Security News

United Kingdom's Information Commissioner's Office has warned organizations that fell victim to the SolarWinds hack that they are required to report data breaches within three days after their discovery. The UK independent authority urged organizations using compromised versions of the SolarWinds Orion IT management platform to check for evidence of attackers infiltrating their network and gaining access to personal information.

U.S. President-Elect Joe Biden has criticized the Trump administration over the lack of response regarding the SolarWinds response and for failing to officially attribute the attacks. The SolarWinds hack is "a massive cybersecurity breach against US companies, many of them, as well as federal agencies" according to Biden.

How can and should governments respond to and better protect themselves from serious cyberattacks from hostile nations? The attackers who exploited a security flaw in SolarWinds' Orion network monitoring software to breach government agencies and large companies were almost certainly acting on behalf of a nation-state.

Texas-based IT management and monitoring solutions provider SolarWinds told the U.S. Securities and Exchange Commission that its executives were not aware that the company had been breached when they decided to sell stock. Just days before the hack came to light, the firm's two biggest investors, Silver Lake and Thoma Bravo, sold more than $280 million in stock to a Canadian public pension fund.

US Senator Ron Wyden said that dozens of US Treasury email accounts were compromised by the threat actors behind the SolarWinds hack. The senator also added that the SolarWinds hackers also breached the systems in the Departmental Offices division of the US Treasury, a department that is the "Home to the department's highest-ranking officials."

Security researchers have shared lists of organizations where threat actors deployed Sunburst/Solarigate malware in attempts to further compromise their networks, after ongoing investigations of the SolarWinds supply chain attack. To build the list of victims infected with the Sunburst backdoor via the compromised update mechanism of the SolarWinds Orion IT management platform, the researchers decoded a dynamically generated part of the C2 subdomain for each of the compromised devices.

In an 8-K filing to the US Securities and Exchange Commission, SolarWinds has given more details on exactly how it learned its servers were spewing out malware. Security shop FireEye, as well as other sources, have confirmed that the main malware controller being used in the SolarWinds attack has been killed off this week.

The recent SolarWinds software supply chain breach is a clear indication that strong OT cybersecurity is a must-have in today's threat environment. Waterfall's technologies have long enabled integration between OT networks and enterprise networks without the risk of any attack getting back into the protected network.

VMware and Cisco have shared information on the impact of the SolarWinds incident, and VMware has responded to reports that one of its products was exploited in the attack. The NSA advisory on the exploitation of the VMware vulnerability also mentions SAML abuse and security blogger Brian Krebs reported learning from sources that the SolarWinds attackers also exploited the VMware flaw.

VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks but denied further exploitation attempts. VMware also disputed media reports that a zero-day vulnerability in multiple VMware products reported by the NSA was used as an additional attack vector besides the SolarWinds Orion platform to compromise high-profile targets.