)
- Detecting and Responding to SolarWinds Infrastructure Attack with Cisco Secure Analytics (Cisco Blogs)
- CrowdStrike Slams Microsoft Over SolarWinds Hack (Unified Networking)
- SolarWinds To Spend Up To $25M On Security Following Attack
- Microsoft shares CodeQL queries to scan code for SolarWinds (like implants)
- U.S. and EU prepare new rounds of sanctions against Russia (MarketWatch)
- AWS: SolarWinds Hackers Used Our Elastic Compute Cloud
- Krebs Lays Out CISA Bite-Back at Health (Sector Hackers – MeriTalk)
- Cyber (pandemic: The most notable cyber attacks of 2020)
- Cyber Diplomacy Act aims to elevate America's global cybersecurity standing (CSO Online)
- SolarWinds Revenue, Earnings After Security Breach (MSSP Alert)
- CIA nominee: Cyber threats are 'ever greater risk' for U.S. society - (FCW)
- 10 Security Quotes: Microsoft, CrowdStrike, SolarWinds, and FireEye Talk to Congress
- US Senators, tech execs recommend hack reporting requirement, Technology (THE BUSINESS TIMES)
- Tech exec to Congress: Supply chain hack took 1,000 engineers - (Defense Systems)
- Microsoft Releases Free Tool for Hunting SolarWinds ...
- Ex-NSA chief: No idea how badly SolarWinds hack harmed security (The Jerusalem Post)
- SWI SHAREHOLDER FILING DEADLINE: Bernstein Liebhard LLP Reminds Investors of the Deadline to File a Lead Plaintiff Motion in a Securities Class Action Lawsuit Against SolarWinds Corporation (GuruFocus.com)
- Bloomberg
- Cloud Email Security Software Market to Witness Astonishing Growth With Vital Key Players | Proofpoint, SpamTitan, Barracuda, SolarWinds – KSU (Sentinel)
- Haeggquist & Eck, LLP Is Investigating Claims Against SolarWinds Corporation’s Directors and Officers for Breach of Fiduciary Duty
- White House Releases Executive Order on America's Software Supply Chains (secblvd)
- IDX Introduces Cybersecurity Healthcheck to Identify Security...
- Our Dire Need for a National Cybersecurity Agency
- Huawei backs supply chain security standards in wake of SolarWinds breach (hill)
- Executive Order Focuses on Supply Chain Risk Management
- The Top Free Tools for Sysadmins in 2021
- Watch: Risk Advisory Services: SolarWinds Cyber Attack and its Impact on your Cybersecurity Insurance
- Microsoft Releases Free Tool for Hunting SolarWinds ...
- The SolarWinds of Change are Blowing in the Need for Tech Collaboration (Law.com)
- US senator claims Microsoft failed to fix cloud holes before SolarWinds hack - Security (iTnews)
- Microsoft failed to shore up defenses that could have limited SolarWinds hack: U.S. senator | Y100 WNCY | Your Home For Country & Fun (Green Bay, WI)
Date 2021-02-25
- SolarWinds attack could have happened to anyone, CEO says - (GCN)
- Rear door in SolarWinds Orion - update as soon as possible (updated 2020-12-29) (www.cert.se)
- The US Senate is grilling Microsoft and SolarWinds over last year's historic cyberattack (Markets Insider)
- STAR Webcast: Making sense of SolarWinds through the lens of MITRE ATT&CK(R) (SANS Institute)
- SolarWinds, Microsoft, FireEye, CrowdStrike defend actions in major hack (U.S. Senate hearing)
- Google trying to put Microsoft on the spot at SolarWinds hearing
- SolarWinds hack worse than thought (Senate panel)
- After Russian Cyberattack, Looking for Answers and Debating Retaliation (nyt)
- A digital strategy to defend the nation (Microsoft On the Issues)
- Capitol Hill’s busy day: Confirmation hearings, updates on the Russian hacking attack and more. (nyt)
- Tech firms say there's little doubt Russia behind major hack
- SolarWinds, Microsoft, FireEye, CrowdStrike executives face U.S. Senate grilling | Y100 WNCY | Your Home For Country & Fun (Green Bay, WI)
- SolarWinds, Microsoft, FireEye, CrowdStrike defend actions in major hack - U.S. Senate hearing (Reuters)
- SolarWinds hack worse than thought -Senate panel (Reuters)
- Tech firms say there's little doubt Russia behind major hack (StarTribune)
- US Senate Intelligence Committee To Hold Hearing On SolarWinds Hack February 23 - Notice (UrduPoint)
- Hearings (Intelligence Committee)
- SolarWinds Shareholder Alert
- SolarWinds cybersecurity breach: How it happened and Biden’s response (The Anchor)
- The US Senate just grilled Microsoft and SolarWinds over last year's historic cyberattack. Here's what happened.
- Network Monitoring Software Market Global Outlook 2021-2026: CA Technologies, GFI Software, IBM, Solarwinds, Auvik Networks, Manage Engine – KSU (Sentinel)
- Global Deep Packet Inspection And Processing Market Analysis, Size, Share, Growth, Trends And Forecast 2027 (IBM Corporation; Cisco; Juniper Networks, Inc.; Broadcom.; SolarWinds Worldwide, LLC.; VIAVI Solutions Inc.; NETSCOUT; LogRhythm, Inc.; Qosmos Te)
- Sensitive Data Discovery Market 2020:Global Industry Size, Analysis, Growth Factors, Key Companies, Regional Outlook, Future Insights Till 2026 | IBM, Microsoft, Oracle, AWS, Proofpoint, Google, SolarWinds, – KSU (Sentinel)
- Network Optimization Services Market 2021 to Global Forecast 2026 By Major Players – Solarwinds, Cisco Systems, Huawei, Nokia, ZTE, Infovista, Citrix, Fatpipe Networks, Netscout Systems, Silver Peak, Array Networks (The Bisouv Network)
- List of 1213 SolarWinds Employees - Find Emails & Phones - SignalHire (Page 6)
- SolarWinds to Showcase Database Management Solutions at Microsoft Ignite 2021
- Senate Intelligence Committee Examines SolarWinds Hack (UPI)
- 'Russian' hackers targeted NASA as part of SolarWinds attack (MENAFN.COM)
- Cyber Risk Management in the Wake of SolarWinds (USC Event Calendar)
- Malicious Life: Special: The SolarWinds Hack on Apple Podcasts
- Ryuk Ransomware Gang, Cryptocurrency Fortunes & SolarWinds - InfoSec Round-Up Jan 17th | InfoSec Round-Up by Hut Six Security | Podcasts on Audible (Audible.com)
- SolarWinds Attackers Lurked for 'Several Months' in ...
- SolarWinds not the only company used to hack targets, tech execs say at hearing (CNET)
- More SolarWinds Hack Victims Yet to Be Publicly Identified, Tech Executives Say (WSJ)
- Massive SolarWinds Hack Prompts Calls for U.S. Law Requiring Cyber Breach Reporting
- CrowdStrike Slams Microsoft Over SolarWinds Hack (Infosecurity Magazine)
- SolarWinds hack was work of 'at least 1,000 engineers', tech executives tell Senate | Technology (Guardian)
- 10 Boldest Statements From The SolarWinds Senate Hearing
- Lawmakers urge notification law in wake of Russia SolarWinds hack
- Solarwinds hearing stresses breach disclosure mandates (scmedia)
- Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries
- Senate SolarWinds Hearing: 4 Key Issues Raised
- SolarWinds Hack Bigger, More Dangerous than Previously Thought, Tech Execs Warn (VOA)
- Microsoft, FireEye push for breach reporting rules after SolarWinds hack (hill)
- Partners: AWS Must Come Clean On Role In SolarWinds Hack
- FireEye CEO on how the SolarWinds hack was discovered (CNN Video)
- Tech Executives Call for Improved Public (Private Coordination After SolarWinds Hack)
- SWI Shareholder Alert: Bronstein, Gewirtz & Grossman, LLC Reminds SolarWinds Corporation Shareholders of Class Action and Encourages Shareholders to Contact the Firm
- SolarWinds hack was work of more than 1,000 engineers: Microsoft, World News (wionews.com)
- The big takeaway from the Senate's SolarWinds hearing (Axios)
- SolarWinds fallout sparks calls for mandatory incident reporting, repercussions after cyber attacks (FRN)
- SolarWinds attackers lurked for ‘several months’ in FireEye’s network (Urgent Comms)
- Sens. Mull Cyberattack Reporting Law At SolarWinds Hearing (Law360)
- Google’s been lobbying for more scrutiny into Microsoft’s liability for SolarWinds hack » OnMSFT.com
- DDoS in hybrid war. Accellion compromise attributed. Initial access brokers. Agile C2 for botnets. US Senate’s SolarWinds hearing. US DHS cyber strategy. Shiny new phishbait.
