Security News

Cybersecurity researchers have unearthed a fourth new malware strain-designed to spread the malware onto other computers in victims' networks-which was deployed as part of the SolarWinds supply chain attack disclosed late last year. "The discovery of Raindrop is a significant step in our investigation of the SolarWinds attacks as it provides further insights into post-compromise activity at organizations of interest to the attackers," Symantec researchers said.

In the aftermath of the SolarWinds hack, a better understanding of third-party hacks in any update that you provide to your colleagues, bosses, and even the board of directors may be warranted. Any such update that you provide on SolarWinds should certainly cover whether or not your organization is one of the 300,000 SolarWinds customers and whether or not you were one of the 18,000 or so that were using the specific version of Orion that was hacked.

We explain how two French researchers hacked the Google Titan security key product, and dig into the Mimecast certificate compromise story to see what we can all learn from it. WHERE TO FIND THE PODCAST ONLINE. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.

Someone has set up a website named SolarLeaks where they are offering to sell gigabytes of files allegedly obtained as a result of the recently disclosed SolarWinds breach. The SolarLeaks website offers source code allegedly obtained from Microsoft, Cisco, SolarWinds and FireEye.

Email security company Mimecast on Tuesday revealed that a sophisticated threat actor had obtained a certificate provided to certain customers. According to Mimecast, it learned from Microsoft that hackers had compromised a certificate used to authenticate Mimecast Continuity Monitor, Internal Email Protect, and Sync and Recover products with Microsoft 365 Exchange Web Services.

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company's software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. According to SolarWinds and a technical analysis from CrowdStrike, the intruders were trying to work out whether their "Sunspot" malware - designed specifically for use in undermining SolarWinds' software development process - could successfully insert their malicious "Sunburst" backdoor into Orion products without tripping any alarms or alerting Orion developers.

The malware that was utilised to hack SolarWinds checked to see whether software used to compile the firm's Orion product was running before deploying its payload, according to Crowdstrike. In a blog post late last night, the infosec firm said the Orion-targeting malware, which it codenamed Sunspot, had "Several safeguards" to ensure its deployment of compromised code into new Orion builds didn't trigger SolarWinds' suspicions.

A website named 'SolarLeaks' is selling data they claim was stolen from companies confirmed to have been breached in the SolarWinds attack. Net website was launched that claims to be selling the stolen data from Microsoft, Cisco, FireEye, and SolarWinds.

Crowdstrike researchers have documented Sunspot, a piece of malware used by the SolarWinds attackers to insert the Sunburst malware into the company's Orion software. SolarWinds has also revealed a new timeline for the incident and the discovery of two customer support incidents that they believe may be related to the Sunburst malware being deployed on customer infrastructure.

CrowdStrike, one of the cybersecurity companies called in by IT management firm SolarWinds to investigate the recently disclosed supply chain attack, on Monday shared details about a piece of malware used by the attackers to insert a backdoor into SolarWinds' Orion product. According to CrowdStrike, the threat group behind the attack on SolarWinds used a piece of malware named Sunspot to inject the previously analyzed Sunburst backdoor into the Orion product without being detected.