SolarWinds
SEC Sends Wells Notice to SolarWinds Executives
On June 23, 2023, SolarWinds revealed via an SEC Form 8-K filing that the U.S. Securities and Exchange Commission (SEC) notified the company that “certain current and former executive officers and employees ...
Beyond SolarWinds: 6 More Notable Software Supply Chain Attacks
SolarWinds has become almost a household name and for all the wrong reasons: beginning in 2019, the system management company was the target of one of the largest software supply chain attacks ...
Protecting the Digital Experience
Optimizing digital experience is all the rage today, as the tech industry finally got religion about ensuring end customers—whether external buyers or internal employees—can seamlessly and simply do what they need to ...
Software Supply Chain Attacks: Clear and Present Danger
More than a year after the SolarWinds Sunburst attack and most companies are still exposed to software supply chain attacks. In a study conducted by Argon Security at Aqua Security, it was ...
New Russian Hacks Revealed—but U.S. Says it’s Microsoft’s Fault
Microsoft has issued another of its “look how clever we are” writeups of detecting APT29 hackers. But the U.S. government sees it differently ...
How the SolarWinds Hack (almost) went Undetected
My lightning talk from the SEC-T 0x0D conference has now been published on YouTube. This 13 minute talk covers tactics and techniques that the SolarWinds hackers used in order to avoid being ...
Supply Chain Security – Not As Easy As it Looks
The massive exploit of SolarWinds is a prime example of what is called a “supply chain” vulnerability. The vast majority of those impacted by the Russian SolarWinds attack probably had never even ...
SolarWinds Hackers Targeting Government Agencies Via Email
Threat actor Nobeliumm, the state-backed Russian group of cybercriminals behind last year’s SolarWinds hacking campaign, has launched a new attack targeting government agencies, think tanks, consultants and non-governmental organizations, according to Microsoft ...
Detecting CVE-2021-31166 – HTTP vulnerability
By Ben Reardon, Corelight Security Researcher In this blog we aim to provide a little insight into part of the lifecycle of Corelight Lab’s response to a critical HTTP vulnerability. We’ve open-sourced ...
Why You Should Start Caring About Oversharing
Today’s website owners are focused on building a great online experience for their users. Digital transformation is all about shifting how we do business and offer services – and today’s rich web ...
