#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

SolarWinds | Breaking Cybersecurity News | The Hacker News

Detecting the "Next" SolarWinds-Style Cyber Attack

Detecting the "Next" SolarWinds-Style Cyber Attack

Apr 13, 2021
The SolarWinds attack , which succeeded by utilizing the sunburst malware , shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments, the perpetrators were also able to infiltrate many other organizations, looking for intellectual property and other assets. Among the co-victims: US government, government contractors, Information Technology companies, and NGOs. An incredible amount of sensitive data was stolen from several customers after a trojanized version of SolarWinds' application was installed on their internal structures. Looking at the technical capabilities of the malware, as you will see, this particular attack was quite impressive. A particular file, named  SolarWinds.Orion.Core.BusinessLayer.dll  is a SolarWinds digitally signed component of the Orion software framework. The threat actors installed a back
Another Critical RCE Flaw Discovered in SolarWinds Orion Platform

Another Critical RCE Flaw Discovered in SolarWinds Orion Platform

Mar 26, 2021
IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE). Chief among them is a JSON deserialization flaw that allows an authenticated user to execute arbitrary code via the  test alert actions  feature available in the Orion Web Console, which lets users simulate network events (e.g., an unresponsive server) that can be configured to trigger an alert during setup. It has been rated critical in severity. A second issue concerns a high-risk vulnerability that could be leveraged by an adversary to achieve RCE in the Orion Job Scheduler. "In order to exploit this, an attacker first needs to know the credentials of an unprivileged local account on the Orion Server," SolarWinds  said  in its release notes. The advisory is light on technical specifics,
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Feb 14, 2024Financial Security / Cyber Threats
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more limited resources. The FinServ Threat Landscape Recent trends show an alarming increase in sophisticated cyber-attacks. Cybercriminals now deploy advanced techniques like deep fake technology and AI-powered attacks, making it increasingly difficult for banks to differentiate between legitimate and malicious activities. These developments necessitate a shift towards more sophisticated and adaptive cybersecurity measures. Take these industry statistics, for example. Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, appl
Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code

Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code

Mar 17, 2021
Email security firm Mimecast on Tuesday revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded source code out of a limited number of repositories. "The threat actor did access a subset of email addresses and other contact information and hashed and salted credentials," the company  said  in a write-up detailing its investigation, adding the adversary "accessed and downloaded a limited number of our source code repositories, as the threat actor is reported to have done with other victims of the SolarWinds Orion supply chain attack." But Mimecast said the source code downloaded by the attackers was incomplete and would be insufficient to build and run any aspect of the Mimecast service and that it did not find signs of any tampering made by the threat actor to the build process associated with the executables that are distributed to its customers.  On January 12, Mimecast  disclosed  that "a sophisticated th
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
Cybersecurity Webinar — SolarWinds Sunburst: The Big Picture

Cybersecurity Webinar — SolarWinds Sunburst: The Big Picture

Mar 09, 2021
The SolarWinds Sunburst attack has been in the headlines since it was first discovered in December 2020.  As the so-called layers of the onion are peeled back, additional information regarding how the vulnerability was exploited, who was behind the attack, who is to blame for the attack, and the long-term ramifications of this type of supply chain vulnerabilities continue to be actively discussed.  Cybersecurity company Cynet is taking a needed step back to provide a full picture of the SolarWinds attack from start to finish in an upcoming webinar, " Lessons Learned from the SolarWinds SUNBURST Attack ." Information regarding many aspects of the attack has been coming out in pieces, but we haven't yet seen this type of comprehensive overview of the technical steps behind the full attack, as well as clear recommendations for protecting against similar future attacks. And this is precisely what's needed so security professionals can gain insights on the attack tact
Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

Mar 05, 2021
FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "sophisticated second-stage backdoor," as the investigation into the  sprawling espionage campaign  continues to yield fresh clues about the threat actor's tactics and techniques.  Dubbed GoldMax (aka SUNSHUTTLE), GoldFinder, and Sibot, the new set of malware adds to a growing list of malicious tools such as  Sunspot ,  Sunburst  (or Solorigate),  Teardrop , and  Raindrop  that were stealthily delivered to enterprise networks by  alleged Russian operatives . "These tools are new pieces of malware that are unique to this actor," Microsoft  said . "They are tailor-made for specific networks and are assessed to be introduced after the actor has gained access through compromised credentials or the SolarWinds binary and after moving laterally with Teardrop and other hands-on-keyboard actions." Microsoft al
SolarWinds Blames Intern for 'solarwinds123' Password Lapse

SolarWinds Blames Intern for 'solarwinds123' Password Lapse

Mar 01, 2021
As cybersecurity researchers continue to piece together the sprawling  SolarWinds supply chain attack , top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years.  The said password " solarwinds123 " was originally believed to have been publicly accessible via a GitHub repository since June 17, 2018, before the misconfiguration was addressed on November 22, 2019. But in a  hearing  before the House Committees on Oversight and Reform and Homeland Security on SolarWinds on Friday, CEO Sudhakar Ramakrishna testified that the password had been in use as early as 2017. While a preliminary investigation into the attack revealed that the operators behind the espionage campaign managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the Sunburst backdoor, Crowdstrike's incident response efforts pointed to a  revi
The Top Free Tools for Sysadmins in 2021