- US to impose sanctions on Russia over Navalny poisoning, SolarWinds hack (Business Standard News)
- Marco Rubio on SolarWinds Hack: ‘Many Concerning Aspects to This Operation That Raise Significant Questions’ (Florida Daily)
- Senators, Tech Execs Recommend Hack Reporting Requirement (DCN)
- The SolarWinds Breach Is Shaking Up Incident Response
- Microsoft, FireEye, CrowdStrike, and SolarWinds Speak at US Senate Hearing Into Massive Cyberattack
- Amazon Defends Itself After Skipping SolarWinds Hearing
- SolarWinds & Solorigate: What Happened, Why it Matters & What Happens Next (The Devolutions Blog)
- Essays: Why Was SolarWinds So Vulnerable to a Hack? (Schneier)
- Tech Among Top Priorities for Biden’s CIA Director Pick (Nextgov)
- Senate grills tech executives on SolarWinds hack (One America News Network)
- Biden signs executive order demanding supply chain security review (CyberScoop)
- CISA looks inward to stop future supply chain attacks - (Defense Systems)
- SolarWinds, Microsoft, and executives of more firms face Senate grilling (TechStory)
- Early Edition: February 24, 2021 (Just Security)
- SolarWinds Hack Leaves Entire Industry In Panic (Research Snipers)
Date 2021-02-24
- Mayorkas Announces Initial Plans To Bolster U.S. Cyber Security; SolarWinds CEO Has Ideas Too
- VMware Marketplace: SolarWinds Content Pack
- SolarWinds Deadline Alert
- Implications of SolarWinds Hack on Your Cyber Practices
- SolarWinds Cyberattack Cleanup Costs: SWI Earnings, Senate & House Hearings May Provide Clues (MSSP Alert)
- SolarWinds CEO: This could have happened to anyone - (FCW)
- US House Committees to Hold Hearing on SolarWinds Hack on 26 February (Sputnik)
- SHAREHOLDER ALERT: SWI PEN OTGLY: The Law Offices of Vincent Wong Reminds Investors of Important Class Action Deadlines
- Investigation of SolarWinds Corporation (Robbins LLP)
- SolarWinds N-central vs EuVantage (2021 Feature and Pricing Comparison)
- Orion SDK - The Orion Platform (THWACK)
- Cisco Application Policy Infrastructure Controller vs SolarWinds - Overview, H2H, and More (Slintel)
- US House committees to hold Feb 26 hearing on 'SolarWinds' hack (CNA)
- Data Archiving Software Market to 2027 – SolarWinds MSP, TitanHQ, CloudBerry Lab and Others (NY Market Reports)
- Website Monitoring Software Market 2020-2026 (SolarWinds, Zoho, SmartBear, LogicMonitor, New Relic, Freshworks, Datadog, Nagios – The Courier)
- What's Scarier Than the SolarWinds Breach? (secblvd)
- State (sponsored cyber attacks have corporates worried)
- Patch Management Market Opportunities (Industry Report by SolarWinds, ConnectWise, Oracle, Chef Software, GFI Software, Automox, SysAid Technologies and ManageEngine – NY Market Reports)
- Opinion (Why Was SolarWinds So Vulnerable to a Hack? - The New York Times)
- SolarWinds to Showcase Database Management Solutions at Microsoft Ignite 2021
- Network Optimization Services Market Evolving Technology and Growth Outlook 2020 to 2026 | Solarwinds, Cisco Systems, Huawei, Nokia, ZTE, Infovista, Citrix, Fatpipe Networks – KSU (Sentinel)
- Health care bore brunt of cyberattacks in 2020, study says (Roll Call)
- New York issues cyber insurance framework as ransomware, SolarWinds costs mount (TechCentral.ie)
- Best Practices for Strengthening Your Organization’s Overall Security Posture (Manufacturing Business Technology)
- Newscan: SolarWinds CEO recommends liability protections for sharing information about incidents (Urgent Comms)
- Have Insiders Been Selling SolarWinds Corporation (NYSE:SWI) Shares? (Simply Wall St News)
- Biden administration planning to sanction Russia for SolarWinds hacks (wapo)
- The Anatomy of the SolarWinds Attack Chain (secblvd)
- MSP Software Provider Atera Raises $25M From K1 (ChannelE2E)
- After SolarWinds hack, the U.S. must prioritize cybersecurity (Idaho Business Review)
- SolarWinds, Microsoft, FireEye, CrowdStrike defend actions in major hack - U.S. Senate hearing (Reuters)
- House committees to hold February 26 hearing on 'SolarWinds' hack (Gadgets Now)
- IBM CEO Says He Feels ‘Sorry’ For SolarWinds, Cybersecurity ‘Biggest Issue’ For Tech Industry
- Network security relies on careful scrutiny
- The Anatomy of the SolarWinds Attack Chain
- Lawmakers grill SolarWinds CEO on devastating hack (WSM-FM1)
- WTH is Russia doing cyberattacking the United States? David Sanger on the SolarWinds hack and the future of American cyber security | What the Hell Is Going On | Podcasts on Audible (Audible.com)
- Mayorkas Announces Initial Plans To Bolster U.S. Cyber Security; SolarWinds CEO Has Ideas Too (IIOT Connection)
- SolarWinds Hack Grabs Senate Spotlight With CEO in the Hot Seat (Bloomberg)
- SolarWinds hackers targeted NASA, Federal Aviation Administration networks (TechCrunch)
- Microsoft says it notified 60 customers of SolarWinds breach (U.S. Senate panel hearing)
- SolarWinds, Microsoft, FireEye, CrowdStrike executives face Senate grilling (Reuters)
- Biden administration plans to sanction Russia for SolarWinds hacks, poisoning of opposition leader (The Boston Globe)
- SolarWinds, Microsoft, FireEye, CrowdStrike executives face U.S. Senate grilling (Nasdaq)
- US to sanction Russia for mass hack, Navalny poisoning
- SolarWinds, Microsoft, FireEye, CrowdStrike Executives Face Senate Grilling
- Paramount Defenses Opens Online Store to Empower Organizations Worldwide
- U.S. Senators: AWS Infrastructure Used In SolarWinds Attack
- CISA, DHS Bolster State and Local Cybersecurity Programs (Nextgov)
- FireEye (NASDAQ:FEYE), (CRWD) - SolarWinds, Microsoft, FireEye, CrowdStrike To Testify In Senate In Russian Cyber Hack Case (Benzinga)
- SolarWinds Hack: Vital Lessons for Integrators SoloarWinds Hack
- WATCH LIVE: Senate committee hears testimony on SolarWinds hack | WPBS (Serving Northern New York and Eastern Ontario)
- Broadband Breakfast: SolarWinds CEO Says Hack Shows Need for Information (Sharing Between Industry and Government)
- Hillicon Valley: Companies urge action at SolarWinds hearing | Facebook lifts Australian news ban | Biden to take action against Russia in 'weeks' (hill)
- Palo Alto Networks Posts First $1 Billion Sales Quarter (DCN)
- Executives testify SolarWinds hack was of unprecedented scale, scope (UPI)
- The Scale of the SolarWinds Breach Is Still Unclear, Executives Say (nyt)
- SolarWinds hack worse than thought (Senate panel)
- Today’s Headlines and Commentary (Lawfare)
- The SolarWinds Attack: Why Israeli Companies Should Pay Attention (Lexology)
- The Compromise of SolarWinds Orion
- SolarWinds Orion Data Security Update
Date 2021-02-23
- New York issues cyber insurance framework as ransomware, SolarWinds costs mount (CSO Online)
- Biden official: SolarWinds attack response may come within weeks
- U.S. House committees to hold Feb 26 hearing on ‘SolarWinds’ hack | The Mighty 790 KFGO (KFGO)
- Hiding in plain sight: What the SolarWinds attack revealed about efficacy (Urgent Comms)
- SolarWinds Hacked From Inside U.S., 100+ Orgs Compromised
- SolarWinds Announces Earnings Call Time Change: Fourth Quarter and Full Year 2020 Earnings Call to Occur on Thursday, February 25 at 7:30 AM CT
- Top Biden Adviser Suggests Russia Could See U.S. Response To SolarWinds Hack Within 'Weeks'
- In the SolarWinds Hack Microsoft Lost The Source Code For 3 Products
- CyberArk Labs: The Anatomy of the SolarWinds Attack (Techwire)
- Neuberger: Private (Sector Partnership ‘Core’ in Fixing Huge Hack, Building Better Defenses – Homeland Security Today)
- White House security adviser says response to SolarWinds hack will come in weeks | WKZO | Everything Kalamazoo (590 AM · 106.9 FM)
- BREAKING ALERT: ROSEN, A LEADING AND LONGSTANDING LAW FIRM, Encourages SolarWinds Corporation Investors with Large Losses to Secure Counsel Before Important March 5 Deadline (SWI)
- SolarWinds cyberhack is a blow. The US must prioritize cybersecurity now | Columns (idahostatejournal.com)
- SolarWinds hearings will test cybersecurity cooperation, experts say
- Microsoft wraps SolarWinds probe, nudges companies toward zero trust
- Microsoft Concludes Its SolarWinds Investigation (Thurrott.com)
- Microsoft suggest companies “adopt a zero trust mindset” as it closes SolarWinds internal investigation » OnMSFT.com
- Turning the page on Solorigate and opening the next chapter for the security community (MS Security)
- U.S. House committees to hold Feb 26 hearing on 'SolarWinds' hack (Reuters)
- SolarWinds hearing announced by House committees (CNET)
- Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code (tpost)
- U.S. House committees to hold Feb 26 hearing on 'SolarWinds' hack (Reuters)
- Microsoft posts final update on Solarwinds attack, reveals which Microsoft product source code hackers were targeting (MSPoweruser)
- Microsoft: SolarWinds Hackers Viewed, Downloaded Source Code for Azure, Intune, Exchange Components (My TechDecisions)
- N-able: The Path Forward for the Former SolarWinds MSP (ChannelE2E)
- SolarWinds CEO Recommends Liability Protections for Sharing Information about Incidents (Nextgov)
- Experts Tell Lawmakers to Give CISA 'Operational' Federal Information Security Role (Nextgov)
- SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings
- Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report (tpost)
- Cyber Attacks on U.S. Need to Be Handled Differently, Says Sen. Warner (Bloomberg)
- Senate Committee to Hear Testimony Surrounding Major SolarWinds Cybersecurity Breach on Cheddar
- Palo Alto Networks CEO: XDR Protected Us From SolarWinds Attack (SDxCentral)
- Biden Wants International “Rules” to Combat Alleged Russian, Chinese Cyberattacks (MSSP Alert)
- Lessons Learned from a Cyberattack: A Conversation with SolarWinds (Part 1 of 2) (Center for Strategic and International Studies)
- SolarWinds CEO to Testify at Second Hearing Friday; He Offers Details Now
- Shareholder Alert: Robbins LLP is Investigating SolarWinds Corporation (SWI) on Behalf of Shareholders (bizwire)
- Biden speech pledges international cooperation on cyber - (Washington Technology)
- Anatomy of the SolarWinds Attack: Five Types of Malware (Blumira)
- SolarWinds Cyber Attack: February 24 Webinar Will Address Lessons Learned
- The SolarWinds Breach Is a Wakeup Call to CISOs (InfoSystems)
- Spared Direct Hit, Law Firms Could Still Face SolarWinds Cyber Fallout (Legaltech News)
- Three Steps to Ensure Your Supply Chain Isn’t Your Weak Link (Legaltech News)
Date 2021-02-22
- Apiiro Releases Industry’s First Solution That Detects and Prevents the Attack Used Against Solarwinds
- Suspected Russian hack fuels new US action on cybersecurity (ABC News)
Date 2021-02-20
- SolarWinds attack hit 100 companies and took months of planning, says White House (ZDNet)
- SolarWinds: Microsoft Reveals New Details About Sophisticated Mega (Breach)
- Trump ‘Nobody Gets Hacked’ Video Goes Viral
- SolarWinds fallout has enterprise CISOs on edge
- Massive breach fuels calls for US action on cybersecurity (WAVY.com)
- U.S. Senate panel to hold Feb 23 hearing on 'SolarWinds' hack (Reuters)
- Hillicon Valley: Congress prepares to hold hearing on SolarWinds breach, Big Tech content moderation | Tensions rise between Capitol Hill and Facebook, Google over news distribution (hill)
- SHAREHOLDER ALERT: Levi & Korsinsky, LLP Notifies Shareholders of SolarWinds Corporation of a Class Action Lawsuit and a Lead Plaintiff Deadline of March 5, 2021 (SWI)
- U.S. Cyber Command Expands Operations to Hunt Hackers From Russia, Iran and China (nyt)
- U.S. Cyber Command Bolsters Allied Defenses to Impose Cost on Moscow (nyt)
- U.S. Begins First Cyberoperation Against Russia Aimed at Protecting Elections (nyt)
- SHAREHOLDER ALERT: Pomerantz Law Firm Reminds Shareholders with Losses on their Investment in SolarWinds Corporation of Class Action Lawsuit and Up Coming Deadline (SWI)
- SolarWinds Hack and the Case of DNS Security (secblvd)
- The Solarwinds Hack Is A One Of A Kind And Not The Norm (Information Security Buzz)
- Network Traffic Analyzer Industry- Exclusive Market Research Report (SolarWinds, Netscout and more. – NeighborWebSJ)
- SolarWinds (SWI) Earnings Expected to Grow: What to Know Ahead of Next Week's Release (Nasdaq)
- Microsoft says SolarWinds hackers stole source code for 3 products (ars)
- 5 minutes with Michael Bahar - The aftermath of the SolarWinds Orion breach | 2021-02-19 (Security Magazine)
- White House Announces Senior Official Is Leading Inquiry Into SolarWinds Hacking (nyt)
- White House says it will hold those responsible for SolarWinds hack accountable within weeks (CNNPolitics)
- SolarWinds hackers studied Microsoft source code for authentication and email (Reuters)
- SolarWinds Hackers Stole Some Source Code for Microsoft Azure, Exchange, Intune
- The Art of Finding Cyber-Dinosaur Skeletons (Securelist)
- Hiding in Plain Sight: What the SolarWinds Attack ...
