Security News > 2021 > October > Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0?

Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0?
2021-10-18 20:55

A month ago, the FBI, CISA and the U.S. Coast Guard Cyber Command warned that state-backed advanced persistent threat actors are likely among those who'd been actively exploiting a critical flaw in a Zoho-owned single sign-on and password management tool since early August.

In a recent Threatpost podcast, George Glass, head of threat intelligence at Redscan - a subdivision of the Kroll responder team that manages detection and response - said that the incident has worried the firm's main clients, who are concerned that it could turn into a similar scenario to the the calamitous, widespread SolarWinds attacks in April.

In the SolarWinds supply-chain attacks, "a trusted third party is impacted by some sort of zero day where there is very little in the way of detection for new and complex threats," Glass explained.

My guest today is George Glass, head of threat intelligence at Redscan, which is a subdivision of the Kroll responder team that manages detection and response: kind of like an MSP. He's here to talk about a recent alert from the FBI and two other U.S. cyber agencies about state- backed advanced persistent threats - APTs - and how they've likely been exploiting a flaw in the Zoho single sign on and password management solution since last month.

In a, in a slightly selfish way, I think that having a a good source of threat intelligence and the ability to understand vulnerabilities as they pop up, be these zero days or vulnerabilities that have patches available for them, understanding the potential impacts to your business, what operational risks a successful exploit could potentially lead to.

George Glass: Typically there'd be some digital forensics experts, obviously instant response experts who're hopefully equipped with the correct threat intelligence to let them know where to look for a particular threat actor activity, people that can effectively communicate throughout the business as well to any relevant teams that may need to engage with that.


News URL

https://threatpost.com/podcast-zoho-solarwinds/175553/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215
Zoho 4 0 3 4 0 7