About this site

Previous work

Projects

   

   

   

   

   

   

   

   

   

   

Drilldown: Detailed, low-level analysis of malware and TTP

Retrieved 2024-06-11

  • Many software makers will miss Biden’s cybersecurity deadline today

    • Retrieved 2022-11-01

  • Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply (Chain Attack)

    • Retrieved 2021-12-15

  • EETimes (SolarWinds Fallout: When Will Breach Reporting Become Mandatory?)

    • Retrieved 2021-12-08

  • A Year After the SolarWinds Hack, Supply Chain Threats Still Loom (WIRED)

    • Retrieved 2021-07-28

  • Biden to Sign Cyber Security Executive Order (nyt)

    • Retrieved 2021-07-12

  • SolarWinds Identifies, Patches Critical Vulnerability in Serv-U (My TechDecisions)

    • Retrieved 2021-07-08

  • 4 key takeaways from Biden’s Executive Order on cybersecurity (secblvd)

    • Retrieved 2021-06-28

  • Lawmaker, Tech Companies Clash on Software Transparency Requirements (Nextgov)

    • Retrieved 2021-06-22

  • Software bills of materials (SBOM) could help improve cybersecurity (CNX Software)
  • Government-mandated SBOMs to throw light on software supply chain security (CSO Online)

    • Retrieved 2021-06-21

  • Biden’s executive order on cybersecurity should include behavior transparency (TechCrunch)

    • Retrieved 2021-06-18

  • Google’s latest framework aims to prevent SolarWinds (like supply chain attacks)

    • Retrieved 2021-06-17

  • Open-source security: Google has a new plan to stop software supply chain attacks (ZDNet)
  • Binary Authorization for Borg: how Google verifies code provenance and implements code identity
  • Google dishes out homemade SLSA, a recipe to thwart software supply (chain attacks • The Register)

    • Retrieved 2021-06-04

  • How LF communities enable security measures required by the US Executive Order on Cybersecurity (Linux Foundation)

    • Retrieved 2021-06-01

  • Russian SolarWinds Hacker Launches New Phishing Campaign-Security (Illinois News Today)
  • Poisoned Installers Found in SolarWinds Hackers Toolkit (Flizzyy News)

    • Retrieved 2021-05-27

  • Federal Register :: Software Bill of Materials Elements and Considerations

    • Retrieved 2021-05-20

  • To avoid insider threats, security strategies call for behavioral profiling and anomaly comparison | 2021-05-20 (Security Magazine)
  • 12 Lessons Learned From The SolarWinds Breach: RSA Conference
  • CrowdStrike breaks down 'Golden SAML' attack

    • Retrieved 2021-05-13

  • Linux and open-source communities rise to Biden's cybersecurity challenge (ZDNet)

    • Retrieved 2021-05-07

  • US-UK Gov Warning: SolarWinds Attackers Add Open-Source PenTest Tool to Arsenal (SecuritNEWS)

    • Retrieved 2021-05-06

  • Fact Sheet: Russian SVR Activities Related to SolarWinds Compromise

    • Retrieved 2021-05-05

  • Further TTPs associated with SVR cyber actors

    • Retrieved 2021-04-30

  • The Ticking Time Bomb in Every Company's Code
  • Survey Finds Broad Concern Over Third (Party App ...)

    • Retrieved 2021-04-28

  • DOD Zero Trust Reference Architecture

    • Retrieved 2021-04-27

  • Well (known VPN used to steal credentials on SolarWinds servers)
  • Abusing Replication: Stealing AD FS Secrets Over the Network (fireeye)
  • An APT Group Exploits VPN to Deploy Supernova on SolarWinds Orion (Cyware Alerts - Hacker News)
  • Dark Reading | Security (Protect The Business)
  • Another SolarWinds lesson: Hackers are targeting Microsoft authentication servers (The Open Security)

    • Retrieved 2021-04-26

  • CISA warns of theft of credentials via SolarWinds and PulseSecure VPN
  • SolarWinds hack and security - What is a software bill of materials? (JAXenter)
  • Another top VPN is reportedly being used to spread SolarWinds hack (TechRadar)

    • Retrieved 2021-04-25

  • SolarWinds hacking campaign puts Microsoft in the hot seat (Columbia Basin Herald)
  • Microsoft in the hot seat due to SolarWinds hacking campaign (Compsmag)
  • CISA warns of credential theft via SolarWinds and PulseSecure VPN (VentureBeat)
  • CISA warns of credential theft via SolarWinds and PulseSecure VPN (Public News)

    • Retrieved 2021-04-23

  • APT abused Pulse Secure, SolarWinds appliances to plant Supernova webshell on enterprise network
  • Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion (IT Security News)
  • Supernova Attack Leveraged SolarWinds, Pulse Secure
  • Analysts Uncover More Servers Used in SolarWinds Attack
  • Hackers exploit SolarWinds, Pulse Secure for credential theft: Feds - Security (CRN Australia)
  • SolarWinds hacking campaign puts Microsoft in the hot seat
  • Supernova Attack Leveraged SolarWinds, Pulse Secure
  • SUPERNOVA malware discovered on SolarWinds Orion server (Malware Devil)

