SolarWinds left critical hardcoded credentials in its Web Help Desk product Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway CSO22 Aug 2024 | 18
Judge mostly drags SEC's lawsuit against SolarWinds into the recycling bin Russia-invaded software biz 'grateful for the support we have received' CSO18 Jul 2024 | 3
LockBit's contested claim of fresh ransom payment suggests it's been well hobbled Infosec in brief ALSO: CISA warns Ivanti vuln mitigations might not work, SAML hijack doesn't need ADFS, and crit vulns Security04 Mar 2024 | 1
SolarWinds slams SEC lawsuit against it as 'unprecedented' victim blaming 18,000 customers, including the Pentagon and Microsoft, may have other thoughts CSO29 Jan 2024 | 16
SolarWinds says SEC sucks: Watchdog 'lacks competence' to regulate cybersecurity IT software slinger publishes fierce response to lawsuit brought last month Cyber-crime09 Nov 2023 | 17
SolarWinds charged after SEC says biz knew IT was leaky ahead of SUNBURST attack Developer labels action 'unfounded' after company and CISO slapped with suit for misleading investors Cybersecurity Month31 Oct 2023 | 9
After six days and thousands of pwned users, Cisco poised to patch IOS XE flaw Security in brief ALSO: SolarWinds using plaintext passwords; North Korea attacks TeamCity; Critical vulns, and more Cybersecurity Month22 Oct 2023 | 3
US government extends software security deadline because vendors aren't ready This from the Administration that made infosec a priority Software13 Jun 2023 | 4
SBOMs should be a security staple in the software supply chain SCSW Know the ingredients before mixing the code. Oh and pay open source maintainers for goodness' sake... Software05 Mar 2023 | 12
CI/CD: Necessary for modern software development, yet it carries a lot of risk SCSW With great speed comes great insecurity CSO02 Mar 2023 | 10
Open source software has its perks, but supply chain risks can't be ignored Analysis While app development is faster and easier, security is still a concern Security22 Feb 2023 | 14
Have we learned anything from SolarWinds supply chain attacks? From frameworks to new federal offices, it's time to get busy Security05 Feb 2023 | 26
Uber staff info leaks after supplier Teqtivity gets pwned Thankfully no customer info – but the spotlight is back on third-party attacks Security13 Dec 2022 | 3
Want to detect Cobalt Strike on the network? Look to process memory Security analysts have tools to spot hard-to-find threat, Unit 42 says Security06 Dec 2022 |
SolarWinds reaches $26m settlement with shareholders, expects SEC action One 8-K filing, two bombshells Cyber-crime04 Nov 2022 | 14
SolarWinds and Dynatrace directors resign over antitrust concerns DoJ cracks down on competing companies that share board members Software20 Oct 2022 | 3
Someone may be prepping an NPM crypto-mining spree 1,300 packages from 1,000 automated user accounts set the stage for something big Research07 Jul 2022 | 8
Cyberattack shuts down unemployment, labor websites across the US Software maker GSI took systems offline, affecting thousands of people in as many as 40 states Cyber-crime01 Jul 2022 | 8
Software patching must work like car safety recalls, says US cyber boss Black Hat Asia Adds infosec regulation coming to more industries but with a light touch, more collaboration CSO13 May 2022 | 30
US DoJ reveals Russian supply chain attack targeting energy sector Poisoned SCADA apps could have disrupted power supply – perhaps even at nuclear plants Security25 Mar 2022 | 9
UK intel chief says MI6 must outsource innovation – and James Bond's in-house 'Q' is nonsense China is on the march, Russia loves to destabilise, no intelligence agency can stop 'em without help Security01 Dec 2021 | 39
Stor-a-File hit by ransomware after crooks target SolarWinds Serv-U FTP software New research says it's Clop's favourite attack method du jour Security10 Nov 2021 | 14
Russian spies reportedly used SolarWinds hack to steal US counterintelligence details Jackpot moment for SVR operatives Security07 Oct 2021 | 16
Microsoft warns: Active Directory FoggyWeb malware being actively used by Nobelium gang Chief security adviser Roger Halbheer says best protection is to 'get off AD FS' Security28 Sep 2021 | 18
Autodesk was one of the 18,000 firms breached in SolarWinds attack, firm admits Door was opened but nobody stepped inside, luckily Security02 Sep 2021 | 9
SolarWinds urges US judge to toss out crap infosec sueball: We got pwned by actual Russia, give us a break Updated Company says it didn't skimp on security before everything went wrong Security04 Aug 2021 | 20
Microsoft names Chinese group as source of new attack on SolarWinds Bad actor likes to work through insecure consumer routers and has form attacking tech companies and military targets Security14 Jul 2021 | 7
SolarWinds issues software update – one it wrote for a change – to patch hole exploited in the wild 'Single threat actor' already abusing RCE flaw, Microsoft reports Security12 Jul 2021 | 9
SEC still digging into SolarWinds fallout, nudges undeclared victims US markets watchdog sniffs around potential insider trading, data violations relating to hack Security22 Jun 2021 | 6
Us? Pwn SolarWinds? With our reputation? Russian spy chief makes laughable denial of supply chain attack Hint: He doesn't care if you personally think it's rubbish, and here's why Security18 May 2021 | 21
SolarWinds CEO describes overhauled Orion build system after that 'very small, unique' security breach CyberUK 21 'This can happen to anybody. There's always learning in any crisis. And we were no exception' Security11 May 2021 | 14
It was Russia wot did it: SolarWinds hack was done by Kremlin's APT29 crew, say UK and US And Positive Technologies has been slapped with American sanctions Security15 Apr 2021 | 63
