SolarWinds hack

January 20, 2021

SolarWinds attack opened up 4 separate paths to a Microsoft 365 cloud breach

Tactics expose the need for organizations to develop cohesive playbooks for breaches affecting hybrid environments.

The post SolarWinds attack opened up 4 separate paths to a Microsoft 365 cloud breach appeared first on SC Media.

January 15, 2021

With insured losses estimated at $90 billion, did cyber insurance firms dodge financial calamity?

The number of SolarWinds victims will likely grow in the upcoming months, but direct insured costs should remain close to the current estimate since many of the organizations hit – particularly federal agencies – do not carry insurance against cyber risks.

The post With insured losses estimated at $90 billion, did cyber insurance firms dodge financial calamity? appeared first on SC Media.

January 13, 2021

Sunspot malware scoured servers for SolarWinds builds that it could weaponize

Software company says 2 customer inquires, in hindsight, appear linked to supply-chain attack

The post Sunspot malware scoured servers for SolarWinds builds that it could weaponize appeared first on SC Media.

January 11, 2021

Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group

While researchers may want to invest time and energy towards attributing the latest high-profile attack to a particular adversary, more productive is the ability to see similarities in the underlying techniques employed in the attack were to prior attacks.

The post Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group appeared first on SC Media.

January 6, 2021

SolarWinds hack: Amid hardened security, attackers seek softer targets

Experts disagree that election security efforts detracted from supply chain security. But there are still lessons to be learned.

The post SolarWinds hack: Amid hardened security, attackers seek softer targets appeared first on SC Media.

January 5, 2021

SolarWinds hack poses risk to cloud services’ API keys and IAM identities

The SolarWinds hack endangers not just organizations' on-premises systems but also their cloud-based infrastructure.

The post SolarWinds hack poses risk to cloud services’ API keys and IAM identities appeared first on SC Media.

January 4, 2021

SolarWinds, top executives hit with class action lawsuit over Orion software breach

Stockholders who purchased company shares in 2020 are suing the IT management software company for materially misleading investors about their security practices.

The post SolarWinds, top executives hit with class action lawsuit over Orion software breach appeared first on SC Media.

January 4, 2021

Microsoft doesn’t treat its source code like a trade secret. Is that smart?

In the course of investigating the impacts of the SolarWinds breach, Microsoft security specialists discovered “unusual activity” within a number of internal accounts, including one that was used to view the company’s internal source code.

The post Microsoft doesn’t treat its source code like a trade secret. Is that smart? appeared first on SC Media.

December 28, 2020

In wake of SolarWinds and Vietnam, more supply chain attacks expected 2021

Research from ESET of a supply chain attack in Vietnam in which digital certificates were compromised set off continued discussions in the industry about the nature of recent supply chain attacks, and how security teams can most effectively prepare and respond.

The post In wake of SolarWinds and Vietnam, more supply chain attacks expected 2021 appeared first on SC Media.