HomeAboutMailing ListList Chatter /0/0 3.238.204.31

OT: InfoSec Moment - SolarWinds

2020-12-14 by: Stephen Kraus
From: Stephen Kraus 
------------------------------------------------------
If you've got a Solarwinds box and it was patched anytime since March,
isolate it now and reset any credentials associated on your domain with it,
and check your logs.

Solarwinds got compromised sometime prior to March, and the attackers
slipped in code into their codebase that was committed and signed with
Solarwind's cert and deployed in normal updates.

- Stephen Kraus

=============================================================== From: Stephen Kraus ------------------------------------------------------ For more info: https://www.zdnet.com/article/microsoft-fireeye-confirm-solarwinds-supply-chain-attack/ On Mon, Dec 14, 2020 at 9:47 AM Stephen Kraus wrote:

=============================================================== From: Billy ------------------------------------------------------ Wow! That=E2=80=99s a major issue. Over beers sometime I have a story to tell re: something that happened 10 or= so years ago that I can=E2=80=99t express in public forums :) It=E2=80=99s apropos to this. --b late it now and reset any credentials associated on your domain with it, and= check your logs. ped in code into their codebase that was committed and signed with Solarwind= 's cert and deployed in normal updates.