Mimecast bins SolarWinds and compromised servers alike in wake of supply chain hack Signs up for Cisco, says some encrypted creds were stolen Security17 Mar 2021 | 8
Biden administration reveals probe into government security has found holes, wants more private sector collaboration as the cure Plans include replicating Singapore’s consumer tech security ratings scheme Security15 Mar 2021 | 12
Apple emits patches for iOS, macOS, Safari, etc to stop dodgy websites hijacking people's gadgets In brief Plus: Chrome also patched, Microsoft and Intel team up for homomorphic encryption, and more Security09 Mar 2021 | 6
Microsoft president asks Congress to force private-sector orgs to admit when they've been hacked Senate intelligence committee hears ideas in light of SolarWinds disaster Security24 Feb 2021 | 28
Microsoft admits some Azure, Exchange, Intune source code snaffled in SolarWinds schemozzle We’ll be fine, says Redmond security crew. No word on whether you will be too once crims analyse their haul Security19 Feb 2021 | 5
Microsoft says it found 1,000-plus developers' fingerprints on the SolarWinds attack As FireEye reveals how suspicious second phone signed up for 2FA gave the game away Security15 Feb 2021 | 76
More patches for SolarWinds Orion after researchers find flaw allowing low-priv users to execute code, among others Probably not used by last year's US government-busting attackers, though Security03 Feb 2021 | 5
US court system ditches electronic filing, goes paper-only for sensitive documents following SolarWinds hack Lawyers required to hand in dead-tree copies. No, seriously Security01 Feb 2021 | 26
UK Cabinet Office spokesman tells House of Lords: We're not being complacent about impact of SolarWinds hack Lib Dem blows raspberry at Sir Humphrey-style non-answer Security26 Jan 2021 | 57
Microsoft SolarWinds analysis: Attackers hid inside Windows systems by wearing the skins of legit processes Thorough counter-detection methods laid bare by Redmond Security21 Jan 2021 | 21
FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion Instructions for spotting and keeping suspected Russians out of systems Security19 Jan 2021 | 18
SolarWinds malware was sneaked out of the firm's Orion build environment 6 months before anyone realised it was there – report Crowdstrike tech analysts explain how they think it slipped under the radar Security12 Jan 2021 | 14
Kaspersky Lab autopsies evidence on SolarWinds hack In a brave move, Russian firm fingers its own govt as one possible source of cyber badness Security12 Jan 2021 | 21
US courts system fears SolarWinds snafu could have let state hackers poke about in sealed case documents Problems for charging spies in future? Probably not, says ex-NCSC chief Security08 Jan 2021 | 15
Ah, right on time: Hacker-slammed SolarWinds sued by angry shareholders Plus: US intelligence names and shames Russia as probable culprit Security05 Jan 2021 | 27
Come, chant with us over a sacrificial goat and predict 2021's biggest tech stories to a high degree of accuracy Column Let's see Gartner top this Science05 Jan 2021 | 23
SolarWinds mess that flared in the holidays: Biz confirms malware targeted crocked Orion product CISA flags ‘further hardening’ advice as Microsoft reveals internal account compromises Security04 Jan 2021 | 9
Well, on the bright side, the SolarWinds Sunburst attack will spur the cybersecurity field to evolve all over again Column We have to be smarter than the baddies and expect the unexpected Security21 Dec 2020 | 66
Trump administration says Russia behind SolarWinds hack. Trump himself begs to differ Microsoft’s analysis of hack suggests someone else had a crack at SolarWinds in 2019 when next-level 'DLL hell' followed likely developer pipeline compromise Security20 Dec 2020 | 124
US nuke agency hacked by suspected Russian SolarWinds spies, Microsoft also gets backdoored Windows giant, nuclear administration play down danger – and kill switch found and activated Security18 Dec 2020 | 86
SolarWinds’ shares drop 22 per cent. But what’s this? $286m in stock sales just before hack announced? VC firms say they weren't aware Orion code had been backdoored Security16 Dec 2020 | 31
We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext' Updated 'solarwinds123' won't inspire confidence, if true Security16 Dec 2020 | 54
SolarWinds: Hey, only as many as 18,000 customers installed backdoored software linked to US govt hacks Analysis Orion networking monitoring users need to take action as we summarize what the hell is going on Security15 Dec 2020 | 109
Backdoored SolarWinds software, linked to US govt hacks, in wide use throughout the British public sector And what's the impact of months-long compromise? UK.gov won't say – as CISA orders shutdown of machines Security14 Dec 2020 | 38
US Treasury, Dept of Commerce hacks linked to SolarWinds IT monitoring software supply-chain attack Updated Russia's Cozy Bear fingered, FireEye details injected backdoor and says it's worldwide Security14 Dec 2020 | 79
OpenStack had a summit, so everyone's talking about it A soft serve this week for hungry net admins On-Prem24 May 2018 |
Meltdown/Spectre fixes made AWS CPUs cry, says SolarWinds CPU utilization up, throughput down, but a second fix may have restored normal service Security15 Jan 2018 | 27
Fistful of flaws blow away SolarWinds network appliances Five nasties await netadmins Networks27 Apr 2017 | 4
This is Frankfurt calling: Scattered outbreaks of hot crunchiness SNW Europe A mixed grill storage smorgasbord newsfeast Storage09 Nov 2012 | 2
Sysadmins: Basically a happy lot, but frustrated and underpaid Have you tried turning it off and on again? On-Prem05 Nov 2012 | 8