“If everyone fought for their own convictions there would be no war.” https://www.reddit.com/r/ParlerWatch/co ... ntext=1000so a group of developers latched onto the Press Release that Twilio put out at midnight last night. In that Press Release, Twilio accidentally revealed which services Parler was using. Turns out it was all of the security authentications that were used to register a user. This allowed anyone to create a user, and not have to verify an email address, and immediately have a logged-on account
Moscow has denied involvement in the hack, which U.S. intelligence agencies publicly attributed here to Russian state actors.
The postcard carries FireEye’s logo, is addressed to CEO Kevin Mandia, and calls into question the ability of the Milpitas, California-based firm to accurately attribute cyber operations to the Russian government.
People familiar with Mandia’s postcard summarized its content to Reuters. It shows a cartoon with the text: “Hey look Russians” and “Putin did it!”
The opaque message itself did not help FireEye find the breach, but rather arrived in the early stages of its investigation. This has led people familiar with the matter to believe the sender was attempting to “troll” or push the company off the trail by intimidating a senior executive.
“If everyone fought for their own convictions there would be no war.” EasyDNS Newsletter wrote:The SolarWinds shit-show keeps on shitting
The Solarwinds hack may be even worse than originally thought, as possibly as many as 250 government agencies may have been compromised. The original intrusion led to numerous compromises against numerous other organizations ranging from aforementioned US government departments, to security firm FireEye, to Microsoft.
In late December, investigators combing through the wreckage seem to have found another back door installed by a second threat actor.
This time it’s a webshell that infects a legitimate .NET component within Solarwinds’ Orion network monitoring application that has been modified to evade malware detection systems. It’s been dubbed SUPERNOVA and it enables remote attackers to execute arbitrary commands on the servers running the infected version of the software.
The trojan appears to have been present since possibly as far back as March 24, 2020, the time stamp of the compilation of the component.
SolarWinds hack may be much worse than originally feared
Some 250 government agencies and businesses may have been affected
By Kim Lyons
Jan 2, 2021, 4:50pm EST
The Russia-linked SolarWinds hack which targeted US government agencies and private corporations may be even worse than officials first realized, with some 250 federal agencies and business now believed affected, the New York Times reported.
Microsoft has said the hackers compromised SolarWinds’ Orion monitoring and management software, allowing them to “impersonate any of the organization’s existing users and accounts, including highly privileged accounts.” The Times reports that Russia exploited layers of the supply chain to access the agencies’ systems.
The Times reports that early warning sensors that Cyber Command and the NSA placed inside foreign networks to detect potential attacks appear to have failed in this instance. In addition, it seems likely that the US government’s attention on protecting the November elections from foreign hackers may have taken resources and focus away from the software supply chain, according to the Times. And conducting the attack from within the US apparently allowed the hackers to evade detection by the Department of Homeland Security.
Microsoft said earlier this week it had discovered its systems were infiltrated “beyond just the presence of malicious SolarWinds code.” The hackers were able to “view source code in a number of source code repositories,” but the hacked account granting the access didn’t have permission to modify any code or systems. However, in a small bit of good news, Microsoft said it found “no evidence of access to production services or customer data,” and “no indications that our systems were used to attack others.”
https://www.theverge.com/2021/1/2/22210 ... ersecurity
New SUPERNOVA backdoor found in SolarWinds cyberattack analysis
By Ionut Ilascu
December 21, 2020 09:17 AM 1
While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor.
Named SUPERNOVA, the malware is a webshell planted in the code of the Orion network and applications monitoring platform and enabled adversaries to run arbitrary code on machines running the trojanized version of the software.
https://www.bleepingcomputer.com/news/s ... -analysis/
Sealed U.S. Court Records Exposed in SolarWinds Breach
The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts.
07JAN 21
The judicial branch agency said it will be deploying more stringent controls for receiving and storing sensitive documents filed with the federal courts, following a discovery that its own systems were compromised as part of the SolarWinds supply chain attack. That intrusion involved malicious code being surreptitiously inserted into updates shipped by SolarWinds for some 18,000 users of its Orion network management software as far back as March 2020.
“The AO is working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings,” the agency said in a statement published Jan. 6.
“An apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation,” the statement continues. “Due to the nature of the attacks, the review of this matter and its impact is ongoing.”
The AO declined to comment on specific questions about their breach disclosure. But a source close to the investigation told KrebsOnSecurity that the federal court document system was “hit hard,” by the SolarWinds attackers, which multiple U.S. intelligence and law enforcement agencies have attributed as “likely Russian in origin.”
The source said the intruders behind the SolarWinds compromise seeded the AO’s network with a second stage “Teardrop” malware that went beyond the “Sunburst” malicious software update that was opportunistically pushed out to all 18,000 customers using the compromised Orion software. This suggests the attackers were targeting the agency for deeper access to its networks and communications.
https://krebsonsecurity.com/2021/01/sea ... ds-breach/