- U.S. Senate panel to hold Feb 23 hearing on 'SolarWinds' hack (Reuters)
- Senate Intelligence panel to hold hearing on SolarWinds breach next week (hill)
- Biden to take 'executive action' to address SolarWinds breach (hill)
- Targeting Process for the SolarWinds Backdoor (NETRESEC Blog)
- Massive breach fuels calls for US action on cybersecurity - U.S. (Stripes)
- White House Prepping Multi-Part Executive Order on SolarWinds Hack (Defense One)
- The Hack Roundup: White House Says Neuberger Leading Federal Response (Nextgov)
- The SolarWinds Hack Doesn’t Demand a Violent Response (Defense One)
- What financial services should learn from the SolarWinds cyber attack
- SOLARWINDS INVESTOR ALERT: Shareholder Lawsuit Filed
- SolarWinds hack is the perfect foreword to new book on biggest breaches
- Thread by @NatashaBertrand on Thread Reader App (Thread Reader App)
Date 2021-02-19
- Norway’s 11179 billion NOK wealth fund affected by the SolarWinds hack (DN)
- White House now says 100 companies hit by SolarWinds hack, but more may be impacted (Verge)
- Press Briefing by Press Secretary Jen Psaki and Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger, February 17, 2021 (The White House)
- SolarWinds hack may be much worse than originally feared (Verge)
- Microsoft president sounds alarm on ‘ongoing’ SolarWinds hack, identifies 40 more precise targets (Verge)
- SolarWinds hides list of high-profile customers after devastating hack (Verge)
- Big tech companies including Intel, Nvidia, and Cisco were all infected during the SolarWinds hack (Verge)
- SolarWinds: Microsoft Reveals New Details About Sophisticated Mega (Breach)
- Defense nominee favors proactive cyber posture
- Operationalizing Defend Forward: How the Concept Works to Change Adversary Behavior (Lawfare)
- The SolarWinds hackers could be in US government computers for a long time. Here’s our next move (Bulletin of the Atomic Scientists)
- Occam’s Razor — A SolarWinds Perspective for Law Firms (Legal Talk Network)
- SolarWinds Investor Relations: Berger Montague Announces Expanded Class Period for Investigation of Alleged Securities Fraud Against SolarWinds Corporation (NYSE: SWI); Encourages Investors with Losses in Excess of $100,000 to Secure Counsel; Lead Plainti
- SolarWinds Shareholder Alert
- Risk & Repeat: SolarWinds and the hacking back debate
- Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency – sources (Reuters)
- Cybersecurity experts say U.S. needs to strike back after SolarWinds hack (CBS News)
- Pompeo Says Russia 'Pretty Clearly' Behind SolarWinds Cyberattack. : NPR
- SolarWinds hackers accessed Microsoft source code, the company says (Reuters)
- Suspected Russian Hackers Used U.S. Networks, Official Says (Bloomberg)
- SolarWinds patches three newly discovered software vulnerabilities (ZDNet)
- France Just Suffered A Very 'Solar Winds' (Like Cyberattack)
- The U.S. Needs a Cyber State of Distress to Withstand the Next SolarWinds (Lawfare)
- Presidential Policy Directive -- United States Cyber Incident Coordination (whitehouse.gov)
- Digital Offense Capabilities Are Currently Net Negative for the Security Ecosystem
- ‘William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021’
- ADP 3 (28 Defense Support of Civil Authories)
- Experts laud SolarWinds post-attack efforts, but why’d it take a massive cyber incident to make changes? (FRN)
- SWI BREAKING ALERT: ROSEN, A TRUSTED AND LEADING LAW FIRM, Encourages SolarWinds Corporation Investors with Large Losses to Secure Counsel Before Important Deadline – SWI | Business (valdostadailytimes.com)
- SolarWinds (style email compromise attacks go mainstream)
- SolarWinds hack was 'largest and most sophisticated attack' ever (Microsoft president)
- The "largest and most sophisticated hack ever" - The Backstory with Matt Bevan - RN Breakfast (ABC Radio National)
- Former top cybersecurity official on why U.S. intelligence missed Russia's SolarWinds hack
- Microsoft says SolarWinds hackers downloaded some Azure, Exchange, and Intune source code (ZDNet)
- SolarWinds hackers accessed Microsoft source code (ZDNet)
- Microsoft Internal Solorigate Investigation – Final Update (Microsoft Security Response Center)
Date 2021-02-17
- Many SolarWinds Customers Failed to Secure Systems Following Hack (SecurityWeek.Com)
Date 2021-02-16
- SolarWinds hack was 'largest and most sophisticated attack' ever: Microsoft president (Reuters)
- SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy and Commerce Departments (CBS News)
- SolarWinds Hack Was 'Largest and Most Sophisticated Attack' Ever, Microsoft President Brad Smith Says (Technology News)
- Cybersecurity experts say U.S. needs to strike back after SolarWinds hack
- Microsoft says it found 1,000 (plus developers' fingerprints on the SolarWinds attack • The Register)
- On SolarWinds, Supply Chains and Enterprise Networks
- Arctic Security (SolarWinds: Going beyond attribution - all in a day’s work for a Bicycle Repair Man)
- VirusTotal
- US Court system demands massive changes to court documents after SolarWinds hack (TechRepublic)
- Essential Threat Intelligence: Importance of Fundamentals in Identifying IOCs (Webroot)
- Does SolarWinds change the rules in offensive cyber? Experts say no, but offer alternatives (scmedia)
- France Ties Russia's Sandworm to a Multiyear Hacking Spree (WIRED)
- Sealed U.S. court records possibly accessed by SolarWinds attackers (Help Net Security)
- Microsoft: SolarWinds attack took more than 1,000 engineers to create (ZDNet)
- 7 Things We Know So Far About the SolarWinds Attacks
Date 2021-02-12
- Manufacturing particularly at risk of Solorigate (linked breaches)
- SolarWinds Shines Spotlight on Supply Chain Risks (CSO Online)
- Our systems weren’t the entry point for SolarWinds attackers, says Microsoft (Channel Daily News)
- US Coast Guard orders maritime facilities to report SolarWinds breaches
- CISA releases Azure, Microsoft 365 malicious activity detection tool
- Chinese threat actor may have exploited SolarWinds. New SolarWinds vulnerabilities reported. Spyware in South Sudan. BEC gift card scams rise.
- FireEye's Mandia: 'Severity (Zero Alert' Led to ...)
- US think tank breached three times in a row by SolarWinds hackers
- White House Names Cybersecurity Expert to Lead Response to SolarWinds Hack (WSJ)
- Zero Day Initiative — Three More Bugs in Orion’s Belt
- SolarWinds Orion vulnerability being actively exploited - updated advisory (CERT NZ)
- NCSC statement on FireEye incident (NCSC.GOV.UK)
- Software supply chain attacks – everything you need to know (The Daily Swig)
- Emergency directive: Global governments issue alert after FireEye hack is linked to SolarWinds supply chain attack (The Daily Swig)
- New cyber panel chair zeros in on election security, SolarWinds hack (hill)
- MAR-10318845-1.v1 - SUNBURST (CISA)
- SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover (tpost)
- Senators: U.S. response to huge SolarWinds hack has been 'disjointed and disorganized'
- Tips to harden Active Directory against SolarWinds-type attacks (CSO Online)
- Securing Active Directory: Performing an Active Directory Security Review
- CyberArk Virtual Event - (The Anatomy of the SolarWinds Attack)
- White House Names SolarWinds Response Leader Amid Criticism (SecurityWeek.Com)
- The Next Cyberattack Is Already Under Way (The New Yorker)
- This is How They Tell Me the World Ends
- Microsoft: Office 365 Was Not SolarWinds Initial Attack Vector
- Symantec Enterprise Podcasts
- Hackers had access to SolarWinds email system for months: report (hill)
- ‘Severe’ SolarWinds Vulnerabilities Allow Hackers To Take Over Servers
- Nearly One (Third of Attack Targets Weren’t Running SolarWinds)
- SolarWinds attack is not an outlier, but a moment of reckoning for security industry, says Microsoft exec (ZDNet)
- US payroll agency targeted by Chinese hackers: report (hill)
- SolarWinds CEO: “SolarWinds Orion Development Program was Exploited by the Hackers” - E Hacking News (Latest Hacker News and IT Security News)
- Takeaways for Microsoft cloud customers and partners after the SolarWinds breach (MSCloudNews)
- We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext' (Register)
- SolarWinds Corporation 8 (K SEC Filing)
- Cybersecurity giant FireEye says it was hacked by govt-backed spies who stole its crown (jewels hacking tools • The Register)
- Here's How SolarWinds Hackers Stayed Undetected for Long Enough
- CISA, SolarWinds up interest in security scoring (scmedia)
- Microsoft warns of increasing OAuth Office 365 phishing attacks
- CISA Warns of New Malware Threat to Vulnerable SolarWinds Orion Tech
- VirusTotal
- Tech Tent - Hackers breach US government (BBC Sounds)
- Microsoft downplays threat after admitting SolarWinds attackers accessed source code (The Daily Swig)
- Multiple new flaws uncovered in SolarWinds software just weeks after high-profile supply chain attack (The Daily Swig)
- Microsoft falls prey to SolarWinds supply chain cyber-attacks (The Daily Swig)
- Incoming Biden administration looks to shake up US cybersecurity policy (The Daily Swig)
- SANS Institute (Newsletters - NewsBites)
- Who is behind APT29? What we know about this nation-state cybercrime group (The Daily Swig)
- Swap SolarWinds Orion for Intact Scorpio NOW
- SolarWinds Alternative (OpManager VS SolarWinds NPM - ManageEngine)
- SolarWinds Alternative - Get Modern Monitoring (Zenoss)
- Top SolarWinds Competitors and Alternatives - Gartner 2021 (IT Infrastructure Monitoring Tools)
- SolarWinds Network Performance Monitor Alternatives & Competitors (G2)
- List of Best SolarWinds NPM Alternatives & Competitors 2021
- SolarWinds Alternatives (MetricFire Blog)
- Best SolarWinds Orion Platform Alternatives & Competitors
- SolarWinds Alternative (OpManager VS SolarWinds NPM - ManageEngine)
- SolarWinds NPM Competitors and Alternatives (IT Central Station)
- SolarWinds Alternative (Compare Site24x7 vs SolarWinds)
- SolarWinds Server & Application Monitor Alternatives and Similar Software (AlternativeTo)
- Top 15 SolarWinds Alternatives & Similar Tools (eBool)
- Nagios XI (Your Solarwinds Alternative Network Monitoring Solution)
- A Better Monitoring Alternative (LogicMonitor)
- Network Monitoring | NMIS (Opmantek)
- RMM Software - Atera - RMM software (PSA & Remote Access for MSPs)
- SolarWinds Network Performance Monitor Alternatives, Competitors & Similar Software (GetApp®)
- Fed up with Solarwinds, open source options? : sysadmin
- Nagios Alternatives - Nagios Replacement for Monitoring (SolarWinds)
- SolarWinds Alternatives (Guide Top 9 SolarWinds Alternatives)
- Open Source SolarWinds Server & Application Monitor Alternatives (AlternativeTo)
- Solarwinds alternative: a comparison in depth between Solarwinds and Pandora FMS
- SolarWinds Alternative (Alternatives to SolarWinds for Network and Server)
- SolarWinds Alternative - Get Modern Monitoring (Zenoss)
- 50 Best SolarWinds Alternatives & Competitors in 2021
- What are some alternatives to Solarwinds? (StackShare)
- Unryo (Performance Monitoring & Observability)
- Top SolarWinds Competitors and Alternatives (Craft.co)
- 20 best alternatives to SolarWinds Log & Event Manager as of 2021 (Slant)
- 50 Best SolarWinds Alternatives & Competitors in 2021
- Nagios Alternatives: Best Commercial & Open Source of 2021
- Best SolarWinds RMM Alternatives 2021 (Capterra)
Date 2021-02-11
- SolarWinds chases multiple leads in breach investigation
- Supply chain security is actually worse than we think (ZDNet)
Date 2021-02-10
- FireEye stock falls as analysts debate effects of massive SolarWinds hack (MarketWatch)
- More SolarWinds News (secblvd)
- After SolarWinds Attack, Courts Revert to Paper for Secrets
- Senate Select Committee on Intelligence letter to DNI
- Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender (MS Security)
- Protecting Microsoft 365 from on-premises attacks (Microsoft Tech Community)
- cyber.dhs.gov - Emergency Directive 21 (01)
- Fourth malware strain discovered in SolarWinds incident (ZDNet)
- Alex Stamos Attributes SolarWinds Hack To Russian Intel Service
- Feds: SolarWinds Breach Is Likely Russian Intel Gathering Effort
- Most Tools Failed to Detect the SolarWinds Malware. Those That Did Failed Too (CoFR)
- SolarWinds Hackers Cast a Wide Net (BankInfoSecurity)
- Microsoft Releases New Info on SolarWinds Attack Chain
- SolarWinds Attack Underscores 'New Dimension' in ...
- Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop (MS Security)
- Google Cloud: We do use some SolarWinds, but we weren't affected by mega hack (ZDNet)
- After SolarWinds, the U.S. can trust no one (Fortune)
- President Biden Orders SolarWinds Intelligence Assessment
- SolarWinds Hack: Is NSA Doing the Same to Russia?
- Mimecast breach investigators probe possible SolarWinds connection (CyberScoop)
Date 2021-02-09
- Hacking victim SolarWinds hires ex-Homeland Security official Krebs as consultant (Reuters)
- Hackers Lurked in SolarWinds Email System for at Least 9 Months, CEO Says (WSJ)
- SolarWinds Hack Breached Justice Department System (WSJ)
- Microsoft Hacked in Russia-Linked SolarWinds Cyberattack (WSJ)
- Azure-Sentinel/ADFSDomainTrustMods.yaml at master · Azure/Azure (Sentinel · GitHub)
- DOJ says it was hit by SolarWinds hackers - (FCW)
- Using Microsoft 365 Defender to protect against Solorigate (MS Security)
- Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments (CISA)
- SolarWinds CEO Confirms Office 365 Email ‘Compromise’ Played Role In Broad (Based Attack)
- Findings From Our Ongoing Investigations (Orange Matter)
- Continuing Our Journey to Becoming Secure by Design (Orange Matter)
- SolarWinds security to-do list post hack (Utility Dive)
- SolarWinds fallout could last for years, as power industry secures vulnerable equipment: Dragos CEO (Utility Dive)
- A Key Step in Preventing a Future SolarWinds (Just Security)
- CISA discovers token abuse around SolarWinds hack, calls for full rebuild of affected networks (scmedia)
- Cloud Security: A Primer for Policymakers (Carnegie Endowment for International Peace)
- SolarWinds Fallout: Practices to strengthen data protection - (GCN)
- The Right Response to SolarWinds (CoFR)
- More exploitable flaws found in SolarWinds software, says cybersecurity firm
- SolarWinds Recovery May Require Extreme Actions
- SOLARWINDS UPDATE
- Second SolarWinds Attack Group Breaks into USDA Payroll — Report (tpost)
- SolarWinds Malware Arsenal Widens with Raindrop (tpost)
- Microsoft: This is how the sneaky SolarWinds hackers hid their onward attacks for so long (ZDNet)
- Third malware strain discovered in SolarWinds supply chain attack (ZDNet)
- SolarWinds: How a Rare DGA Helped Attacker Communications Fly Under the Radar (Symantec Blogs)
- Multiple new SolarWinds vulnerabilities have been uncovered (TechRadar)
- Microsoft: Office 365 Was Not SolarWinds Initial Attack Vector
Date 2021-02-07
- Kevin Mandia: Discovering SolarWinds Hack ‘Validates Our Intelligence and Expertise’
- Mimecast To Lay Off 80 Workers Weeks After Disclosing Hack
- Mimecast Breach Linked To SolarWinds Hack, Allowed Cloud Services Access
- Hackers Compromise Mimecast Certificate For Microsoft Authentication
- Chinese Hackers Exploit SolarWinds To Steal Federal Payroll Info: Report
- Mimecast Certificate Hacked in Supply-Chain Attack (tpost)
- Feds: SolarWinds Attack ‘Poses a Grave Risk’ To Government, Business
- SolarWinds Hack ‘One Of The Worst In The Last Decade’: Analyst
- Fidelis Targeted By SolarWinds Hackers After Installing Orion
- 5 Security Vendors That Have Reported Cyberattacks Since December
- 5 Things To Know About The Mimecast Hack And Stock Drop
- Email Security Firm Mimecast Says Hackers Hijacked Its Products to Spy on Customers | Technology News (US News)
- SolarWinds Hackers Access Malwarebytes’ Office 365 Emails
Date 2021-02-05
- 3 New Severe Security Vulnerabilities Found In SolarWinds Software
- Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities (Trustwave)
- Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say (WSJ)
- SolarWinds hackers accessed Microsoft source code, the company says
- Hacking ‘Likely’ Came From Russia, US Says (nyt)
- More SolarWinds News (Schneier)
- Another SolarWinds Orion Hack (Schneier)
- How to Get Rich Sabotaging Nuclear Weapons Facilities (BIG by Matt Stoller)
- More on the SolarWinds Breach (Schneier)
- Russia’s SolarWinds Attack (Schneier)
- The U.S. government spent billions on a system for detecting hacks. The Russians outsmarted it. (wapo)
- Agencies Need to Improve Implementation of Federal Approach to Securing Systems and Protecting against Intrusions
- Russia’s SolarWinds Attack and Software Security (Schneier)
- How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication (Schneier)
- Injecting a Backdoor into SolarWinds Orion (Schneier)
- NSA on Authentication Hacks (Related to SolarWinds Breach) (Schneier)
- Quick Thoughts on the Russia Hack (Lawfare)
- Essays: The Solarwinds Hack Is Stunning. Here’s What Should Be Done (Schneier)
- Cyberattack Hit Key US Treasury Systems: Senator (SecurityWeek.Com)
- Hacked Networks Will Need to be Burned 'Down to the Ground' (SecurityWeek.Com)
- Continuous Updates: Everything You Need to Know About the SolarWinds Attack (SecurityWeek.Com)
- Supply Chain Attack: CISA Warns of New Initial Attack Vectors Posing 'Grave Risk' (SecurityWeek.Com)
- Sunburst: Supply Chain Attack Targets SolarWinds Users (Symantec Blogs)
- SolarWinds Removes Customer List From Site as It Releases Second Hotfix (SecurityWeek.Com)
- CISA Says Many Victims of SolarWinds Hackers Had No Direct Link to SolarWinds (SecurityWeek.Com)
- Cisco Event Response: SolarWinds Orion Platform Software Attack
- Cisco Talos Intelligence Group (Comprehensive Threat Intelligence: Threat Advisory: SolarWinds supply chain attack)
- Cisco Talos Intelligence Group (Comprehensive Threat Intelligence: FireEye Breach Detection Guidance)
- VMware Issues Statement on SolarWinds Supply Chain Compromise and CVE 2020 (4006)
- VMware Issues Updated Statement on SolarWinds Supply Chain Compromise and CVE 2020 (4006)
- An Update on SolarWinds (JetBrains Blog)
- January 8th Update on SolarWinds (JetBrains Blog)
- Opinion: The SolarWinds hack is stunning. Here's what should be done (CNN)
Date 2021-02-04
- President Biden Announces American Rescue Plan (The White House)
- in-toto: Providing farm-to (table guarantees for bits and bytes)
- Commit Virtual 2020: How to Build a Compromise Resilient CI/CD (YouTube)
- Secure Publication of Datadog Agent Integrations With TUF and In-Toto (Datadog)
- Q:CYBER spots lateral movement as used in the SolarWinds (Sunburst) calamity | State (insidenova.com)
- US govt, FireEye breached after SolarWinds supply (chain attack)
- SEC filings: SolarWinds says 18,000 customers were impacted by recent hack (ZDNet)
- What We Know (And Don’t) About The SolarWinds Orion Hack So Far
- SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security (YouTube)
- Federal Agencies, Think Tank Targeted in Russian Hacking Spree
- Suspected Russia SolarWinds Hack Exposed After FireEye Cybersecurity Firm Found 'Backdoor'
- Unauthorized Access of FireEye Red Team Tools (fireeye)
- Text - S.592 - 116th Congress (2019-2020): Cybersecurity Disclosure Act of 2019 | Congress.gov (Library of Congress)
- SolarWinds Exposed GitHub Repository Publicly since 2018
- CJ03 Solar Flare Pulling apart SolarWinds ORION Rob Fuller (YouTube)
- SolarWinds, GitHub Leaks and Securing the Software Supply Chain (BluBracket)
- red_team_tool_countermeasures/CVEs_red_team_tools.md at master · fireeye/red_team_tool_countermeasures (GitHub)
- SolarWinds releases updated advisory for new SUPERNOVA malware
- Suspected Russian hackers used Microsoft vendors to breach customers (Reuters)
- FireEye and SolarWinds Cyber Attack Information for Exabeam Customers and Partners
Date 2021-02-03
- The U.S. Spent $2.2 Million on a Cybersecurity System That Wasn’t Implemented — and Might Have Stopped a Major Hack — ProPublica
- Federal Acquisition Supply Chain Security Act
- New, free tool adds layer of security for the software supply chain
- Trump Contradicts Pompeo Over Russia’s Role in Hack (nyt)
- DHS, DOJ And DOD Are All Customers Of SolarWinds Orion, The Source Of The Huge US Government Hack
Date 2021-02-02
- Russian hack brings changes, uncertainty to US court system
- SolarWinds Hack Prompts Congress to Put NSA in Encryption Hot Seat (tpost)
Date 2021-01-30
- U.S. Cyber Firm FireEye Says It Was Breached by Nation-State Hackers (WSJ)
- Suspected Russian Hack Said to Have Gone Undetected for Months (WSJ)
- Hack of Federal Agencies Shows Cyber Dangers to Supply Chains (WSJ)
- U.S. Agencies Hacked in Foreign Cyber Espionage Campaign Linked to Russia (WSJ)
- Suspected Russian Cyberattack Began With Ubiquitous Software Company (WSJ)
- SolarWinds Hackers’ Attack on Email Security Company Raises New Red Flags (WSJ)
- SolarWinds Hack Hit Office Home to Top Treasury Department Officials (WSJ)
- Pompeo Blames Russia for Hack as Trump Casts Doubt on Widespread Conclusion (WSJ)
- White House National Security Adviser O’Brien Cuts Trip Short to Address SolarWinds Hack (WSJ)
- SolarWinds Discloses Earlier Evidence of Hack (WSJ)
- I'm in your cloud, reading everyone's emails (hacking Azure AD via Active Directory)
Date 2021-01-28
- Four security vendors disclose SolarWinds-related incidents (ZDNet)
- Important Security Update (Mimecast Blog)
- SolarWinds Hacks: Virginia Regulator And $5 Billion Cybersecurity Firm Confirmed As Targets
- Ongoing Analysis of SolarWinds Impacts (Fidelis Cybersecurity)
- Twenty-three SUNBURST Targets Identified (NETRESEC Blog)
- Partial lists of organizations infected with Sunburst malware released online (ZDNet)
- Adam Orton on Twitter: "@mikko @netresec @craiu Does "this was a lab machine" not pass anyone elses sniff test? Or just me?" / Twitter
Date 2021-01-26
- Hackers exploit U.S. Agency Supply Chain (IT Security Guru)
Date 2021-01-24
- Russian Hacking Targeted Treasury Department’s Senior Leaders (nyt)
- Global Intrusion Campaign Leverages Software Supply Chain Compromise (fireeye)
Date 2021-01-23
- Biden Orders Sweeping Assessment of Russian Hacking, Even While Renewing Nuclear Treaty (nyt)
Date 2021-01-22
- OODA Loop - If SolarWinds Is a Wake (Up Call, Who’s Really Listening?)
