SolarWinds: What Hit Us Could Hit Others

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. More worrisome, the research suggests the insidious methods used by the intruders to subvert the company’s software development pipeline could be repurposed against many other major software providers. Continue reading SolarWinds: What Hit Us Could Hit Others

Sealed U.S. Court Records Exposed in SolarWinds Breach

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to… Continue reading Sealed U.S. Court Records Exposed in SolarWinds Breach

Does the U.S. Need a National Cyber Strategy?

As high-profile hacks mount, should the government be involved in creating and enforcing a national cyber strategy? The number of identified companies and government entities that were among the 17,000+ compromised in the SolarWinds backdoor injection… Continue reading Does the U.S. Need a National Cyber Strategy?

Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’

A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned. Continue reading Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’

SolarWinds Hack Could Affect 18K Customers

The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. Meanwhile, Microsoft should soon have some idea which and how many SolarWinds customers were affected, as it recently took possession of a key domain name used by the intruders to control infected systems. Continue reading SolarWinds Hack Could Affect 18K Customers

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the company’s customer base, experts say the incident may be just the first of many such disclosures. Continue reading U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise