Had an interesting call this afternoon that leaned me further in the Russia direction.
*taps nose*
Multiple security researchers and research teams have published over the weekend lists ranging from 100 to 280 organizations that installed a trojanized version of the SolarWinds Orion platform and had their internal systems infected with the Sunburst malware.
The list includes the names of tech companies, local governments, universities, hospitals, banks, and telecom providers.
The biggest names on this list include the likes of Cisco, SAP, Intel, Cox Communications, Deloitte, Nvidia, Fujitsu, Belkin, Amerisafe, Lukoil, Rakuten, Check Point, Optimizely, Digital Reach, and Digital Sense.
Partial lists of organizations infected with Sunburst malware released online | ZDNet
from what I can gather this solar winds orion software was used to update firmwares and generally manage switches on a network
what evidence is there so far that vlads minions did more than compromise machines and steal data ? has any malware been found in any companies downloads , or is it still all speculation for clickbaits ?
There's your problem right there.
The SolarWinds Malware was inserted in April.
No-one identified it for seven months.
Anyone that has been compromised could have been used in a similar attack.
Cisco is obviously the biggest threat of the lot.
Having said that, it is a titanic failure on SolarWinds part to let someone modify their updates and them not actually notice.
It is a titanic failure not having waterproof bulkheads between the internet and your product building computer, a computer which should be clean-roomed and only accessible by sneaker-net.
The same goes for all software developing computers, source code should not be accessible from outside.
and did the IT crowd check the md5s before installation ?
Probably not, and if they generated ones on the finished (and infected product) it would have passed muster anyway. And since it was signed by a legit SolarWinds certificate, it never raised a flag. There was no reason not to trust it.
It's a fucking shit show and a half. Now everyone and their aunties are having to query their vendors, especially in the OT space, asking for guarantees that they haven't been shipped bent code. And who the fuck wants to admit it?
The lawsuits coming SolarWinds way...
No mention of Chinese companies.
Tight as an OZ grandmother:
https://daydaynews.cc/en/international/816152.html
Let's finish the year with another sneaky fucking backdoor from a chinky company.
Zyxel undocumented account (CVE-2020-29583)
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges
Username: zyfwp
Password: PrOw!aN_fXp
Well hidden then.
Probably the communal Zyxel Security advisor's login.
Security advisories | Zyxel
The vassal wanabe will have some reeducation one suspects, Jeopardising national security and pissing off the EU, may be the charges utilised.
Who like everyone else outsource manufacturing to Chinastan...
Security advisories | Zyxel
Yes, they have to do that after they've been rumbled... "Oh sorry, that was an accident". I expect this bloke will be looking for a new job soon, but he'll probably get one at another place that needs a new backdoor inserting.
https://www.linkedin.com/in/edward-y...alSubdomain=tw
I don't know how I missed this one, although in fairness it only affects companies in Chinastan forced to install "tax software" in Chinastan.
Fucking chinkies you cannot trust them for anything. That's why HooHoo will go for a Western vaccine.
New GoldenHelper malware found in official Chinese tax softwareIn June, Trustwave reported the discovery of a dangerous new malware family dubbed GoldenSpy, hidden within tax payment software mandated by China Tax Bureau (CTB) for all businesses operating in the country.
This took an unexpected turn soon after Trustwave posted its findings and advice on how to defeat the unusually persistent malware. It quickly became apparent that the threat actors behind the malware had not only read Trustwave’s report, but then took swift action to reverse existing malware infections and attempt cover their tracks. In this Q&A, Brian Hussey, VP of cyber threat detection and response at Trustwave, discusses the ongoing game of cat and mouse between the security pros and threat actors.
Tax software again.
Smells a bit like Notpetya, which ground much of Ukraine (and companies like Mersk) to a hard stop after hiding out in a widely-used Ukrainian tax software.
Backdoor built in to widely used tax app seeded last week’s NotPetya outbreak | Ars Technica
There are currently 4 users browsing this thread. (0 members and 4 guests)