CISA Issues Emergency Directive to Mitigate the Compromise of Solarwinds Orion Network Management Products

The Cybersecurity and Infrastructure Security Agency (CISA) tonight issued Emergency Directive 21-01, in response to a known compromise of SolarWinds Orion products that are currently being exploited by malicious actors. This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.

Cisa

Hackers used SolarWinds' dominance against it in sprawling spy campaign

WASHINGTON (Reuters) - On an earnings call two months ago, SolarWinds Chief Executive Kevin Thompson touted how far the company had gone during his 11 years at the helm. There was not a database or an IT deployment model out there to which his Austin, Texas-based company did not provide some level of monitoring or management, he told analysts on the Oct.

U.S.

A security researcher says that, last year, he alerted SolarWinds that anyone could access SolarWinds' update server by using the password "solarwinds123"

Reuters: A security researcher says that, last year, he alerted SolarWinds that anyone could access SolarWinds' update server by using the password "solarwinds123"

Techmeme

Opinion | Enough is enough. Here's what we should do to defend against the next Russian cyberattacks.

Alex Stamos is the director of the Stanford Internet Observatory and the former chief information security officer of Yahoo and Facebook. The details are still trickling in, but it seems possible that the latest Russian cyberattacks against the Departments of Homeland Security, Treasury and State; the National Institutes of Health; and possibly dozens of companies and departments will turn out to be one of the most important hacking campaigns in history.

Washington Post

FBI says DoppelPaymer ransomware gang is harassing victims who refuse to pay | ZDNet

The US Federal Bureau of Investigations says it is aware of incidents where the DoppelPaymer ransomware gang has resorted to cold-calling companies in order to intimidate and coerce victims into paying ransom demands.

ZDNet

Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor

Executive Summary We have discovered a global intrusion campaign. We are tracking the actors behind this campaign as UNC2452. FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware we call SUNBURST.

FireEye

Two cybersecurity hygiene actions to improve your digital life in 2021

This blog was written by an independent guest blogger. It is that time of year again where we start planning resolutions for the coming year. A good start is putting cybersecurity on the top of the list whether you are a business or individual.

Att

Exclusive: Israeli Surveillance Companies Are Siphoning Masses Of Location Data From Smartphone Apps

This year has seen a rush amongst government snoops for a new and sometimes contentious data set: location data grabbed by smartphone popular apps. Customs and Border, the FBI, the U.S. military and other federal agencies have been keen buyers, though it's caused a furor amongst privacy and human rights watchdogs.

Forbes

U.S. Agencies Hacked in Foreign Cyber Espionage Campaign Linked to Russia

WASHINGTON-Multiple federal government agencies, including the U.S. Treasury and Commerce departments, have had some of their computer systems breached as part of a widespread cyber espionage campaign believed to be the work of the Russian government, according to officials and people familiar with the matter.

WSJ

Ensuring customers are protected from Solorigate - Microsoft Security

Microsoft is monitoring a dynamic threat environment surrounding the discovery of a sophisticated attack that included compromised binaries from a legitimate software. These binaries, which are related to the SolarWinds Orion Platform, could be used by attackers to remotely access devices. On Sunday, December 13, Microsoft released detections that alerted customers to the presence of...

Microsoft Security

SolarWinds says fewer than 18,000 customers installed malware-laced Orion software update that led to US Treasury hack

Software provider SolarWinds stated on Monday that fewer than 18,000 of its customers are thought to have downloaded a compromised software update, which enabled a nation-state hacker group to breach the computer networks of the US Treasury Department and other federal agencies.

Computing

US Agencies and FireEye Were Hacked Using SolarWinds Software Backdoor

The U.S. government Agencies and cybersecurity firm FireEye were hacked using SolarWinds software supply chain attack

The Hacker News

Analysis | The Cybersecurity 202: Russian hack reveals weaknesses in government cybersecurity protections

A major Russian breach is prompting fears the government's cybersecurity protections have fallen dangerously behind. Lawmakers and experts are sounding alarms that billions of dollars' worth of custom-made government cybersecurity systems aren't equipped to spot the most nefarious Russian hacker activity. And they're warning the government is poorly organized to respond to such breaches once they come to light.

Washington Post