The recent SolarWinds hack, started this March, and was apparently much more serious than expected, including many government and defense applications. I will pass along the most interesting aspects of this, and aim to link to longer term implications.
I note in Schneier's blog a piece on how the Solarwinds hack bypassed multi factor authentication. Instructive.
Then in "Security Now' with Steve Gibson an overview of the whole event as understood to date:
https://www.grc.com/sn/SN-797-Notes.pdf Pages 12-17, with attached podcast which outlines the extent and severity of the hack. Below the intro. Much more at the link:
SolarWinds
FireEye:
The story begins with last Tuesday's news and admission from FireEye that they were hacked. FireEye is a three and a half billion dollar security company, one of the largest of its kind in the world. It was founded in 2004, has more than 8,500 customers spread across 103 countries and more than 3,200 employees worldwide.
In his disclosure of the event, FireEye's CEO Kevin Mandia explained what they knew then: ... "
No comments:
Post a Comment