Security News

Microsoft should soon have some idea which and how many SolarWinds customers were affected, as it recently took possession of a key domain name used by the intruders to control infected systems. In a Dec. 14 filing with the U.S. Securities and Exchange Commission, SolarWinds said roughly 33,000 of its more than 300,000 customers were Orion customers, and that fewer than 18,000 customers may have had an installation of the Orion product that contained the malicious code.

The press is reporting a massive hack of US government networks by sophisticated Russian hackers. One government official said it was too soon to tell how damaging the attacks were and how much material was lost, but according to several corporate officials, the attacks had been underway as early as this spring, meaning they continued undetected through months of the pandemic and the election season.

As the debris from the explosive SolarWinds hack continues to fly, it has been a busy 48 hours as everyone scrambles to find out if, like various US government bodies, they've been caught in the blast. Fast forward to the weekend, and various US government organizations discovered they too had been hacked, with Russia's APT29 aka Cozy Bear team suspected by officials.

Concern is gathering over the effects of the backdoor inserted into SolarWinds' network monitoring software on Britain's public sector - as tight-lipped government departments refuse to say whether UK institutions were accessed by Russian spies. Research by The Register has shown that SolarWinds' Orion is used widely across the British public sector, ranging from the Home Office and Ministry of Defence through NHS hospitals and trusts, right down to local city councils.

An Indian national who moved to California on an H1-B work visa was sentenced to 24 months in prison last week for accessing and damaging Cisco's network. Ramesh is a former Cisco employee, who resigned in April 2018.

Incident response teams are scrambling as after details emerged late Sunday of a sophisticated espionage campaign leveraging a software supply chain attack that allowed hackers to compromise numerous public and private organizations around the world. Among victims are multiple US government agencies, including the Treasury and Commerce departments, and cybersecurity giant FireEye, which stunned the industry last week when it revealed that attackers gained access to its Red Team tools.

Kevin Thompson, SolarWinds president and CEO, said his company is "Aware of a potential vulnerability" that may have been in "Updates which were released between March and June 2020 to our Orion monitoring products." The vandalized SolarWinds code is said to have been exploited by miscreants to sneak into networks within the US government bodies, among them the Treasury and the Department of Commerce's telecoms agency NTIA, where Orion is used.

Hackers broke into the networks of federal agencies including the Treasury and Commerce departments as U.S. government officials said Sunday that they were working to identify the scope of the breach and to fix the problem. The hacks were revealed just days after a major cybersecurity firm disclosed that foreign government hackers had broken into its network and stolen the company's own hacking tools.

The EMA, based in Amsterdam in The Netherlands, is responsible for the evaluation and approval of medicines in the European Union - a role reflected in its former name, the European Agency for the Evaluation of Medicinal Products. There's no suggestion of when the attack was discovered, how it was found, when it probably started, how extensive it seems to have been, how much disruption it has caused, whether anyone outside the EMA was potentially affected, how long it's likely to take to restore the network to normal, or what the EMA is doing right now to stop it happening again.

Google has updated its Chrome web browser, fixing four bugs with a severity rating of "High" and eight overall. An updated 87.0.4280.88 version of Chrome addresses the bugs and will "Roll out over the coming days/weeks," Google wrote.