    • Retrieved 2021-04-22

  • SolarWinds: Illuminating the Hidden Patterns That Advance the Story (RiskIQ)
  • SolarWinds: Advancing the Story (RiskIQ Community Edition)
  • Research Uncovers New Command Servers Used in SolarWinds Campaign (Zero Day)
  • CISA Identifies SUPERNOVA Malware During Incident Response (CISA)
  • Researchers shed more light on APT29 activity during SolarWinds attack
  • Russian Cyber Threat Defense – Now and Looking Forward (secblvd)
  • Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion
  • CISA Discovers Advanced Malware In VPN Device (Potomac Officers Club)
  • CISA Finds New Attacker Using Supernova Malware on SolarWinds Orion (Decipher)
  • Researchers Find New Chunk of SolarWinds Attackers' Infrastructure (Decipher)
  • New analysis uncovers extensive SolarWinds attack infrastructure (TechRadar)

    • Retrieved 2021-04-20

  • Exploring three more serious flaws in SolarWinds Orion products (TechNative)

    • Retrieved 2021-04-19

  • Malware Wants to Phone Home. Trinity Cyber Doesn’t Try to Block It
  • Supply chain risk: Addressing a multitude of single points of failure - (FCW)

    • Retrieved 2021-04-15

  • MAR-10327841-1.v1 – SUNSHUTTLE (CISA)

    • Retrieved 2021-04-13

  • Fireeyye - [Report] M (Trends 2021)

    • Retrieved 2021-03-31

  • What We Know (and Don't Know) So Far About the ...

    • Retrieved 2021-03-29

  • In wake of giant software hacks, defenders & dev teams must fix AppSec

    • Retrieved 2021-03-28

  • iTWire (SolarWinds speaks out, and software dev can never be the same again)

    • Retrieved 2021-03-26

  • SolarWinds CEO: Here’s What We’re Doing to Prevent Another Attack (SDxCentral)
  • SolarWinds hack: the mystery of one of the biggest cyberattacks ever (CyberNews)

    • Retrieved 2021-03-25

  • Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft (Reuters)

    • Retrieved 2021-03-23

  • Swiss Cyber Security Firm Says It Accessed Servers of a SolarWinds Hacking Group
  • Swiss cybersecurity firm says it accessed servers of SolarWinds hacking group (The Bharat Express News)

    • Retrieved 2021-03-22

  • Swiss firm says it has accessed servers of a SolarWinds hacker that attacked 4,700 targets, Tech News News & Top Stories (The Straits Times)
  • Researchers discover threat actors with links to SolarWinds hack (IT PRO)
  • Swiss Cybersecurity Firm says it Accessed Servers of a SolarWinds Hacker
  • Swiss Firm Says It Accessed SolarWinds Attackers' Servers

    • Retrieved 2021-03-19

  • Swiss Firm Says It Has Accessed Servers of a SolarWinds Hacker (Bloomberg)
  • SolarWinds explainer

    • Retrieved 2021-03-17

  • Mimecast confirms hackers behind SolarWinds supply chain attack accessed limited amount of customer information (The Daily Swig)
  • SilverFish Group Threat Actor Report

    • Retrieved 2021-03-15

  • The US must adopt Software Bill of Materials to thwart cyberattacks (hill)

    • Retrieved 2021-03-01

  • NTIA Software Component Transparency (National Telecommunications and Information Administration)

    • Retrieved 2021-02-25

  • Microsoft Releases Free Tool for Hunting SolarWinds ...

    • Retrieved 2021-02-23

  • The Anatomy of the SolarWinds Attack Chain (secblvd)

    • Retrieved 2021-02-22

  • Orion SDK - The Orion Platform (THWACK)

    • Retrieved 2021-02-17

  • CyberArk Labs: The Anatomy of the SolarWinds Attack (Techwire)

    • Retrieved 2021-01-19

  • Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (fireeye)

    • Retrieved 2021-01-14

  • SolarWinds Cyber (Attack Affects Developers and Contractors)

    • Retrieved 2021-01-13

  • Preventing Supply Chain Attacks like SolarWinds (Linux Foundation)

    • Retrieved 2020-12-17

  • Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations (CISA)

    • Retrieved 2020-12-14

  • Dark Halo Leverages SolarWinds Compromise to Breach Organizations (Volexity)

    • Retrieved 2020-12-13

  • Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor (fireeye)
  • cyber.dhs.gov - Emergency Directive 21 (01)

    • Contents copyright Ciexinc.com 2024; All rights reserved
    Cookie policy: This site neither sets nor collects cookies.
    blog1.2.5/pb1.2.7