The Top Free Tools for Sysadmins in 2021

Feb 25, 2021
It's no secret that sysadmins have plenty on their plates. Managing, troubleshooting, and updating software or hardware is a tedious task. Additionally, admins must grapple with complex webs of permissions and security. This can quickly become overwhelming without the right tools. If you're a sysadmin seeking to simplify your workflows, you're in luck. We've gathered some excellent software picks to help tackle different duties more efficiently.  Thankfully, these free tools are also respectful of tight budgets—without sacrificing core functionality. Best for Permissions Management: SolarWinds Permissions Analyzer for Active Directory Whether you are part of an organization with many members or numerous resources, keeping track of permissions can be challenging. Changes in responsibilities, titles, or even employment statuses can influence one's access to proprietary data. Each user has unique privileges. We not only need to visualize these but manage them on
SolarWinds Hackers Stole Some Source Code for Microsoft Azure, Exchange, Intune

SolarWinds Hackers Stole Some Source Code for Microsoft Azure, Exchange, Intune

Feb 19, 2021
Microsoft on Thursday said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there's no evidence that they abused its internal systems to target other companies or gained access to production services or customer data. The disclosure builds upon an  earlier update  on December 31, 2020, that uncovered a compromise of its own network to view source code related to its products and services. "We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories," the Windows maker had previously disclosed. "The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.". Now according to the company, besides viewing few individual files by searching throug
3 New Severe Security Vulnerabilities Found In SolarWinds Software

3 New Severe Security Vulnerabilities Found In SolarWinds Software

Feb 03, 2021
Cybersecurity researchers on Wednesday disclosed three severe security vulnerabilities impacting SolarWinds products, the most severe of which could have been exploited to achieve remote code execution with elevated privileges. Two of the flaws (CVE-2021-25274 and CVE-2021-25275) were identified in the SolarWinds Orion Platform, while a third separate weakness (CVE-2021-25276) was found in the company's Serv-U FTP server for Windows,  said  cybersecurity firm Trustwave in a technical analysis. None of the three vulnerabilities are believed to have been exploited in any "in the wild" attacks or during the unprecedented  supply chain attack  targeting the Orion Platform that came to light last December. The two sets of vulnerabilities in Orion and Serv-U FTP were disclosed to SolarWinds on December 30, 2020, and January 4, 2021, respectively, following which the company resolved the issues on January 22 and January 25. It's highly recommended that users install th
In the Wake of the SolarWinds Hack, Here's How Businesses Should Respond

In the Wake of the SolarWinds Hack, Here's How Businesses Should Respond

Jan 27, 2021
Throughout 2020, businesses, in general, have had their hands full with IT challenges. They had to rush to accommodate a sudden shift to remote work. Then they had to navigate a rapid adoption of automation technologies. And as the year came to a close, more businesses began trying to assemble the safety infrastructure required to return to some semblance of normal in 2021. But at the end of the year,  news of a massive breach  of IT monitoring software vendor SolarWinds introduced a new complication – the possibility of a wave of secondary data breaches and cyber-attacks. And because SolarWinds' products have a presence in so many business networks, the size of the threat is massive. So far, though, most of the attention is getting paid to large enterprises like Microsoft and Cisco (and the US Government), who were the primary target of the SolarWinds breach. What nobody's talking about is the rest of the 18,000 or so SolarWinds clients who may have been affected. For them
Here's How SolarWinds Hackers Stayed Undetected for Long Enough

Here's How SolarWinds Hackers Stayed Undetected for Long Enough

Jan 21, 2021
Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures (TTPs) adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer picture" of one of the most sophisticated attacks in recent history. Calling the threat actor "skillful and methodic operators who follow operations security (OpSec) best practices," the company said the attackers went out of their way to ensure that the initial backdoor ( Sunburst  aka Solorigate) and the post-compromise implants ( Teardrop  and  Raindrop ) are separated as much as possible so as to hinder efforts to spot their malicious activity. "The attackers behind Solorigate are skilled campaign operators who carefully planned and executed the attack, remaining elusive while maintaining persistence," researchers from Microsoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)
SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

Jan 20, 2021
Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after  FireEye ,  Microsoft , and  CrowdStrike . The company said its intrusion was not the result of a SolarWinds compromise, but rather due to a separate initial access vector that works by "abusing applications with privileged access to Microsoft Office 365 and Azure environments." The discovery was made after Microsoft notified Malwarebytes of suspicious activity from a dormant email protection app within its  Office 365 tenant  on December 15, following which it performed a detailed investigation into the incident. "While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor," the company's CEO Marcin Kleczynski  said  in a post. "We found no evidence of unauthorized access or compromise in any of o
Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack

Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack

Jan 19, 2021
Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims' networks—which was deployed as part of the  SolarWinds supply chain attack  disclosed late last year. Dubbed "Raindrop" by Broadcom-owned Symantec, the malware joins the likes of other malicious implants such as  Sunspot , Sunburst (or Solorigate), and Teardrop that were stealthily delivered to enterprise networks. The latest finding comes amid a continued probe into the breach, suspected to be of  Russian origin , that has claimed a number of U.S. government agencies and private sector companies. "The discovery of Raindrop is a significant step in our investigation of the SolarWinds attacks as it provides further insights into post-compromise activity at organizations of interest to the attackers," Symantec researchers  said . The cybersecurity firm said it discovered only four samples of Raindrop to date that were used to d
Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor

Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor

Jan 12, 2021
As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform. Called " Sunspot ," the malignant tool adds to a growing list of previously disclosed malicious software such as Sunburst and Teardrop. "This highly sophisticated and novel code was designed to inject the Sunburst malicious code into the SolarWinds Orion Platform without arousing the suspicion of our software development and build teams," SolarWinds' new CEO Sudhakar Ramakrishna  explained . While  preliminary evidence  found that operators behind the espionage campaign managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the Sunburst backdoor, the latest findings reveal a new timeline that establishes the first brea
Cybersecurity Resources