2021年3月15日 · SolarWinds Orion is prone to one vulnerability that could allow for authentication bypass. API authentication can be bypassed by including specific parameters in the Request.PathInfo portion of a URI request, which could allow an attacker to execute unauthenticated API commands.

SolarWinds, a Texas -based provider of network monitoring software to the U.S. federal government, had shown several security shortcomings prior to the attack. [49][50] SolarWinds did not employ a chief information security officer or senior director of cybersecurity. [45][51] Cybercriminals had been selling access to SolarWinds's infrastructure...

2022年1月13日 · The Russian Foreign Intelligence Service hacked SolarWinds network management software, which is widely used in the U.S. government. Also, Chinese government affiliates likely exploited a vulnerability in the Microsoft Exchange Server, …

2020年12月19日 · Microsoft believes that the ultimate goal of these attacks was to gain access to victims' cloud assets after deploying the Sunburst/Solorigate backdoor on their local networks. Researchers...

2021年6月4日 · Impact, detection, response, and ongoing fallout from the attack on SolarWinds' Orion remote IT management software. Details of the 2020 SolarWinds attack continue to unfold, and it may be...

The SolarWinds Compromise was a sophisticated supply chain cyber operation conducted by APT29 that was discovered in mid-December 2020.

In December 2020, FireEye, a cybersecurity consulting firm, uncovered and disclosed what is now called the SolarWinds operation. Hackers inserted malicious code into an update for SolarWinds’ popular network management platform, known as Orion.

2021年4月22日 · Beginning in September 2019, a campaign of cyberattacks, now identified to be perpetrated by the Russian Foreign Intelligence Service (hereafter referred to as the threat actor), breached the computing networks at SolarWinds—a …

SolarWinds, a significant player in the software sphere, suffered an attack that began in September 2019. As a result of the attack, over 18,000 SolarWinds customers ended up installing updates containing malicious code. Hackers used it to …

2021年2月8日 · FireEye immediately tracked the attack back to a March 2020 update from SolarWinds, a Texas-based company that makes IT management software. The software in question, Orion, was corrupted by malicious code embedded in a software update that was then installed by around 18,000 SolarWinds customers.