Software vendor SolarWinds has updated multiple versions of its Orion network-monitoring software to address the Sunburst backdoor that was added to its code and to block Supernova malware that exploited a vulnerability in Orion. But incident response experts have warned that full cleanup may take years.
The SolarWinds breach is a case study in how attackers can subvert a widely used piece of software to turn it to their advantage, says Lou Manousos, CEO of RiskIQ. The attack surface management expert details lessons all organizations must learn in the wake of this "unprecedented" attack.
Microsoft warned CrowdStrike of a failed attempt by unidentified attackers to access and read the company's emails, according to a blog post published by the security firm. The unsuccessful hacking incident is reportedly tied to the breach of SolarWinds.
This edition of the ISMG Security Report features insights from David Forscey, managing director at Aspen Cybersecurity Group, on improving supply chain security in the aftermath of the SolarWinds hack. Also featured: Black Hat Europe's key takeaways; keeping safe during the holidays.
To enhance organizations' security postures in the year ahead, CISOs must strengthen authentication processes, increase the use of network segmentation tools and deploy effective threat intelligence capabilities, two CISOs recommend.
In light of the SolarWinds supply chain breach and other security incidents, the United States has substantial work to do in building a resilient digital infrastructure, says David Forscey of the Aspen Cyber Group, who outlines a five-step road map.
In his first remarks about the massive hacking operation that leveraged a tainted SolarWinds Orion software update, President Donald Trump on Saturday downplayed the seriousness of the incident and contradicted Secretary of State Mike Pompeo, who had pointed a finger at Russia.
The NSA has issued a warning about two hacking techniques that could allow threat actors to access cloud resources by bypassing authentication mechanisms. The alert follows a week's worth of revelations over the SolarWinds breach that has affected government agencies and other organizations.
The latest edition of the ISMG Security Report features an analysis of what we know so far about the impact of the SolarWinds supply chain hack and how to respond.
A Deloitte survey has revealed that more than 90% of C-level executives slate less than 10% of their cybersecurity budgets to digital transformation projects.This large gap between budgets and technologies creates a cyber vulnerability, where the newest and least understood digital systems are potentially unmonitored...
Managing third-party risks is a key factor in maintaining business continuity, says Gaurav Mahendru, solutions architect, security and risk, at ServiceNow, who offers tips.
Following the discovery that attackers Trojanized SolarWinds' Orion software, expect the list of organizations that were running the backdoored network-monitoring tool to keep increasing. But with this being a suspected cyberespionage operation, attackers likely focused on only the juiciest targets.
Cybersecurity is often seen by fast-moving organisations as an expensive obstacle to innovation. The drive to keep up with the unrelenting pace of business can mean that secure coding is pushed to the backburner, with security managers stressed and stretched across too many developers. In addition, most of the budget...
Five U.S. government agencies have been hit so far via a sophisticated supply chain attack. The intrusions appear linked to subverted software updates for SolarWinds' Orion network monitoring product, which is widely used by businesses and the U.S. government.
Critical authentication vulnerabilities contained in certain GE Healthcare medical imaging products could allow attackers to gain access to sensitive patient data, alter data and affect the availability of the equipment, according to new advisories from the vendor and the U.S. Department of Homeland Security.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.