- Biden administration to seek five-year extension on key nuclear arms treaty in first foray with Russia (wapo)
- 99 Problems but Two-Factor Ain’t One (fireeye)
- U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise — Krebs on Security
- Microsoft says it found malicious software in its systems (CNA)
Date 2021-01-21
- Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments - Malwarebytes Labs (Malwarebytes Labs)
- Malwarebytes says SolarWinds hackers accessed its internal emails
- Russian hack’s sophistication impresses even the experts (wapo)
- Microsoft warns UK companies were targeted by SolarWinds hackers
- Group Behind SolarWinds Hack Bypassed MFA to Access Emails at US Think Tank (SecurityWeek.Com)
- Russian hackers compromised Microsoft cloud customers through third party, putting emails and other data at risk
- Russians Are Believed to Have Used Microsoft Resellers in Cyberattacks (nyt)
- Microsoft, FireEye confirm SolarWinds supply chain attack (ZDNet)
- Sunburst Trojan (What You Need to Know)
- VMware Falls on Report Its Software Led to SolarWinds Breach (Bloomberg)
- CISA orders agencies to quickly patch critical Netlogon bug (CyberScoop)
- REFILE-EXCLUSIVE-U.S. Treasury breached by hackers backed by foreign government - sources (Reuters)
- How Russia’s ‘Info Warrior’ Hackers Let Kremlin Play Geopolitics on the Cheap (WSJ)
- Opinion (I Was the Homeland Security Adviser to Trump. We’re Being Hacked. - The New York Times)
- U.S. Agencies Exposed in Attack by Suspected Russian Hackers (Bloomberg)
- Cyber attack may be ‘worst in the history of America’ (LV Jrnl)
- US under major active cyberattack from Russia, Trump’s former security adviser warns (The Independent)
- What we know – and still don’t – about the worst-ever US government cyber-attack | Hacking (Guardian)
- SolarWinds Hack: U.K. Government, NATO Join U.S. in Monitoring Risk (Bloomberg)
- At Least 200 Victims Identified in Suspected Russian Hacking (Bloomberg)
- Cyberattack on U.S. Treasury by foreign government
- Russian government (backed hackers breached the U.S. Treasury)
- Treasury, Commerce, Others Hacked by Russian Government Spies, Report (Rolling Stone)
- SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm
Date 2021-01-20
- Scope of Russian Hacking Becomes Clear: Multiple U.S. Agencies Were Hit (nyt)
- U.S. Homeland Security, thousands of businesses scramble after suspected Russian hack (Reuters)
- SolarWinds Likely Hacked at Least One Year Before Breach Discovery (SecurityWeek.Com)
- Suspected Russian hackers spied on U.S. Treasury emails - sources (Reuters)
- How bad is the hack that targeted US agencies
- Raindrop: New Malware Discovered in SolarWinds Investigation (Symantec Blogs)
- Malwarebytes said it was hacked by the same group who breached SolarWinds (ZDNet)
- Finding Targeted SUNBURST Victims with pDNS (NETRESEC Blog)
- Extracting Security Products from SUNBURST DNS Beacons (NETRESEC Blog)
- Reassembling Victim Domain Fragments from SUNBURST DNS (NETRESEC Blog)
- The aftermath of the SolarWinds breach: Organizations need to be more vigilant (TechRepublic)
- A New SolarWinds Malware Strain Is Discovered
- Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack
- Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (fireeye)
- Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
- GitHub - fireeye/Mandiant-Azure-AD (Investigator)
- How to create a backdoor to Azure AD (part 1: Identity federation)
- SUNBURST Additional Technical Details (fireeye)
- UNC2452: What We Know So Far
- From the Solarwinds supply chain attack (Golden Chain Bear) to see the covert operations in APT operations
- Responding to the SolarWinds Breach: Detect, Prevent, and Remediate the Dark Halo Supply Chain Attack (Volexity)
- SolarWinds (Understanding & Detecting the SUPERNOVA Webshell Trojan - SentinelLabs)
- SolarWinds SUNBURST Backdoor: Inside the APT Campaign (SentinelLabs)
Date 2021-01-19
- SolarWinds hack: US officials scramble to deal with suspected Russian hack of government agencies (CNNPolitics)
- SolarWinds malware was sneaked out of the firm's Orion build environment 6 months before anyone realised it was there (report • The Register)
- Hackers Tied to Russia Hit Nuclear Agency; Microsoft Is Exposed (Bloomberg)
- SolarWinds attack explained: And why it was so hard to detect (CSO Online)
- Cyber ‘Deterrence’: A Brexit Analogy (Lawfare)
Date 2021-01-18
- Cybersecurity Stocks that Lagged in 2020 Could Get Boost from SolarWinds Hack (RealMoney)
- SolarWinds CEO: Attack Was ‘One Of The Most Complex And Sophisticated’ In History
- SolarWinds Fights Back With Chris Krebs, Alex Stamos Hires
- SolarWinds Hackers Compromise Confidential Court Filings
- SolarWinds Deadline Alert
- SolarWinds Update
- Some UW Campuses That Contract With SolarWinds IT Provider Exploited In National Cyberattack (Wisconsin Public Radio)
- Understanding third-party hacks in the aftermath of the SolarWinds breach (Help Net Security)
- American Public Reticent to Retaliate Against SolarWinds Hack (The National Interest)
- SolarWinds Close to Figuring Out How Cyberattack Occurred
- Cyber Threat Intel Analysis and Expansion of SolarWinds Identified IoCs
- SolarWinds Cyber-Attack Has Significant Implications for Developers and Contractors (Robinson+Cole Data Privacy + Security Insider - JDSupra)
- SolarWinds Says It’s Closer to Finding Source of Cyberattack
- SolarWinds hack: Who’s to blame? It’s complicated. (TechBeacon)
- Austin's SolarWinds closer to understanding source of massive breach
- SolarWinds Hack Lessons Learned: Finding the Next ...
- SolarWinds CEO: Company Might Not Be the Only Compromise (My TechDecisions)
- SWI INVESTOR FRAUD LAWSUIT: Hagens Berman Alerts SolarWinds (SWI) Investors to Securities Fraud Lawsuit and Encourages Investors with Losses to Contact Firm Now
- SolarWinds fallout makes secure communications a critical first line of defense - (FCW)
- What the SolarWinds hack really tells us (TechBeacon)
- SOLARWINDS INVESTORS: March 5, 2021 Filing Deadline in Shareholder Class Action – Contact Lieff Cabraser (bizwire)
- SolarWinds Supply Chain Hack: Investigation Update
- The Cybersecurity 202: Sen. Mark Warner plans breach-notification debate in wake of SolarWinds hack (wapo)
- From the Bronze Soldier to Solarwinds, tracking unfettered Kremlin disruption across 15 years (Great Power)
- Autocracy ascends the cracks of democracy (Great Power)
- Hackers last year conducted a 'dry run' of SolarWinds breach
- SolarWinds Hack Lessons Learned: Finding the Next ...
- SolarWinds hackers linked to known Russian spying tools, investigators say (Reuters)
- The Devil’s in the Details: SUNBURST Attribution
- Exclusive: FBI probes Russian-linked postcard sent to FireEye CEO after cybersecurity firm uncovered hack - sources (Reuters)
- Meet The Super Rich Czech Tech Company — And Its Russian CEO —Denying Links To The Huge SolarWinds Hack
- SolarWinds Hack: Cisco And Equifax Amongst Corporate Giants Finding Malware... But No Sign Of Russian Spies
- Email security firm Mimecast says hackers hijacked its products to spy on customers (Reuters)
- Disturbing trend: Recent nation state attacks (Cybersecurity Tech Accord)
- SolarWinds Hack Forces Reckoning With Supply-Chain Security (WSJ)
- SolarWinds hackers linked to known Russian spying tools, investigators say (Reuters)
- SolarWinds Breach Used to Infiltrate Customer Networks (Solarigate)
- GitHub (fireeye/sunburst_countermeasures)
- Sunburst Malware Optics Rules
- FireEye Malware Optics Rules
- Password Guessing Used as a Weapon by SolarWinds Hackers to Breach Targets - E Hacking News (Latest Hacker News and IT Security News)
- Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes (tpost)
- The Cybersecurity 202: NSA cyber chief Anne Neuberger is heading to the Biden White House (wapo)
- Third malware strain discovered in SolarWinds supply chain attack (ZDNet)
- Kaspersky experts connect SolarWinds attack with Kazuar backdoor
- SolarWinds Take Control Alternative (Splashtop SOS)
- New SolarWinds CEO sets out rescue plan
- Russia's SolarWinds Hack Is the Big One (BoonWorks)
- A closer look at the SolarWinds hack (Cyprus Mail)
- Published (Zero Day Initiative)
- Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor
- More federal victims of SolarWinds hacking likely to come forward, CISA chief says
- Lessons from the SolarWinds Hack: Robust Cybersecurity Requires Leadership (Toka)
- Researchers Find Links Between Sunburst and Russian Kazuar Malware
- Golden SAML Revisited: The Solorigate Connection (secblvd)
- IOTW: As The SolarWinds Hack Investigation Continues, New Insights Reveal A New Suspect (Cyber Security Hub)
- All about the suspected Russian cyberattack that Microsoft has called ‘moment of reckoning’
Date 2021-01-16
- Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender (MS Security)
- Google’s approach to secure software development and supply chain risk management (Google Cloud Blog)
Date 2021-01-15
- Robust Indicators of Compromise for SUNBURST (NETRESEC Blog)
- SolarWinds Says It Has Found Source of Massive Cyberattack (TheStreet)
- Sunspot malware scoured servers for SolarWinds builds to trojanize them
- Top SolarWinds risk assessment resources for Microsoft 365 and Azure (CSO Online)
- Create a Log Analytics workspace in the Azure portal - Azure Monitor (Microsoft Docs)
- SolarLeaks site claims to sell data stolen in SolarWinds attacks
- FireEye reveals that it was hacked by a nation state APT group
- Hackers Didn’t Only Use SolarWinds to Break In, Says CISA (secblvd)
- CISA: Hackers access to federal networks without SolarWinds - (FCW)
- CISA: SolarWinds hackers also used password guessing to breach targets (ZDNet)
- On the SolarWinds Hack or When Total Information Awareness is the Chainsaw Which Gently Buggers You Sidewise (An F... Again...)
