The SolarWinds Hack Was More Humiliating for the Government Than We Thought

The attackers were deep inside Treasury Department email systems doing whatever they wanted.
ZDNet

Four security vendors disclose SolarWinds-related incidents

As most experts predicted last month, the fallout from the SolarWinds supply chain attack is getting bigger as time passes by, and companies had the time to audit internal networks and DNS logs. The ...
CRN

SolarWinds Execs Receive SEC Wells Notice Related To ‘Sunburst’ Cyberattack

SolarWinds, in a Friday SEC filing, said unnamed current and former executives including its chief financial officer and chief information security officer received Wells notices that they may be ...
JD Supra

DIB Take Note: SolarWinds Hack and DHS CISA Emergency Directive on Cyber Vulnerabilities Point to the Need to be Prepared for APTs

If you don’t know about SolarWinds, then you haven’t been reading the news for the past six months. Last October 2020, it was reported that a widely-used networking tool that helps companies in the ...
Bleeping Computer

SolarWinds patches critical vulnerabilities in the Orion platform

Even with the security updates prompted by the recent SolarWinds Orion supply-chain attack, researchers still found some glaring vulnerabilities affecting the platform, one of them allowing code ...
Ars Technica

SEC sues SolarWinds and CISO, says they ignored flaws that led to major hack

The US Securities and Exchange Commission sued SolarWinds Corp. and Chief Information Security Officer Timothy Brown yesterday, alleging that they concealed security failures that led to a nearly ...
Computer Weekly

SolarWinds patches two critical CVEs in Orion platform

Users of SolarWinds’ Orion networking platform – the service at the centre of the high-profile Solorigate/Sunburst attack – are once again being advised to patch their systems urgently following the ...
CRN

SolarWinds CEO Confirms Office 365 Email ‘Compromise’ Played Role In Broad-Based Attack

SolarWinds CEO Sudhakar Ramakrishna has verified suspicious activity in its Office 365 environment, with a company email account compromised and used to access accounts of targeted SolarWinds staff in ...
ZDNet

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

On Monday, Secureworks' counter threat unit (CTU) said that during late 2020, a compromised Internet-facing SolarWinds server was used as a springboard to deploy Supernova, a .NET web shell. Similar ...