Printable View
You should probably post that in the Biden thread. As it has fuck all to do with this.Quote:
Originally Posted by raycarey
CISA has now said it affects companies other than SolarWinds customers, and they will release details when investigations are completed.
This is quite the global attack in reality.
44% of the known targets are IT, Software or Equipment vendors.
And they probably all provide updates to their customers.
Haven't heard yet whether any companies or governments in Asia were affected. Saw this today though, and wonder if it's an indication that Chinese orgs were affected as well.
"Chinese cybersecurity firm RedDrip Team published their findings on Github, saying its decoder tool had identified nearly a hundred suspected victims of the SolarWinds/Orion breach, including universities, governments and high tech companies."
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’ — Krebs on Security
Quote:
Originally Posted by TTraveler
Unfortunately I can't find a bigger version, but:
Attachment 61837
Confirmed:
Solarwinds
FireEye
Microsoft
VMWare
Cisco
Jungle drums suggest:
Fortinet
PaloAlto
Checkpoint
Of course some trumpanzee (probably on Parler) said Dominion used SolarWinds (they don't).
Interesting that Russia appears completely unscathed. :chitown:Quote:
Originally Posted by harrybarracuda
Indeed. But they are mates with the chinkies.Quote:
Originally Posted by TTraveler
Had an interesting call this afternoon that leaned me further in the Russia direction.
*taps nose*
And what did you learn on the call?Quote:
Originally Posted by harrybarracuda
was the md5 hash before or after the malicious code insertion ?Quote:
Originally Posted by harrybarracuda
Have you downloaded an nVidia update since April?Quote:
Originally Posted by baldrick
Quote:
Originally Posted by TTraveler
Sorry TLP:Red not Chatham House rule.
:)
Multiple security researchers and research teams have published over the weekend lists ranging from 100 to 280 organizations that installed a trojanized version of the SolarWinds Orion platform and had their internal systems infected with the Sunburst malware.
The list includes the names of tech companies, local governments, universities, hospitals, banks, and telecom providers.
The biggest names on this list include the likes of Cisco, SAP, Intel, Cox Communications, Deloitte, Nvidia, Fujitsu, Belkin, Amerisafe, Lukoil, Rakuten, Check Point, Optimizely, Digital Reach, and Digital Sense.
Partial lists of organizations infected with Sunburst malware released online | ZDNet
yes - were nvidia drivers compromised ?Quote:
Originally Posted by harrybarracuda
nVidia were and it's a supply chain attack.Quote:
Originally Posted by baldrick
Imagine if they were able to insert a little bit of code into every nVidia update?
from what I can gather this solar winds orion software was used to update firmwares and generally manage switches on a networkQuote:
Originally Posted by harrybarracuda
what evidence is there so far that vlads minions did more than compromise machines and steal data ? has any malware been found in any companies downloads , or is it still all speculation for clickbaits ?
There's your problem right there.Quote:
Originally Posted by baldrick
The SolarWinds Malware was inserted in April.
No-one identified it for seven months.
Anyone that has been compromised could have been used in a similar attack.
Cisco is obviously the biggest threat of the lot.
Having said that, it is a titanic failure on SolarWinds part to let someone modify their updates and them not actually notice.
It is a titanic failure not having waterproof bulkheads between the internet and your product building computer, a computer which should be clean-roomed and only accessible by sneaker-net.Quote:
Originally Posted by harrybarracuda
The same goes for all software developing computers, source code should not be accessible from outside.
and did the IT crowd check the md5s before installation ?
Probably not, and if they generated ones on the finished (and infected product) it would have passed muster anyway. And since it was signed by a legit SolarWinds certificate, it never raised a flag. There was no reason not to trust it.Quote:
Originally Posted by baldrick
It's a fucking shit show and a half. Now everyone and their aunties are having to query their vendors, especially in the OT space, asking for guarantees that they haven't been shipped bent code. And who the fuck wants to admit it?
The lawsuits coming SolarWinds way...
No mention of Chinese companies.Quote:
Originally Posted by harrybarracuda
Tight as an OZ grandmother:
Attachment 62445
https://daydaynews.cc/en/international/816152.html
Precisely why they are not excluded as suspects yet.Quote:
Originally Posted by OhOh
Let's finish the year with another sneaky fucking backdoor from a chinky company.
Quote:
Zyxel undocumented account (CVE-2020-29583)
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges
Username: zyfwp
Password: PrOw!aN_fXp
Zyxel is a Taiwanese company..Quote:
Originally Posted by harrybarracuda
Quote:
Originally Posted by harrybarracuda
Well hidden then.Quote:
Originally Posted by harrybarracuda
:rofl:
Probably the communal Zyxel Security advisor's login.
Security advisories | Zyxel
The vassal wanabe will have some reeducation one suspects, Jeopardising national security and pissing off the EU, may be the charges utilised.Quote:
Originally Posted by lom
:rolleyes:
Who like everyone else outsource manufacturing to Chinastan...Quote:
Originally Posted by lom
Security advisories | Zyxel
Yes, they have to do that after they've been rumbled... "Oh sorry, that was an accident". I expect this bloke will be looking for a new job soon, but he'll probably get one at another place that needs a new backdoor inserting.
https://www.linkedin.com/in/edward-y...alSubdomain=tw
:rofl:
I don't know how I missed this one, although in fairness it only affects companies in Chinastan forced to install "tax software" in Chinastan.
