This week’s cybersecurity news has been dominated by one event, the SolarWinds supply chain attack. On Sunday, the Washington Post published anarticledetailing who is possibly behind the attack. The sentiment was echoed in a New York Timesarticlepublished on the same day. While the finger-poi...
In itsrecent blog post, Microsoft’s team of researchers disclosed that during their investigation into the SolarWinds supply chain attack, they realized that some of the company’s source code was accessed by the same group of hackers. However, the company confirmed that the attackers couldn’t...
The SolarWinds supply chain attack is also how hackers gained access to FireEye's own network, which the company disclosed earlier this week. The Washington Post cited sources claiming that multiple other government agencies were also impacted. ...
The hackers used a method known as asupply chain attackto insert malicious code into the Orion system. A supply chain attack works by targeting a third party with access to an organization's systems rather than trying to hack the networks directly. The third-party software, in this case the...
This is called a supply-chain attack, because it targets a supplier to an organization rather than an organization itself—and can affect all of a supplier’s customers. It’s an increasingly common way to attack networks. Other examples of this sort of attack includefake appsin the Google ...
"While governments have spied on each other for centuries, the recent attackers used a technique that has put at risk the technology supply chain for the broader economy," Smithsaid after disclosing the attacks. He said this was an attack "on the trust and reliability of the world's critical...
In today's world your network is subject to a multitude of vulnerabilities and potential intrusions and it seems like we see or hear of a new attack weekly. A data breach is arguably the most costly and damaging of these attacks and while loss of data is painful the residual impact of th...
The scale of a sophisticated cyberattack on the U.S. government that was unearthed this week is much bigger than first anticipated. The Cybersecurity and Infrastructure Security Agency said in asummary Thursdaythat the threat “poses a grave risk to the federal government.” ...
Microsoft has a long history of working with federal investigators and the U.S. courtsto seize control over domains involved in global malware menaces, particularly when those sites are being used primarily to attack Microsoft Windows customers. ...
We refer to this asa supply chain attack, which is the introduction of malware into a trusted piece of software that organizations are likely to use due to the trust placed in the vendor. We can speculate that the threat actors likely had a great degree network access and took their time ...