We got caught up in this in a frenzy of logs and meetings and agent installs.
Ugh.
#Solarwinds #Cybersecurity
Wired - The Untold Story of the Boldest Supply-Chain Hack Ever

The Untold Story of the Boldest Supply-Chain Hack Ever

The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation.

Did the #Cyberwar started with #StuxNet?

Will World War III begin in #cyberspace?

source: https://www.computerworld.com/article/3647879/will-world-war-iii-begin-in-cyberspace.html

People die because of cyber wars, even if no bullets are ever fired. Instead, they die in #emergency rooms that no longer have power, from broken medical #communication networks, and from riots. All of this has happened before. It will happen again. And now, with #Russia poised to invade #Ukraine and Russian cyberattacks already in motion, we can only hope and pray that what promises to be the first major European war since World War II doesn't spark the next #WorldWar.

...

More recently, "58% of all cyberattacks from nation-states have come from Russia," said Tom Burt, #Microsoft corporate vice president. For example, the US and #UK blame the Russian Foreign #Intelligence Service (SVR) for the huge #SolarWinds software supply chain #attack. As Burt pointed out, #Kremlin - backed hackers are becoming "increasingly effective." That's no surprise. After all, Russian agents have been at it for years.

Those who invest nothing in #IT #security will be hacked. If the company is lucky, it is only an #encryption #Trojan and can buy its way out. In worse cases, the company is simply paralyzed and the business secrets are sold in #China. Depending on who is on the bullet list at the moment, it is Russia, China, #Iran or #NorthKorea. Such attacks can be easily disguised, and it is usually not even possible to assign them. Microsoft should rather invest more in its software instead of smart slogans, because macros are still the main gateway for encryption Trojans.

#technology #terror #problem #news #opinion #hack #hacker #computer #software

Will World War III begin in cyberspace?

It's not the 100,000 Russian troops on Ukraine's borders that worries me as much as cyberattacks that can easily get out of hand.

I saw two articles where they get the facts very wrong; #solarwinds was #microsoft , not FOSS. A hearing about FOSS #security should not mention solarwinds as though it was FOSS.

#Microsoft #Windows TCO (people who deploy Windows need to be held legally accountable): ● #ITWire #ProprietarySoftware ☞ #SolarWinds investors sue company over supply chain attacks https://itwire.com/security/solarwinds-investors-sue-company-over-supply-chain-attacks.html

iTWire - SolarWinds investors sue company over supply chain attacks

Investors in SolarWinds have sued the directors of the company, claiming they were aware of the risks that the firm's software posed but failed to act to prevent devastating attacks that came to light last year. The suit was filed on 4...

#reproducible-builds in October: https://reproducible-builds.org/reports/2021-10/ with #codethink, #solarwinds, the Civil Infrastructure Platform (#CIP), #QubesOS, #Debian, #openSUSE

Microsoft #Windows TCO: ● #ITWire #ProprietarySoftware ☞ #Microsoft claims #SolarWinds attackers targeting clown providers, MSPs https://itwire.com/security/microsoft-claims-solarwinds-attackers-targeting-cloud-providers,-msps.html

iTWire - Microsoft claims SolarWinds attackers targeting cloud providers, MSPs

Microsoft claims to have detected what it characterises as nation-state activity by an adversary it calls Nobelium — the SolarWinds attackers who are also known as APT29 and Cozy Bear — trying to gain access to customers of multiple...

● NEWS ● #ITWire #ProprietarySoftware ☞ Researchers find new #backdoor likely linked to #SolarWinds attacker https://itwire.com/security/researchers-find-new-backdoor-likely-linked-to-solarwinds-attacker.html

iTWire - Researchers find new backdoor likely linked to SolarWinds attacker

Global cyber security firm Kaspersky claims to have discovered a new backdoor it has named Tomiris which shows signs of being connected to the same actor behind the attacks on SolarWinds which were revealed last year. Kaspersky's researchers...

#ThisWeekInSecurity: #Ghoscript in #Imagemagick, #Solarwinds, and #DHCP #Shenanigans

A PoC was just published for a potentially serious flaw in the Ghostscript interpreter. Ghostscript can load Postscript, PDF, and SVG, and it has a feature from Postscript that has been a continual…

https://hackaday.com/2021/09/10/this-week-in-security-ghoscript-in-imagemagick-solarwinds-and-dhcp-shenanigans/ #ThisWeekInSecurity

This Week in Security: Ghoscript in Imagemagick, Solarwinds, and DHCP Shenanigans

#hackadaycolumns #news #securityhacks #imagemagick #openwrt #solarwinds #thisweekinsecurity #hackaday
posted by pod_feeder_v2

This Week In Security: Ghoscript In Imagemagick, Solarwinds, And DHCP Shenanigans

A PoC was just published for a potentially serious flaw in the Ghostscript interpreter. Ghostscript can load Postscript, PDF, and SVG, and it has a feature from Postscript that has been a continual…

● NEWS ● #Bloomberg #ProprietarySoftware ☞ #SolarWinds [Attack] Reached 27 U.S. Attorneys’ Offices, Justice Says https://www.bloomberg.com/news/articles/2021-07-31/solarwinds-hack-reached-27-u-s-attorneys-offices-justice-says

● NEWS ● #TheHill #ProprietarySoftware ☞ #SolarWinds [crackers] accessed over two dozen federal prosecutors' offices: DOJ https://thehill.com/policy/cybersecurity/565751-doj-says-solarwinds-hackers-accessed-over-two-dozen-prosecutors-offices

SolarWinds hackers accessed over two dozen federal prosecutors' offices: DOJ

The Justice Department said Friday that the hackers behind the major SolarWinds hack compromised employee accounts in over two dozen federal prosecutors’ offices.

The OTHER Battistelli (not #EPO criminal): "Battistelli was the incident commander on the #Solarwinds Data breach, and Rhodes worked on the Centennial Pipeline incident." https://www.fox13now.com/news/local-news/utahs-camp-williams-hosts-cyber-defense-exercises-to-help-protect-the-us http://techrights.org/wiki/index.php/Beno%C3%AEt_Battistelli

Utah's Camp Williams hosts cyber defense exercises to help protect the US

The largest Department of Defense declassified training on cyber-warfare, titled Cyber Shield, is underway at Camp Williams in Utah.

Russia Appears to Carry Out Hack Through System Used by U.S. Aid Agency

#usfederalgovernmentdatabreach2020 #cyberwarfareanddefense #unitedstatesinternationalrelations #computersandtheinternet #microsoftcorp #solarwinds #unitedstatesagencyforinternationaldevelopment #statedepartment #bidenjosephrjr #putinvladimirv #russia #news

Russia Appears to Carry Out Hack Through System Used by U.S. Aid Agency

Senior Democrats said the latest attack, ahead of President Biden’s meeting with his Russian counterpart, demanded a stronger response.

#reproducible-builds in January: https://reproducible-builds.org/reports/2021-01/ with #SolarWinds, #Outreachy, System-transparency, #Debian, #openSUSE, #ArchLinux, some #FDroid

#reproducible-builds in December: https://reproducible-builds.org/reports/2020-12/ with #SolarWinds #Debian #ArchLinux #openSUSE #NixOS #Maven #corona tracing app and more...