Displaying items by tag: SUNBURST

Microsoft claims to have detected what it characterises as nation-state activity by an adversary it calls Nobelium — the SolarWinds attackers who are also known as APT29 and Cozy Bear — trying to gain access to customers of multiple cloud providers, including itself.

Global cyber security firm Kaspersky claims to have discovered a new backdoor it has named Tomiris which shows signs of being connected to the same actor behind the attacks on SolarWinds which were revealed last year.

GUEST OPINION by Joe Slowik, Gigamon: Network security operations generally and network security monitoring (NSM) evolve more specifically with technology like any other information technology (IT) field.

SolarWinds today released its eighth annual IT trends report. Its findings paint a picture where organisations everywhere have exposure to enterprise IT risk, but where risk preparedness is being met with apathy and complacency as businesses exit their COVID-19 crisis mode. The opportunity is there for IT leaders and tech pros to steer their company's future.

The SolarWinds attack, and all its ramifications, have made news headlines for months. Tim Brown, the company’s CISO and VP of Security spoke exclusively to iTWire to lay out what really happened - and what did not happen.  It is also a sobering call to how software development practices can never be the same again.

Spending on cyber security in 2021 is forecast to grow by 10% in the worst-case scenario, the technology research firm Canalys says.

Cyber security firm FireEye has released new guidance for those who have been compromised by the SolarWinds attackers to harden their environments and remediate areas where attacks are feared.

Russian security firm Kaspersky says it has found some similarities in the methods used by the SUNBURST malware, that was used in a supply chain attack on a number of US firms disclosed in December, and long-time attacker, the Turla Group.

The NSW Department of Health, a user of the Orion network management software that was compromised in a supply chain attack, says it was alerted on 14 December to the fact that an attack had taken place.

Federal authorities are likely to be looking into security practices at Texas-based SolarWinds and would have secured evidence during a raid on their offices in the wake of the revelations about cyber attacks being launched using the company's supply chain as a vector, a senior infosec practitioner says.

Researchers from FireEye and Microsoft claim to have discovered a global intrusion campaign, using the Orion network monitoring system sold by SolarWinds, with a trojan being implanted into a file which was part of updates for the product; the compromised file was given the name SUNBURST. The software runs on Windows.