Opinion by #SolarWinds. 🤣 #cybersecurity #infosec

And they've got nerve: "The government should further incentivize companies for responsible disclosure and information-sharing."

Paving a Path to Security by Design Across the Industry https://www.infosecurity-magazine.com/opinions/security-design-across-industry/

Excellent podcast from @CarbonCopy with guests from Climate Change AI and Google discussing #EnergyGrids #ML #AI #usecase #machinelearning #datascience #distributedenergy #solarwinds #PredictiveModels #chatgpt and what this could mean for shaping a clean energy future. 🌎 ⚡ 💻

https://www.canarymedia.com/podcasts/the-carbon-copy/how-ai-is-being-used-in-energy-right-now

The article about #SolarWinds by WIRED reads like a Jeff Aiken novel by Mark Russinovich. As a software engineer, I wonder about the complexity of our build system, which is reasonably proportional to the complexity of the product. How can I simplify it? How can I ensure that every step of the way is safe and building my lines of code and not trojan horses?

https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/

#SupplyChain #Attack #OrionSoftware #SVR #Hacker

Mother Nature is relentless today. 90° in the shade before noon. Horrible #HFBAND conditions. #mclass #SolarFlares High #solarwinds and will likely get worse with approaching #geomagneticstorm #solarcycle25 #spaceweather #spacewx #hamradio #amateurradio #pota #parksontheair #cwoperator

Solar Winds, the enterprise technology company made famous after suffering a nation state directed cyber attack in 2020, has been served notice by the SEC that further action is coming. Not only did they receive their own Wells Notice in October, but now two individuals, their CFO and CISO, have as well.

This is the first time a CISO has received a Wells Notice.

What should corporate directors know and do about this? To shed some light on the practical implications for business leaders we will ask for insights from two of our OODA network experts, Bob Flores and Junaid Islam.

See the video at:

https://youtu.be/qyVasswen4E

#solarwinds #sec #wellsnotice #cybersecurity #defcon #ciso #ooda

True boyscouts. #wired #solarwinds

What a morning. #Solarflares #solarwinds & an FT8 mini pileup. What more can one ask for from such a great hobby #amateurradio #hamradio #pota #parksontheair

@ZXVintage The advert on the left for #Bloodymoney is an original artwork by Peter Andrew Jones, used on the cover of the brilliant book #Protector by Larry Niven. Jones' artwork was one of the outstanding designs in sci-fi, really giving a feel for out-worldly things. #scifi #gameart #solarwinds

This was an incredible read. And terrifying. #cybersecurity #solarwinds https://infosec.exchange/@kimzetter/110299561344876341

https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/ is an absolutely fantastic article that will definitely be turned into a 6 part podcast with far too many ads and filler.

#infosec #SolarWinds #WiredMagazine

#SolarWinds: The Untold Story of the Boldest Supply-Chain Hack — Fascinating #cybersecurity deep dive https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/

#USA #Cybersecurity #SupplyChain #DOJ #SolarWinds: "According to sources with knowledge of the incident, the DOJ discovered suspicious traffic passing from the server to the internet in late May, so they asked one of the foremost security and digital forensics firms in the world—Mandiant—to help them investigate. They also engaged Microsoft, though it’s not clear why. (A Justice Department spokesperson confirmed that this incident and investigation took place but declined to say whether Mandiant and Microsoft were involved. Neither company chose to comment on the investigation.)

According to the sources familiar with the incident, investigators suspected the hackers had breached the Justice Department server directly, possibly by exploiting a vulnerability in the SolarWinds software. The Justice Department team contacted the company, even referencing a specific file that they believed might be related to the issue, according to the sources, but SolarWinds’ engineers were unable to find a vulnerability in their code. After weeks of back and forth the mystery was still unresolved, and the communication between investigators and SolarWinds stopped. (SolarWinds declined to comment on this episode.) The department, of course, had no idea about Volexity’s uncannily similar hack."

https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/

#SolarWinds : The Untold Story of the Boldest Supply-Chain #Hack

The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation.
#SupplyChain

https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/

Fantastic reporting by @kimzetter here - a year long report into what went down with #Solarwinds.

I'd like to highlight this bit. Zero trust, my arse. Lots of new details in this report. https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/

#USA #Cybersecurity #DoJ #Hacking #SolarWinds: "WIRED can now confirm that the operation was actually discovered by the DOJ six months earlier, in late May 2020—but the scale and significance of the breach wasn’t immediately apparent. Suspicions were triggered when the department detected unusual traffic emanating from one of its servers that was running a trial version of the Orion software suite made by SolarWinds, according to sources familiar with the incident. The software, used by system administrators to manage and configure networks, was communicating externally with an unfamiliar system on the internet. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked. It also engaged Microsoft, though it’s not clear why the software maker was also brought onto the investigation."

https://www.wired.com/story/solarwinds-hack-public-disclosure/

#SolarWinds Platform Update Patches High-Severity Vulnerabilities #cybersecurity https://www.securityweek.com/solarwinds-platform-update-patches-high-severity-vulnerabilities/ @SecurityWeek

Referenced link: https://www.darkreading.com/vulnerabilities-threats/russian-intel-services-behind-barrage-espionage-cyberattacks
Originally posted by Dark Reading / @DarkReading@twitter.com: https://twitter.com/DarkReading/status/1647985513935118345#m

The threat group behind the SolarWinds supply chain attacks is back with new tools for spying on officials in NATO countries and Africa. @nerdiegaga has the story. https://www.darkreading.com/vulnerabilities-threats/russian-intel-services-behind-barrage-espionage-cyberattacks #SolarWinds

#Coronaholes in the #sun causing #solarwinds to hit #Earth

https://www.naturalnews.com/2023-04-11-coronal-hole-on-sun-creates-second-hole.html

Referenced link: https://www.darkreading.com/endpoint/automatic-officlal-updates-malicious-3cx-enterprises
Originally posted by Dark Reading / @DarkReading@twitter.com: https://twitter.com/DarkReading/status/1641794061580337160#m

Massive supply chain cyberattack via digitally signed & compromised 3CX DesktopApp causing some SolarWinds & Kaseya deja vu. @jaivijayan has the story: https://www.darkreading.com/endpoint/automatic-officlal-updates-malicious-3cx-enterprises #SolarWinds #3CXDesktopApp #supplychain

Second 'Giant Hole' Appears on #Sun: #SolarWinds to Hit #Earth This Week

https://www.sciencealert.com/second-giant-hole-appears-on-sun-solar-winds-to-hit-earth-this-week