- The SolarWinds Investigation Ramps Up (WIRED)
- Industry urges agencies to accelerate zero trust adoption after SolarWinds hack (FedScoop)
- The Hack Roundup: SolarWinds Shares Details on How Attackers Inserted Backdoor (Nextgov)
- Sunburst backdoor – code overlaps with Kazuar (Securelist)
- Sunburst: connecting the dots in the DNS requests (Securelist)
- How we protect our users against the Sunburst backdoor (Securelist)
- Cybersecurity firm identifies third SolarWinds hack malware strain (FoxBiz)
- The SolarWinds Hack Was Huge. JPMorgan Is Defending the Stock. (Barron's)
- SolarWinds Hack Followed Years of Warnings of Weak Cybersecurity (Bloomberg)
- DoJ confirms email accounts breached by SolarWinds hackers | Hacking (Guardian)
- Mimecast compromised by a threat actor | 2021-01-13 (Security Magazine)
- Mimecast: Hackers Compromised A Digital Certificate (My TechDecisions)
- SolarWinds Attackers May Have Hit Mimecast, Driving ...
- Miscreants Manipulate Mimecast Certificate -> Microsoft 365 Exchange Web Services: Welcome To The Pew Pew (secblvd)
- Email security firm Mimecast says hackers hijacked its products to spy on customers (Reuters)
- Mimecast shares tumble as company reports cyberthreat to some customers (Boston Business Journal)
- Mimecast Says Hackers Compromised Digital Certificate
- Mimecast Says Attackers Stole Certificate, Targeted Customers' Email (Decipher)
- Important Update from Mimecast (Mimecast Blog)
- Hackers hijacked email security firm Mimecast to spy on customers (VentureBeat)
- SolarWinds' dominance became a liability in sprawling spy campaign (VentureBeat)
- Hackers abusing Mimecast certs to target Microsoft 365 users
- Mimecast Cert Compromised to Target Inboxes in “Sophisticated” Attack (Infosecurity Magazine)
- Mimecast hit by “sophisticated threat actor”
- SolarWinds Hackers' Attack on Email Security Company Raises New Red Flags (MarketScreener)
- SolarWinds defense: How to stop similar attacks (ZDNet)
- SolarWinds Hack Could Cost Cyber Insurance Firms $90 Million
- The SolarWinds Breach: Why Your Work Computers Are Down Today (Lawfare)
- CORRECTING and REPLACING Intact Technology, Inc. Develops an Alternative Solution to SolarWinds Orion (bizwire)
- SolarWinds Cyber (Attack Affects Developers and Contractors)
- Microsoft’s Smith Talks ‘WarGames,’ SolarWinds Hack at CES (SDxCentral)
- FireEye not ready to ascribe SolarWinds hack to Russia - (FCW)
- Sunburst Malware Information (FireEye)
- SolarWinds aftermath continues with SolarLeaks (secblvd)
- SolarWinds aftermath continues with SolarLeaks (Blueliv)
- SolarWinds: Between The Clouds (secblvd)
- Microsoft President Brad Smith: SolarWinds Attack Violated ‘Norms And Rules’ Of Government Activities
- SolarWinds roundup: Fixes, new bad actors, and what the company knew (Network World)
- The Colorado Division of Securities alerts securities firms to be aware of any impact of SolarWinds hack (WesternSlopeNow.com)
- Advanced Persistent Threat Actors Leverage SolarWinds Vulnerabilities
- Evanina: Number of known SolarWinds victims 'will continue to grow' - (FCW)
- Cybersecurity Pioneer Cyemptive Technologies Cautions Entities About the Depth and Breadth of the Recent SolarWinds Cyber Incident; Provides First Reliable Solution to Address Such Invasive Attacks (bizwire)
- SWI INVESTORS ACT FAST: Hagens Berman Alerts SolarWinds (SWI) Investors to Securities Fraud Lawsuit and Encourages Investors with Losses to Contact Firm Now
- Expect more SolarWinds victims, national security official says - (GCN)
- SOLARWINDS INVESTOR ALERT: Class Action Lawsuit Filed
- ROSEN, RESPECTED INVESTOR COUNSEL, Reminds SolarWinds Corporation Investors of Important March 5 Deadline in First Filed Securities Class Action Commenced by the Firm; Encourages Investors with Losses in Excess of $100K to Contact the Firm (SWI)
- SHAREHOLDER ALERT: WeissLaw LLP Investigates SolarWinds Corporation
- Cyberespionage campaign hits Colombia. New malware found in the SolarWinds incident. Mimecast certificates compromised. Ubiquiti tells users to reset passwords. Two wins for the good guys.
- Brazen SolarWinds Hackers Offer Alleged Windows 10 Source Code For $600,000 (HotHardware)
Date 2021-01-13
- solarleaks
- SolarWinds: What Hit Us Could Hit Others — Krebs on Security
Date 2021-01-12
- SUNSPOT Malware: A Technical Analysis (CrowdStrike)
- New Findings From Our Investigation of SUNBURST (Orange Matter)
- Our Plan for a Safer SolarWinds and Customer Community (Orange Matter)
- Suspected Russian hackers used Microsoft vendors to breach customers (Reuters)
- Why Solarwinds Hack didn't succeed for Comodo Customers? Post
- SolarWinds Hit With Class (Action Lawsuit Following ...)
- Bucking Trump, NSA and FBI say Russia was “likely” behind SolarWinds hack (ars)
Date 2021-01-11
- CEO Refutes Reports of Involvement in SolarWinds Campaign (Infosecurity Magazine)
- How to Understand and Defend Against SolarWinds (Type Attacks)
Date 2021-01-10
- A Golden SAML Journey: SolarWinds Continued (Splunk)
Date 2021-01-09
- Krebs Stamos Group
- SolarWinds Hires Chris Krebs and Alex Stamos for ...
Date 2021-01-08
- GitHub (cisagov/Sparrow: Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.)
- Implications of Russian Hacking of SolarWinds
- CISA: SolarWinds Hackers Got Into Networks by Guessing Passwords (Nextgov)
- Agencies Need to Improve Implementation of Federal Approach to Securing Systems and Protecting against Intrusions
- NSA Warns That Russian Hackers Are Targeting Virtual Workspaces (Nextgov)
- SolarWinds Government Data Breach Leads to Securities Action (Lexology)
- Hackers used SolarWinds' dominance against it in sprawling spy campaign (Reuters)
- Faulty enterprise software, like SolarWinds, $2 trillion problem (BI)
- SolarWinds to pay former CEO US$312K to assist with investigations - Software (CRN Australia)
- The SolarWinds Hack
- Life After the SolarWinds Supply Chain Attack
- Protect Against Supply Chain Cyber Attacks (SecureLink eBook)
- Advisory for SolarWinds Orion Vulnerabilities (secblvd)
- Third-Party Risk Management (TPRM) Best Practices (View Webinar)
- How to prepare for and respond to a SolarWinds-type attack (CSO Online)
- SolarWinds Sued Over Russian Hack (SDxCentral)
- Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach (GeekWire)
- SWI INVESTOR FRAUD LAWSUIT FILED: Hagens Berman Encourages SolarWinds (SWI) Investors with Losses to Contact Firm Now
- SolarWinds Orion: Fixes Aim to Block Sunburst and Supernova
- SolarWinds breach could reshape cybersecurity practices
- Microsoft: A 2nd Group May Have Also Breached SolarWinds
- Canada Pension Plan Investment Board’s purchase of SolarWinds stock likely to fall under scrutiny (wapo)
- SHAREHOLDER ALERT: Block & Leviton LLP Investigating SolarWinds Corp. and Pluralsight, Inc. for Possible Breaches of Fiduciary Duty; Shareholders Should Contact the Firm
- SolarWinds Hack, Ransomware, Regulations Figure Prominently as Virtual Cybersecurity Summits Resume in 2021
- HAGENS BERMAN, NATIONAL TRIAL ATTORNEYS, Encourages SolarWinds (SWI) Investors with Losses to Contact Firm Now, Securities Fraud Lawsuit Filed
- SHAREHOLDER ALERT: SolarWinds Corp. Investigated for Possible Breaches of Fiduciary Duty After Insiders Sold $285 Million Worth of Company Stock; Investors Should Contact Block & Leviton LLP
- We Should Have Known SolarWinds Would Be a Target (CoFR)
- SolarWinds Breach is the Rule, Not an Exception (secblvd)
- Gossamer tool aims to defend open source projects against SolarWinds-style supply chain attacks (The Daily Swig)
- Gossamer: Supply Chain Security for Open (Source Software)
- CrowdStrike Fends Off Attack Attempted By SolarWinds Hackers
- EQUITY ALERT: Rosen Law Firm Files Securities Class Action Lawsuit Against SolarWinds Corporation – SWI (bizwire)
- Scott+Scott Attorneys at Law LLP Continues Investigating SolarWinds Corporation’s Directors and Officers for Breach of Fiduciary Duties (SWI)
- National cyber director role in the spotlight after SolarWinds hack
- Sealed U.S. Court Records Exposed in SolarWinds Breach — Krebs on Security
- Judiciary Addresses Cybersecurity Breach: Extra Safeguards to Protect Sensitive Court Records (US Courts)
- Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) (CISA)
- DoJ says SolarWinds hackers breached its Office 365 system and read email (ars)
- SOLARWINDS INVESTORS: ALERT BY FORMER LOUISIANA ATTORNEY GENERAL - Kahn Swick & Foti, LLC Reminds Investors of Lead Plaintiff Deadline in Class Action Lawsuit Against SolarWinds Corporation (SWI)
- SolarWinds Corporation (NYSE: SWI)
- After SolarWinds breach, where do we go from here? (FRN)
- The Trends At SolarWinds (NYSE:SWI) That You Should Know About (Simply Wall St News)
- The Cybersecurity 202: Riot in the Capitol is a nightmare scenario for cybersecurity professionals (wapo)
- SolarWinds hires former Trump cyber security chief Chris Krebs
- SolarWinds hires Chris Krebs, Alex Stamos to boost security in wake of suspected Russian hack
Date 2021-01-07
- Justice Department also hit by Russian hackers (wapo)
- Widely Used Software Company May Be Entry Point for Huge U.S. Hacking (nyt)
- FBI probe of major hack includes project-management software from JetBrains: sources (Reuters)
- Statement on the story from The New York Times regarding JetBrains and SolarWinds (JetBrains Blog)
- Biden Assails Trump Over Handling of Russia Hacking (nyt)
- SolarWinds hack officially blamed on Russia: What you need to know (CNET)
- Department of Justice Statement on Solarwinds Update | OPA (DOJ)
- SolarWinds Hit With Class (Action Lawsuit Alleging Securities Violations)
- CISA updates on SolarWinds compromise - (GCN)
- SolarWinds hack may be bigger than previously believed (SiliconANGLE)
Date 2021-01-06
- Bill That Trump Is Vowing to Veto Strengthens Hacking Defenses, Lawmakers Say (nyt)
- SolarWinds: The more we learn, the worse it looks (ZDNet)
- SolarWinds Breach ‘Much Worse’ Than Feared (SDxCentral)
- White House Removes Spokeswoman at Agency Responding to SolarWinds Hack (WSJ)
- Senators Press IRS for SolarWinds Hack Briefing (WSJ)
- Severe SolarWinds Hacking: 250 Organizations Affected?
