Category Archives: SolarWinds hack

Does SolarWinds change the rules in offensive cyber? Experts say no, but offer alternatives

While tempting, most experts agree that hack-back strategies are a bad idea for companies. But there are tactics that can help deter nation-state actors and limit their ability to penetrate networks.

The post Does SolarWinds change the rules in offensive cyber? Experts say no, but offer alternatives appeared first on SC Media.

Continue reading

Posted in APT, APTs/cyberespionage, Cyberespionage, Featured, Security News, Security strategy, SolarWinds hack | Comments Off on Does SolarWinds change the rules in offensive cyber? Experts say no, but offer alternatives

Sunbust avoided indicators of compromise with SolarWinds hack, but left breadcrumbs

Joe Slowik, senior security researcher at DomainTools, spoke to SC Media about how the SolarWind attackers remained undetected for so long, and how domain data could be used to weaponize network observables against sophisticated attackers.

The post Sunbust avoided indicators of compromise with SolarWinds hack, but left breadcrumbs appeared first on SC Media.

Continue reading

Posted in APT, APTs/cyberespionage, Featured, Network Security, Security News, SolarWinds hack, Threat intelligence | Comments Off on Sunbust avoided indicators of compromise with SolarWinds hack, but left breadcrumbs

SolarWinds attack opened up 4 separate paths to a Microsoft 365 cloud breach

Tactics expose the need for organizations to develop cohesive playbooks for breaches affecting hybrid environments.

The post SolarWinds attack opened up 4 separate paths to a Microsoft 365 cloud breach appeared first on SC Media.

Continue reading

Posted in Breach, Cloud, Cloud Security, Data Breach, Featured, Network Security, Security News, SolarWinds hack | Comments Off on SolarWinds attack opened up 4 separate paths to a Microsoft 365 cloud breach

With insured losses estimated at $90 billion, did cyber insurance firms dodge financial calamity?

The number of SolarWinds victims will likely grow in the upcoming months, but direct insured costs should remain close to the current estimate since many of the organizations hit – particularly federal agencies – do not carry insurance against cyber risks.

The post With insured losses estimated at $90 billion, did cyber insurance firms dodge financial calamity? appeared first on SC Media.

Continue reading

Posted in Data Breach, Government, Risk Management, Security News, SolarWinds hack, Third-party risk | Comments Off on With insured losses estimated at $90 billion, did cyber insurance firms dodge financial calamity?

Sunspot malware scoured servers for SolarWinds builds that it could weaponize

Software company says 2 customer inquires, in hindsight, appear linked to supply-chain attack

The post Sunspot malware scoured servers for SolarWinds builds that it could weaponize appeared first on SC Media.

Continue reading

Posted in Application Security, DevOps, Featured, Malware, Security News, SolarWinds hack | Comments Off on Sunspot malware scoured servers for SolarWinds builds that it could weaponize

Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group

While researchers may want to invest time and energy towards attributing the latest high-profile attack to a particular adversary, more productive is the ability to see similarities in the underlying techniques employed in the attack were to prior attacks.

The post Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group appeared first on SC Media.

Continue reading

Posted in APT, APTs/cyberespionage, SolarWinds hack, Threat intelligence | Comments Off on Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group

SolarWinds hack: Amid hardened security, attackers seek softer targets

Experts disagree that election security efforts detracted from supply chain security. But there are still lessons to be learned.

The post SolarWinds hack: Amid hardened security, attackers seek softer targets appeared first on SC Media.

Continue reading

Posted in Featured, Network Security, Security awareness, Security News, SolarWinds hack, Third-party risk | Comments Off on SolarWinds hack: Amid hardened security, attackers seek softer targets

SolarWinds hack poses risk to cloud services’ API keys and IAM identities

The SolarWinds hack endangers not just organizations’ on-premises systems but also their cloud-based infrastructure.

The post SolarWinds hack poses risk to cloud services’ API keys and IAM identities appeared first on SC Media.

Continue reading

Posted in Breach, Cloud, Cloud Security, Cyberespionage, Database security, Security News, SolarWinds hack | Comments Off on SolarWinds hack poses risk to cloud services’ API keys and IAM identities

SolarWinds, top executives hit with class action lawsuit over Orion software breach

Stockholders who purchased company shares in 2020 are suing the IT management software company for materially misleading investors about their security practices.

The post SolarWinds, top executives hit with class action lawsuit over Orion software breach appeared first on SC Media.

Continue reading

Posted in Breach, Featured, Legal, Legal Action, Security News, SolarWinds hack, Third-party risk | Comments Off on SolarWinds, top executives hit with class action lawsuit over Orion software breach