Security News
SolarWinds is urging customers to patch a Serv-U remote code execution vulnerability exploited in the wild by "a single threat actor" in attacks targeting a limited number of customers. "Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability," the company said in an advisory published on Friday.
In yet another sign that the Russian hackers who breached SolarWinds network monitoring software to compromise a slew of entities never really went away, Microsoft said the threat actor behind the malicious cyber activities used password spraying and brute-force attacks in an attempt to guess passwords and gain access to its customer accounts. Nobelium is the name assigned by Microsoft to the nation-state adversary responsible for the unprecedented SolarWinds supply chain attacks that came to light last year.
New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security. The good news is that security teams are beefing up network defenses, but the bad news is that most companies have recently suffered a cybersecurity incident that required a board meeting.
New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security. The good news is that security teams are beefing up network defenses, but the bad news is that most companies have recently suffered a cybersecurity incident that required a board meeting.
Microsoft says it has observed new activity associated with Nobelium, the Russia-linked threat actor that compromised IT management and monitoring solutions provider SolarWinds. The SolarWinds attack was brought to light in early December 2020 and it involved compromising SolarWinds' Orion monitoring product to deliver trojanized updates to the company's customers worldwide, in an effort to breach their networks.
The spies who backdoored SolarWinds' Orion software infiltrated Microsoft's support desk systems last month and obtained information to use in cyber-attacks on some of the Windows giant's customers, it was reported. Microsoft customers targeted by the support desk intruder have been alerted.
US markets watchdog the Securities and Exchanges Commission has begun a probe into last year's SolarWinds cyberattack, in a bid to find out who else might have been compromised. The news agency also said the SEC is keen to know whether "Public companies that had been victims had experienced a lapse of internal controls, and related information on insider trading", which could also involve issues around data protection.
Secureworks, and Volexity shed light on a new spear-phishing activity unleashed by the Russian hackers who breached SolarWinds IT management software, the U.S. Department of Justice Tuesday said it intervened to take control of two command-and-control and malware distribution domains used in the campaign. Com - were used to communicate and control a Cobalt Strike beacon called NativeZone that the actors implanted on the victim networks.
Uncle Sam on Tuesday said it had seized two web domains used to foist malware on victims using spoofed emails from the US Agency for International Development. The malicious messages, masquerading as legitimate emails from USAID, went out to thousands of email accounts at over a hundred different organizations.
The ongoing multi-vendor investigations into the SolarWinds mega-hack took another twist this week with the discovery of new malware artifacts that could be used in future supply chain attacks. According to a new report from anti-malware firm SentinelOne, the latest wave of attacks being attributed to APT29/Nobelium threat actor includes a custom downloader that is part of a "Poisoned update installer" for electronic keys used by the Ukrainian government.