Security News > 2020 > December > More on the SolarWinds Breach
Among those who use SolarWinds software are the Centers for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and a number of utility companies.
CISA has directed everyone to remove SolarWinds from their networks.
In one previously unreported issue, multiple criminals have offered to sell access to SolarWinds' computers through underground forums, according to two researchers who separately had access to those forums.
Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds' update server by using the password "Solarwinds123".
EDITED TO ADD: Both the Wayback Machine and Brian Krebs have saved the SolarWinds customer page.
News URL
https://www.schneier.com/blog/archives/2020/12/more-on-the-solarwinds-breach.html