The Cybersecurity and Infrastructure Security Agency (CISA) tonight issued Emergency Directive 21-01, in response to a known compromise of SolarWinds Orion products that are currently being exploited by malicious actors. This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.
WASHINGTON (Reuters) - On an earnings call two months ago, SolarWinds Chief Executive Kevin Thompson touted how far the company had gone during his 11 years at the helm. There was not a database or an IT deployment model out there to which his Austin, Texas-based company did not provide some level of monitoring or management, he told analysts on the Oct.
Reuters: A security researcher says that, last year, he alerted SolarWinds that anyone could access SolarWinds' update server by using the password "solarwinds123"
Alex Stamos is the director of the Stanford Internet Observatory and the former chief information security officer of Yahoo and Facebook. The details are still trickling in, but it seems possible that the latest Russian cyberattacks against the Departments of Homeland Security, Treasury and State; the National Institutes of Health; and possibly dozens of companies and departments will turn out to be one of the most important hacking campaigns in history.
The US Federal Bureau of Investigations says it is aware of incidents where the DoppelPaymer ransomware gang has resorted to cold-calling companies in order to intimidate and coerce victims into paying ransom demands.
Executive Summary We have discovered a global intrusion campaign. We are tracking the actors behind this campaign as UNC2452. FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware we call SUNBURST.
This blog was written by an independent guest blogger. It is that time of year again where we start planning resolutions for the coming year. A good start is putting cybersecurity on the top of the list whether you are a business or individual.
This year has seen a rush amongst government snoops for a new and sometimes contentious data set: location data grabbed by smartphone popular apps. Customs and Border, the FBI, the U.S. military and other federal agencies have been keen buyers, though it's caused a furor amongst privacy and human rights watchdogs.
WASHINGTON-Multiple federal government agencies, including the U.S. Treasury and Commerce departments, have had some of their computer systems breached as part of a widespread cyber espionage campaign believed to be the work of the Russian government, according to officials and people familiar with the matter.
Microsoft is monitoring a dynamic threat environment surrounding the discovery of a sophisticated attack that included compromised binaries from a legitimate software. These binaries, which are related to the SolarWinds Orion Platform, could be used by attackers to remotely access devices. On Sunday, December 13, Microsoft released detections that alerted customers to the presence of...
Software provider SolarWinds stated on Monday that fewer than 18,000 of its customers are thought to have downloaded a compromised software update, which enabled a nation-state hacker group to breach the computer networks of the US Treasury Department and other federal agencies.
The U.S. government Agencies and cybersecurity firm FireEye were hacked using SolarWinds software supply chain attack
A major Russian breach is prompting fears the government's cybersecurity protections have fallen dangerously behind. Lawmakers and experts are sounding alarms that billions of dollars' worth of custom-made government cybersecurity systems aren't equipped to spot the most nefarious Russian hacker activity. And they're warning the government is poorly organized to respond to such breaches once they come to light.