- SolarWinds shareholder files class-action lawsuit alleging leadership 'misrepresented and failed to disclose' information about hack (FoxBiz)
- SolarWinds hack poses risk to cloud services' API keys and IAM identities
- The Grim Lessons of the SolarWinds Breach (reason)
- Latest on the SVR’s SolarWinds Hack (Schneier)
- Here's a simple explanation of the SolarWinds hack (BI)
- SolarWinds hack endangering cloud services’ API keys (DevOps Online)
- The threats arising from the massive SolarWinds hack (CBS News)
- Solar Winds Blow Hard (secblvd)
- SolarWinds hack may have been a global attack (TechRadar)
- As Understanding of Russian Hacking Grows, So Does Alarm (nyt)
- Researchers say cloud deployments of SolarWinds Orion could put API keys at risk (IT World Canada)
- Cloud infrastructure is not immune from the SolarWinds Orion breach (Ermetic)
- Fun with SolarWinds Orion Cryptography — Atredis Partners
- GitHub (mubix/solarflare: SolarWinds Orion Account Audit / Password Dumping Utility)
- SolarFlare Release: Password Dumper for SolarWinds Orion :: malicious.link — welcome
- Find cloud account credentials
- Infosec pros warned of second SolarWinds Orion vulnerability (IT World Canada News)
- After the FireEye and SolarWinds breaches, what’s your failsafe? (TechCrunch)
- The Cyberlaw Podcast: The Grim Lessons of the SolarWinds Breach (Lawfare)
- Dissecting The SolarWinds Hack For Greater Insights With A Cybersecurity Evangelist
- Class Action Complaint for Violation of the Federal Securities Laws
- SolarWinds, top executives hit with class action lawsuit over Orion software breach (scmedia)
- US issues advisory for agencies to update SolarWinds software (Express Computer)
- Reshaping Cyberspace: Beyond the Emerging Online Mercenaries and the Aftermath of SolarWinds
- Agencies scrambling to get a grip after SolarWinds hack (FRN)
- SolarWinds attack: CrowdStrike says no impact
- Learning from SolarWinds: Five steps to fortify your cloud supply chain | Article (Compliance Week)
- 'No evidence' IRS taxpayer information exposed by SolarWinds hack (FedScoop)
- HAGENS BERMAN, NATIONAL TRIAL ATTORNEYS, Investigating SolarWinds (SWI) Knowledge of Hack in Orion Products, Encourages SWI Investors with Losses to Contact Firm Now
- ALERT FOR SWI INVESTORS WITH LOSSES: Bernstein Liebhard is Investigating SolarWinds Corporation For Violations of the Securities Laws
- Cloud infrastructure is not immune from the SolarWinds Orion breach (secblvd)
- In wake of SolarWinds and Vietnam, more supply chain attacks expected 2021 (scmedia)
- Trump's reluctance to name Russia in SolarWinds hack will hamper recovery (Axios)
- Treasury Finds no Evidence of Tax Data Breach in SolarWinds Hack (MeriTalk)
- SolarWinds hack: Cybersecurity company calls for more transparency with what happened (KXAN Austin)
- VU#843464 (SolarWinds Orion API authentication bypass allows remote command execution)
- Federal Reserve Board (Agencies propose requirement for computer security incident notification)
Date 2021-01-05
- Bremer v. SolarWinds Corporation Et Al - Complaint | Sec Rule 10b 5 (Class Action)
- SolarWinds MSP Rebranding As N-able Amid Spin-Out Plan (ChannelE2E)
- This Week In Security: Deeper Dive Into SolarWinds, Bouncy Castle, And Docker Images (Hackaday)
Date 2021-01-01
- The Real Culprit Behind SolarWinds: Remote Code Execution
- Microsoft Internal Solorigate Investigation Update (Microsoft Security Response Center)
- Solorigate Resource Center – updated December 31st, 2020 (Microsoft Security Response Center)
Date 2020-12-31
- CISA updates SolarWinds guidance, tells US govt agencies to update right away (ZDNet)
- A second hacking group has targeted SolarWinds systems (ZDNet)
- CrowdStrike Launches Free Tool to Identify & Mitigate Risks in Azure Active Directory (CrowdStrike)
- Op (ed: What nobody else will say about the new cybersecurity crisis)
- How did SolarWinds' massive data breach go undetected for months? (YouTube)
- How hacked is hacked? Here’s a ‘hack scale’ to better understand the SolarWinds cyberattacks (GeekWire)
- SolarWinds SUNBRUST backdoor investigation using ShiftLeft’s Code Property Graph (secblvd)
- A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware
- A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says
- US Agencies and FireEye Were Hacked Using SolarWinds Software Backdoor
- New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor
- Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are (CyberScoop)
- Five Solution Providers Breached By SolarWinds Hackers: Researchers
- SolarWinds Hack Infected Critical Infrastructure
- Analysis: The Impact of SolarWinds Hack (BankInfoSecurity)
- SHAREHOLDER ALERT: Kaskela Law LLC Announces Investigation of SolarWinds Corp. (SWI) and Encourages SWI Stockholders to Contact the Firm
- Loptr CEO Discusses Solarwinds Breach and How to Stay Safe
- Coast Guard releases bulletin on SolarWinds hack (WorkBoat)
- The Law Offices of Frank R. Cruz Continues Its Investigation of SolarWinds Corporation (SWI) on Behalf of Investors (bizwire)
Date 2020-12-28
- Suspected Russian hackers used Microsoft vendors to breach customers (Reuters)
Date 2020-12-25
- Massive data breach may have been discovered due to 'unforced error' by suspected Russian hackers (CNNPolitics)
- Opinion (With Hacking, the United States Needs to Stop Playing the Victim - The New York Times)
- 40 Of Microsoft's Customers Impacted By SolarWinds Hack : NPR
- Alleged Russian Malware Hack Hit Local Governments In U.S., Officials Say : NPR
- Prevasio: Sunburst Backdoor, Part II: DGA & The List of Victims
- Prevasio: Sunburst Backdoor: A Deeper Look Into The SolarWinds' Supply Chain Malware
- Prevasio: Sunburst Backdoor, Part III: DGA & Security Software
- research/uniq (hostnames.txt at main · bambenek/research · GitHub)
- subdomain & #DGA domain names , #SolarWinds, attacked by #UNC2452 @0xrb (Pastebin.com)
- List of Known SolarWinds Breach Victims Grows, as Do Attack Vectors
- Russian State (Sponsored Actors Exploiting Vulnerability in VMware® Workspace ONE Access Using Compromised Credentials)
- VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address command injection vulnerability
- How the SolarWinds hackers are targeting cloud services in unprecedented cyberattack (GeekWire)
- SolarWinds Post-Compromise Hunting with Azure Sentinel (Microsoft Tech Community)
- Azure-Sentinel/SolarWindsPostCompromiseHunting.json at master · Azure/Azure (Sentinel · GitHub)
- Advice for incident responders on recovery from systemic identity compromises (MS Security)
- Azure AD workbook to help you assess Solorigate risk (Microsoft Tech Community)
- GitHub - Azure/Azure-Sentinel: Cloud (native SIEM for intelligent security analytics for your entire enterprise.)
- Azure-Sentinel/ProcessEntropy.yaml at master · Azure/Azure (Sentinel · GitHub)
- Azure-Sentinel/RareProcbyServiceAccount.yaml at master · Azure/Azure (Sentinel · GitHub)
- Azure-Sentinel/uncommon_processes.yaml at master · Azure/Azure (Sentinel · GitHub)
- Azure-Sentinel/FirstAppOrServicePrincipalCredential.yaml at master · Azure/Azure (Sentinel · GitHub)
- Azure-Sentinel/MailPermissionsAddedToApplication.yaml at master · Azure/Azure (Sentinel · GitHub)
Date 2020-12-24
- SolarWinds victims revealed after cracking the Sunburst malware DGA
- Embassy of Russia in the USA / Посольство России в США - Posts (Facebook)
- DHS, State and NIH join list of federal agencies — now five — hacked in major Russian cyberespionage campaign (wapo)
- SolarWinds hackers breach US nuclear weapons agency
- SolarWinds roundup: Fixes, new bad actors, and the company knew (Network World)
- How SolarWinds could’ve been prevented (FRN)
- Microsoft identifies more than 40 organizations targeted in massive cyber breach (CNNPolitics)
- Massive SolarWinds hack has big businesses on high alert (CNN)
- US cyber-attack: Cybersecurity agency warns suspected Russian hacking campaign broader than previously believed (CNNPolitics)
- SolarWinds hackers broke into U.S. cable firm and Arizona county, web records show (Reuters)
- US cyber-attack: Russia 'clearly' behind SolarWinds operation, says Pompeo (BBC News)
- Tech Tent: Hacking the heart of the US government (BBC News)
- SolarWinds Orion: More US government agencies hacked (BBC News)
- SolarWinds: UK assessing impact of hacking campaign (BBC News)
- Five Russian hacks that transformed US cyber-security (BBC News)
- US cyber-attack: US energy department confirms it was hit by Sunburst hack (BBC News)
- US Treasury and commerce department targeted in cyber-attack (BBC News)
- SolarWinds Campaign Focuses Attention on 'Golden ...
- Sygnia Advisory: Detection of Golden SAML attacks
- SolarWinds Compromise May Have Begun 5 Months Earlier Than Suspected
- CISA: SolarWinds Not the Only Initial Attack Vector ...
- Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps
- GitHub (cyberark/shimit: A tool that implements the Golden SAML attack)
- Industry Letter - December 18, 2020: Supply Chain Compromise Alert (Department of Financial Services)
- HPE: ‘No Evidence’ It Has Been ‘Impacted’ By SolarWinds (Based Attack)
- SolarWinds Deploys CrowdStrike To Secure Systems After Hack
- 10 Things To Know About The SolarWinds Breach And Its U.S. Government Impact
- Suspected Russian hackers spied on U.S. Treasury emails - sources (Reuters)
- Validating the SolarWinds N-central “Dumpster Diver” Vulnerability | by Kyle Hanslovan (Huntress)
- ConnectWise Control MSP Security Vulnerabilities Are ‘Severe:’ Bishop Fox
- US Calls On Federal Agencies To Power Down SolarWinds Orion Due To Security Breach
- Chairman Schiff Statement on FireEye Hack (Permanent Select Committee on Intelligence)
- Cisco Hacked Through SolarWinds As Tech Casualties Mount
- VMware Flaw Used To Hit Choice Targets In SolarWinds Hack: Report
- Microsoft’s Role In SolarWinds Breach Comes Under Scrutiny
- VMware Flaw a Vector in SolarWinds Breach? — Krebs on Security
- Anexinet Exec: Lack Of Monitoring In SolarWinds Hack Is ‘Scary’
- SolarWinds Orion hack: Why cybersecurity experts are worried (CNN)
- Lessons on Identity Security From Recent High (Profile Breaches)
- Catching Bloodhound Before it Bites (CrowdStrike)
- Bloodhound walkthrough. A Tool for Many Tradecrafts (Pen Test Partners)
- CNN.com (Transcripts)
- SolarWinds: What It Means & What’s Next
- Top Expert Backgrounder: Russia’s SolarWinds Operation and International Law
- SolarWinds incident should be a catalyst to rethink federal cybersecurity (FRN)
- SolarWinds said no other products were compromised in recent hack (ZDNet)
- Behavior:Win32/Solorigate.C!dha threat description (Microsoft Security Intelligence)
- Security Advisory (SolarWinds)
- Microsoft and industry partners seize key domain used in SolarWinds hack (ZDNet)
- Microsoft to quarantine SolarWinds apps linked to recent hack (ZDNet)
- solorigate_sample_source/OrionImprovementBusinessLayer.cs at main · Shadow0ps/solorigate_sample_source (GitHub)
- Kyle Hanslovan on Twitter: "Although their string obfuscation techniques were anything but special, their codebase and domains successfully evaded security scrutiny for nearly a year ¯_(ツ)_/¯. Here are screenshots of some CryptoHelper and ZipHelper cl
- Ensuring customers are protected from Solorigate (MS Security)
- The SolarWinds and US government breach is not a marketing opportunity (ZDNet)
- Everything we know about the Solarwinds Hack! (Updated!) (YouTube)
- Syxsense Confirms There is Zero SolarWinds® Orion® in its Environment and is Not a SolarWinds Customer
- SolarWinds Orion/SUNBURST – Armis Can See Impacted Devices & Attacks (secblvd)
- Kevin Mandia: 50 Firms ‘Genuinely Impacted’ By SolarWinds Attack
- Security Advisory FAQ (SolarWinds)
- 10 Things To Know About The SolarWinds Breach And Its U.S. Government Impact
- SolarWinds hack exploited weaknesses we continue to tolerate (FT)
- CISA updates emergency directive for SolarWinds Orion compromise | 2020-12-22 (Security Magazine)
- SolarWinds hack continues to spread: What you need to know (CNET)
- Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) (CISA)
- Alex Stamos on Twitter: "@VickerySec So far, all of the activity that has been publicly discussed has fallen into the boundaries of what the US does regularly and what we explicitly excluded from the Obama (Xi deal. If we are going to set new red lines, th)
- Alex Stamos on Twitter: "There is a long history of "trickle down" effects in cyber, where a technique honed by a major player becomes commonplace. China's 2000s APTs -> Iran/DPRK/teenagers in the 2010s. Stuxnet ->smart ransomware. If supply (chain a)
- Hack Suggests New Scope, Sophistication for Cyberattacks (WSJ)
- Joe Biden Blames Russia For Huge SolarWinds Hack (HuffPost)
- Experts say SolarWinds hack could impact Kern County businesses
- DOE confirms its systems were compromised by SolarWinds hack (Utility Dive)
- SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security (secblvd)
- The SolarWinds Compromise and the Strategic Challenge of the Information and Communications Technology Supply Chain (CoFR)
- SolarWinds MSP To Revoke Digital Certificates For Tools, Issue New Ones As Breach Fallout Continues
- Orion Platform - Scalable IT Monitoring (SolarWinds)
- The Strategic Implications of SolarWinds (Lawfare)
- CYBER CONFLICT DATASET
- More Hacking Attacks Found, Officials Warn of Risk to U.S. Government (nyt)
- SolarWinds Hack Throws Wrench In Private Equity’s Most Profitable Market
- CISA warns that SolarWinds software may not be only entry point in latest breaches - (GCN)
- The Solarwinds breach — What do CIOs need to do now?
- Datto Offers All MSPs Free Scanner To Find Signs Of FireEye, SolarWinds Hack
- Continue Clean (up of Compromised SolarWinds Software)
- The Facts and Mysteries About Russia’s Hack of the U.S.
- Qualys Researchers Identify 7+ Million Vulnerabilities Associated with SolarWinds/FireEye Breach by Analyzing Anonymized Vulnerabilities across Worldwide Customer Base (secblvd)
- The SolarWinds hack, and the danger of arrogance (scmedia)
- Was my workplace hit by SolarWinds hack? FAQ answers. (trib)
- DATA443 RELEASES STATEMENT ON FIREEYE AND SOLARWINDS HACK AND BREACH OTC Markets:ATDS
- SolarWinds Should Have Been More ‘Vigilant’: Palo Alto Networks CEO
- SolarWinds Scandal Calls Attention to Supply Chain Security
- FireEye, SolarWinds Breaches: Implications and Protections (eSecurityPlanet)
- SolarWinds Breach: An RSAC Interview with Dmitri Alperovitch About Who, How and Why (RSA)
- Senators Ask IRS Whether Taxpayer Data Hit in SolarWinds Hack (Bloomberg)
- SolarWinds hack shows we need a 'whole of society' national cyber strategy (hill)
- Expert warned 'solarwinds123' password could expose firm: Report (BI)
- DOD has a leg up in mitigating potential SolarWinds breach, former officials say (FedScoop)
- Florida Investigating Server Hacking Through SolarWinds Software
- DOE Update on Cyber Incident Related to Solar Winds Compromise (DOE)
- FireEye, Crowdstrike enjoy record days as SolarWinds hack leads to soaring security stocks (MarketWatch)
- Top Democrat: 'Critical' that Pompeo brief senators on SolarWinds hack at State Dept. (hill)
- Little (known SolarWinds gets scrutiny over hack, stock sales)
- "Strategic Silence" and State (Sponsored Hacking: The US Gov't and SolarWinds)
- All SentinelOne Customers Protected from SolarWinds SUNBURST Attack (bizwire)
- It’s A Twister! Will SolarWinds Blow Cybersecurity Governance Reform Into The Boardroom?
- SolarWinds, GitHub Leaks and Securing the Software Supply Chain (secblvd)
- SolarFlare Release: Password Dumper for SolarWinds Orion (secblvd)
- Erlang Authenticated Remote Code Execution :: malicious.link — welcome
- SolarWinds breach raises stakes for NDAA Trump still threatens to veto (FRN)
- SolarWinds CyberAttack and FireEye Red Team Tools Coverage
- NSA Cybersecurity Advisory: Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources > National Security Agency Central Security Service > Article View
- 'Very, very large' telecom organization and Fortune 500 company breached in SolarWinds hack (scmedia)
- CISA Warns Agencies of SolarWinds Orion Compromise via Emergency Directive (gcwire)
- Sunburst's C2 Secrets Reveal Second-Stage SolarWinds Victims (tpost)
- SunBurst_DGA_Decode/decode.py at main · RedDrip7/SunBurst_DGA_Decode (GitHub)
Date 2020-12-23
- SolarWinds Adviser Warned of Lax Security Years Before Hack (Bloomberg)
- Russian hackers hit US government using widespread supply chain attack (ars)
- Staring at the Sun: Thoughts on UNC2452, SUNBURST, SolarWinds and Road Ahead (Prevailion)
- SolarWinds Claims Execs Unaware of Breach When They Sold Stock (SecurityWeek.Com)
- NATO Checking Systems After US Cyberattack (SecurityWeek.Com)
Date 2020-12-22
- How U.S. agencies' trust in untested software opened the door to hackers (POLITICO)
- Solorigate AzureAd IOCs
- SolarWinds Hack Victims: From Tech Companies to a Hospital and University (WSJ)
- SUPERNOVA: A Novel .NET Webshell, an Analysis
- Microsoft identifies second hacking group affecting SolarWinds software
- A moment of reckoning: the need for a strong and global cybersecurity response (Microsoft On the Issues)
- Microsoft president calls SolarWinds hack an “act of recklessness” (ars)
- SolarWinds Achieves SOC 2 Type II Certification (Orange Matter)
- Hackers last year conducted a 'dry run' of SolarWinds breach
Date 2020-12-21
- OODA Loop (Microsoft says it found malicious software in its systems)
- Hack May Have Exposed Deep US Secrets; Damage Yet Unknown (SecurityWeek.Com)
- DHS Among Those Hit in Sophisticated Cyberattack by Foreign Adversaries – Report (tpost)
- Suspected Russian hackers spied on U.S. Treasury emails - sources (Reuters)
- Billions Spent on U.S. Defenses Failed to Detect Giant Russian Hack (nyt)
- Richard Blumenthal on Twitter: "Stunning. Today’s classified briefing on Russia’s cyberattack left me deeply alarmed, in fact downright scared. Americans deserve to know what's going on. Declassify what’s known & unknown." / Twitter
- Second hacking team was targeting SolarWinds at time of big breach (Reuters)
- Second hacking team was targeting SolarWinds at time of big breach (Reuters)
- FireEye CEO: Hack was "totally unique," "utte... (CBS News)
- DebUNCing Attribution: How Mandiant Tracks Uncategorized Threat Actors (fireeye)
- Former US cybersecurity chief Chris Krebs says officials are still tracking 'scope' of the SolarWinds hack
- Biden team and lawmakers raise alarms over Russian cybersecurity breach (wapo)
- Giant U.S. Computer Security Breach Exploited Very Common Software (Scientific American)
Date 2020-12-20
- Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers (MS Security)
- SolarWinds' Orion monitoring platform may have been tampered with by attackers - Security - Software (iTnews)
Date 2020-12-19
- The SolarWinds Orion SUNBURST supply-chain Attack (TRUESEC Blog)
Date 2020-12-18
- SUNBURST – SolarWinds® Orion® IT Management Platform Security Advisory (ServerCentral Turing Group)
- CISA Issues Emergency Directive to Mitigate the Compromise of Solarwinds Orion Network Management Products (CISA)
- SolarWinds’ Customers (Pastebin)
- solarwinds customers
- Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect (nyt)
- Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations (CISA)
- Federal investigators find evidence of previously unknown tactics used to penetrate government networks (wapo)
- Important steps for customers to protect themselves from recent nation-state cyberattacks (Microsoft On the Issues)
- Customer Guidance on Recent Nation (State Cyber Attacks – Microsoft Security Response Center)
- Exclusive-Suspected Russian hacking spree reached into Microsoft -sources (Reuters)
- Nuclear weapons agency breached amid massive cyber onslaught (POLITICO)
- Microsoft says it was hit in SolarWinds attack, but customer data safe (BI)
- Microsoft identifies more than 40 organizations targeted in massive cyber breach (CNNPolitics)
- Russian Hackers Have Been Inside Austin Network for Months
Date 2020-12-17
- SolarWinds' Update Server Could Be Accessed in 2019 Using Password 'solarwinds123': Report
- How suspected Russian hackers outed their massive cyberattack (POLITICO)
- 'Massively disruptive' cyber crisis engulfs multiple agencies (POLITICO)
- Inline XBRL Viewer
- Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’ — Krebs on Security
- SolarWinds Hack Could Affect 18K Customers — Krebs on Security
- GitHub (RedDrip7/SunBurst_DGA_Decode: SunBurst DGA Decode Script)
- (1) Itay Cohen on Twitter: "The attackers behind the #SUNBURST malware put a lot of effort into trying to avoid detection by analysts and security vendors. Not only this, but they also tried to make sure to stay under the radar of #SolarWinds develope
- SunBurst: the next level of stealth
- Thread by @megabeets_ on Thread Reader App (Thread Reader App)
- cyber.dhs.gov - Emergency Directive 21 (01)
- SolarWinds’ shares drop 22 per cent. But what’s this? $286m in stock sales just before hack announced? (Register)
- SolarWinds: Why the Sunburst hack is so serious (BBC News)
- InfoSec Handlers Diary Blog
Date 2020-12-16
- SolarWinds hackers have a clever way to bypass multi-factor authentication (ars)
- Dark Halo Leverages SolarWinds Compromise to Breach Organizations (Volexity)
- ~18,000 organizations downloaded backdoor planted by Cozy Bear hackers (ars)
- GitHub (fireeye/sunburst_countermeasures)
- Active Exploitation of SolarWinds Software (CISA)
- SolarWinds Exposed FTP Credentials Publicly in a Github Repo
- Hackers at center of sprawling spy campaign turned SolarWinds' dominance against it (Reuters)
Date 2020-12-15
- Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor (fireeye)
- Russian hacker group 'Cozy Bear' behind Treasury and Commerce breaches (wapo)