Cybersecurity firm SonicWall disclosed Friday night that hackers attacked the company’s internal networks by first exploiting zero-day vulnerabilities in its very own secure remote access products. SC Media received an anonymous tip Friday that SonicWall had suffered an attack, but did not get confirmation ahead of the disclosure by the company. SonicWall, whose product line…
Joe Slowik, senior security researcher at DomainTools, spoke to SC Media about how the SolarWind attackers remained undetected for so long, and how domain data could be used to weaponize network observables against sophisticated attackers.
The effectiveness of this operation serves as a reminder of the risks of openly sharing and storing plain-text network credentials or sensitive network access instructions on internet-accessible apps or servers.
So far, U.S. companies have felt the brunt of regulators' displeasure. The highest GDPR fine so far – $57 million – was imposed on Google by French regulators, though Marriott may have to pony up $123 million.
An eleventh-hour executive order will require infrastructure-as-a-service providers to log the identity of foreign clients. The executive order will stand, unless specifically repealed by new President Joe Biden.
Washington, D.C. is on high alert, extending a special designation for security that always applies to inaugurations to Jan. 21, and calling in the National Guard. But in the wake of the attack on the Capitol, protection of digital assets is paramount.