Security News

Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public and private entities in a wide-ranging espionage campaign. In a new update posted to its advisory page, the company urged its customers to update Orion Platform to version 2020.2.1 HF 2 immediately to secure their environments.

Incident response teams are scrambling as after details emerged late Sunday of a sophisticated espionage campaign leveraging a software supply chain attack that allowed hackers to compromise numerous public and private organizations around the world. Among victims are multiple US government agencies, including the Treasury and Commerce departments, and cybersecurity giant FireEye, which stunned the industry last week when it revealed that attackers gained access to its Red Team tools.

Trojanized versions of SolarWinds' Orion IT monitoring and management software have been used in a supply chain attack leading to the breach of government and high-profile companies after attackers deployed a backdoor dubbed SUNBURST or Solorigate. SolarWinds' customer listing [1, 2] includes over 425 of the US Fortune 500, all top ten US telecom companies, hundreds of universities and colleges, all five branches of the US Military, the US Pentagon, the State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States.

Kevin Thompson, SolarWinds president and CEO, said his company is "Aware of a potential vulnerability" that may have been in "Updates which were released between March and June 2020 to our Orion monitoring products." The vandalized SolarWinds code is said to have been exploited by miscreants to sneak into networks within the US government bodies, among them the Treasury and the Department of Commerce's telecoms agency NTIA, where Orion is used.

The emails impersonate a member company of the COVID-19 vaccine supply chain to harvest account credentials, says IBM Security X-Force. A calculated cybercriminal operation is targeting companies in the coronavirus vaccine supply chain with phishing emails that appear to be designed to steal sensitive user credentials, IBM Security X-Force said in a report released Thursday.

Dell Technologies on Thursday announced new security offerings designed to address threats targeting the supply chain, a device's boot process, and sensitive data. For supply chain security, Dell unveiled SafeSupply Chain solutions.

Unknown hackers have been trying to compromise accounts and computer systems of employees in organizations involved in the COVID-19 vaccine supply chain. The targets? Select executives in sales, procurement, information technology and finance positions at organizations around the world associated with Gavi, The Vaccine Alliance's Cold Chain Equipment Optimization Platform program.

The Lazarus cybercriminal group is using a novel supply-chain attack against visitors to websites operated by the South Korean government and financial firms, in order to deliver dropper malware that eventually plants a remote access trojan on victim's PCs. The attacks use stolen digital certificates from two security firms, which allow Lazarus operators to corrupt a browser plug-in designed to protect users from being hacked. In this attack the Lazarus Group, notorious for its 2014 Sony Pictures Entertainment hack, exploits security software made by Wizvera.

The North Korea-linked threat actor known as Lazarus has been targeting users in South Korea through a supply chain attack that involves software typically required by government and financial organizations, ESET reported on Monday. Lazarus is the most well known hacker group that is believed to be operating on behalf of the North Korean government, with attacks ranging from espionage to profit-driven operations.

Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools on target systems. Attributing the operation to the Lazarus Group, also known as Hidden Cobra, Slovak internet security company ESET said the state-sponsored threat actor leveraged the mandatory requirement that internet users in the country must install additional security software in order to avail Internet banking and essential government services.