“Current and former top executives at SolarWinds are blaming a company intern for a critical lapse in password security that apparently went undiagnosed for years,” reports CNN. The password in question, “solarwinds123,” was discovered in 2019 on the public internet by an independent security researcher who warned the company that the leak had exposed a SolarWinds file server… It is still…
Tag: solarwinds
Microsoft Says SolarWinds Hackers Downloaded Some Azure, Exchange, and Intune Source Code
Microsoft’s security team said today it has formally completed its investigation into its SolarWinds-related breach and found no evidence that hackers abused its internal systems or official products to pivot and attack end-users and business customers. From a report: The OS maker began investigating the breach in mid-December after it was discovered that Russian-linked hackers breached software vendor SolarWinds and inserted…
Suspected Russian Hackers Used US Networks, Official Says
A sprawling cyber-attack that compromised popular software created by Texas-based SolarWinds was executed from within the U.S., a top White House official said, though the government believes Russia was responsible. From a report: The federal investigation of the hack will take several months, Deputy National Security Advisor Anne Neuberger said in a briefing for reporters on Wednesday. “As of today, nine…
France Says Russian State Hackers Targeted IT Monitoring Firm Centreon’s Servers in Years-Long Campaign
France’s cyber-security agency said that a group of Russian military hackers, known as the Sandworm group, have been behind a three-years-long operation during which they breached the internal networks of several French entities running the Centreon IT monitoring software. From a report: The attacks were detailed in a technical report released today by Agence Nationale de la Securite des Systemes d’Information,…
SolarWinds Hack Was ‘Largest and Most Sophisticated Attack’ Ever, Microsoft President Says
A hacking campaign that used a U.S. tech company as a springboard to compromise a raft of U.S. government agencies is “the largest and most sophisticated attack the world has ever seen,” Microsoft Corp President Brad Smith said. From a report: The operation, which was identified in December and that the U.S. government has said was likely orchestrated by Russia, breached…
As VS Code Gains in Popularity, Microsoft Praises ‘Inner Source’ Development
It’s been estimated that there are 24 million developers in the world. 14 million of them now use Microsoft’s Visual Studio Code (VS Code) as their IDE, reports ZDNet, with five million new users arriving in 2020. Julia Liuson, corporate vice president of Microsoft’s developer division, tells them why: “The strategy for VS Code is really to support our any, any,…
Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say
Investigators probing a massive hack of the U.S. government and businesses say they have found concrete evidence the suspected Russian espionage operation went far beyond the compromise of the small software vendor publicly linked to the attack. From a report: Close to a third of the victims didn’t run the SolarWinds software initially considered the main avenue of attack for the…
After SolarWinds Breach, Lawmakers Ask NSA for Help in Cracking Juniper Cold Case
As the U.S. investigation into the SolarWinds hacking campaign grinds on, lawmakers are demanding answers from the National Security Agency about another troubling supply chain breach that was disclosed five years ago. From a report: A group of lawmakers led by Sen. Ron Wyden, D-Ore., are asking the NSA what steps it took to secure defense networks following a years-old breach…
Despite SolarWinds Cyberattack, Microsoft’s Azure Business Predicted to Benefit
“Microsoft Corp. was wrapped into a massive cybersecurity attack late last year,” reports MarketWatch, “but the unprecedented intrusion may actually end up being a positive for the company’s bottom line.” UBS analyst Karl Keirstead, who has a buy rating and a $243 price target, said while Microsoft products were leveraged by hackers in the attack on SolarWinds Corp.’s Orion IT management…
FireEye Releases Tool For Auditing Networks for Techniques Used by SolarWinds Hackers
Cybersecurity firm FireEye has released today a report detailing the techniques used by the SolarWinds hackers inside the networks of companies they breached. From a report: Together with the report, FireEye researchers have also released a free tool on GitHub named Azure AD Investigator that they say can help companies determine if the SolarWinds hackers (also known as UNC2452) used any…