Fucking chinkies you cannot trust them for anything. That's why HooHoo will go for a Western vaccine.
:bananaman:
New GoldenHelper malware found in official Chinese tax softwareQuote:
In June, Trustwave reported the discovery of a dangerous new malware family dubbed GoldenSpy, hidden within tax payment software mandated by China Tax Bureau (CTB) for all businesses operating in the country.
This took an unexpected turn soon after Trustwave posted its findings and advice on how to defeat the unusually persistent malware. It quickly became apparent that the threat actors behind the malware had not only read Trustwave’s report, but then took swift action to reverse existing malware infections and attempt cover their tracks. In this Q&A, Brian Hussey, VP of cyber threat detection and response at Trustwave, discusses the ongoing game of cat and mouse between the security pros and threat actors.
Tax software again.
Smells a bit like Notpetya, which ground much of Ukraine (and companies like Mersk) to a hard stop after hiding out in a widely-used Ukrainian tax software.
Backdoor built in to widely used tax app seeded last week’s NotPetya outbreak | Ars Technica
Quote:
Originally Posted by harrybarracuda
Simplified Chinese,Quote:
Originally Posted by OhOh
Attachment 62677
Or simplifiedQuote:
Originally Posted by harrybarracuda
Attachment 62676
The thing is HooHoo I could have said this:
But you wouldn't understand any of it because you're not very bright.Quote:
"Some of the interesting techniques GoldenHelper uses include randomization of name whilst in transit, randomization of file system location, timestomping, IP-based DGA (Domain Generation Algorithm), UAC bypass and privilege escalation."
Every business has it's own metalanguage and I didn't get past this:Quote:
Originally Posted by harrybarracuda
1. Issued a spec,Quote:
Originally Posted by harrybarracuda
2. Review techies application,
3. If 2 < 1. Go 1 else go 4
4. Issue a internal comments doc.
5. Wait zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
6. If 2 < 1. Go 5 else go 1
5. Sell the App.
6. Spend bonus on frivolities
Impressive eh, or am I missing a critical loop?
Got to keep the recipe's a secret, lines 2. - 4. eh.
Attachment 62691
Oh look, HooHoo's resorting to the waffle again.Quote:
Originally Posted by OhOh
Let's just repeat the story so it sinks in:
The chinkies planted malware and backdoors in a tax program that the chinkies had forced foreign companies to use.
So Hoohoo resorts to talking about KFC as if somehow this is more important.
:chitown:
I've met Alex half a dozen times over recent years. The last time I found him propping up the pool bar at the birthplace of the Pina Colada wearing an England footy shirt. With these two in charge the sloppy Solarwinds security team are about to experience a world of hurt, and I'm sure several will be headed for the exits.
SolarWinds hires former Trump cyber security chief | IT PROQuote:
SolarWinds has hired the former head of the US Cybersecurity and Infrastructure Security Agency (CISA), Chris Krebs, in an effort to recover from last month’s cyber attack which left 18,000 customers exposed to what are believed to be Russian hackers.
Krebs was the first director of CISA, which was founded in 2018 as a part of US Homeland Security. He also led the effort to maintain the cyber safety of the 2020 US presidential election and was famously fired by President Trump after he proclaimed the election to be the most secure ever in US history.
SolarWinds has also taken on Facebook CSO Alex Stamos, who was previously hired by Zoom to help the video conferencing provider boost its security following incidents of ‘Zoom-bombing’, which led to numerous companies and institutions banning the use of the platform.
Krebs and Stamos have recently formed a security consulting business, of which expertise SolarWinds is now expected to benefit from.
The Solarwinds security team needs a big shock right about now, and hopefully those two leaders can deliver it.
Stamos in particular is a big fan of red teaming! :)Quote:
Originally Posted by TTraveler
Bejaysus what a mess.
The good news: they found it.Quote:
Originally Posted by harrybarracuda
But one must wonder how many more strains are in the system that haven't been found.
I got invited to an InfoBlox presentation yesterday. I sort of mentioned that spending six figures on a package that didn't detect shitloads of outbound DNS exfiltration wasn't really my thing.Quote:
Originally Posted by TTraveler
:)
Millions of Social Profiles Leaked by Chinese Data-Scrapers
Quote:
More than 400GB of public and private profile data for 214 million social-media users from around the world has been exposed to the internet – including details for celebrities and social-media influencers in the U.S. and elsewhere.
The leak stems from a misconfigured ElasticSearch database owned by Chinese social-media management company SocialArks, which contained personally identifiable information (PII) from users of Facebook, Instagram, LinkedIn and other platforms, according to researchers at Safety Detectives.
The server was found to be publicly exposed without password protection or encryption during routine IP-address checks on potentially unsecured databases, researchers said. It contained more than 318 million records in total.
Millions of Social Profiles Leaked by Chinese Data-Scrapers | Threatpost