Displaying items by tag: Orion network management software

The US Securities and Exchange Commission has sued software vendor SolarWinds and its chief information security officer, Timothy Brown, over fraud and internal control failures relating to allegedly known cyber security risks and vulnerabilities.

The use of infrastructure based in the US by the attackers in the first stage of the SolarWinds supply chain compromise is one factor which has inhibited the investigation into the incident, as this meant it was effectively blocked from being pursued by the NSA, the security firm RiskIQ says.

The United States has alleged that the Russian security agency known as the Foreign Intelligence Service was responsible for the attack on the supply chain of SolarWinds Orion network management software.

Organisations in Australia are forecast to spend more than $4.9 billion on enterprise information security and risk management products and services in 2021, an increase of 8% year-on-year, the technology analyst firm Gartner says.

A Republican senator from Ohio has criticised the US Government over taking more than three months to say who was accountable for not stopping the SolarWinds supply chain attack that first came to light in December 2020.

Email security firm Mimecast says a hit on its infrastructure by attackers who used the SolarWinds supply chain to gain access, went deeper than already reported, with some of the company's source code being stolen.

Microsoft and security firm FireEye's Mandiant Threat Intelligence division have published further details about the SolarWinds attacks, but neither company has fully verified the claims they make.

Comments made by Microsoft president Brad Smith to the US Senate Select Committee on Intelligence, which held a hearing on the SolarWinds attacks last week, claiming that there is more security in the cloud than in on-premises servers, have met a tough response from former NSA hacker Jake Williams, who characterised them as having caused more harm to security than the SolarWinds attackers did in the first place.

Microsoft has admitted that the malicious attackers involved in a supply chain attack gained access to some part of the source code for its Azure, Exchange and Intune products.

ANALYSIS The assertion by Microsoft President Brad Smith during a 60 Minutes interview with CBS on Sunday that the supply chain attack revealed by security firm FireEye in December was "the largest and most sophisticated attack the world has ever seen" has once again raised the question of the extent to which Microsoft was involved in this attack.

Email security firm Mimecast has admitted that the compromise of a certificate it had issued for some Microsoft services is connected to the SolarWinds supply chain incident.

The lack of timing and detail in Microsoft's announcement about its source code being accessed by the attackers who used SolarWinds' Orion network management software in a supply chain attack can only mean that this is bad news, the Israel-based source code control, detection, and response solution start-up Cycode, claims.

Attackers who claim they are responsible for the supply chain attack on the Texas firm SolarWinds, say they have data from their exploits which they wish to sell.

Email security provider Mimecast says it has been informed by Microsoft that a certificate it issued for authentication of Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised.

Russian security firm Kaspersky says it has found some similarities in the methods used by the SUNBURST malware, that was used in a supply chain attack on a number of US firms disclosed in December, and long-time attacker, the Turla Group.

The kind of silly claims made by Western news media when it comes to cyber security attacks can be gauged from the latest "exclusive" put out by the British news agency Reuters: a claim that the FBI is investigating a postcard sent to security firm FireEye after it began looking closely at an attack on its own infrastructure.

The NSW Department of Health, a user of the Orion network management software that was compromised in a supply chain attack, says it was alerted on 14 December to the fact that an attack had taken place.

The first chief information security officer of the US Government says he cannot figure out why the intelligence community did not find out about the attacks launched on various government agencies and private firms in advance "and give US Cyber Command the information needed to interdict these actors before they struck".

Federal authorities are likely to be looking into security practices at Texas-based SolarWinds and would have secured evidence during a raid on their offices in the wake of the revelations about cyber attacks being launched using the company's supply chain as a vector, a senior infosec practitioner says.

Breached cyber security company FireEye has explicitly said that the alleged Russian group APT29 is not behind the attack on its own infrastructure and a number of other private and public firms, according to the head of security company Dragos.