3 members
1 file
63 links
Cybersecurity News and Quick takes by Tsudo
Download Telegram
to view and join the conversation
Dispatch: Cybersecurity News You Can Use - SMB Strategy, Ransomware Updates, Insurance Warnings and Holiday Backgrounds :) https://t.co/qZhwbEjxwt— //security (@forwardslashsec) December 4, 2020

December 04, 2020 at 12:19PM
via Twitter https://twitter.com/forwardslashsec
Uh oh, Orion. https://ift.tt/37dmmI4
Well, if you’re a SolarWinds Orion customer – Krypt3ia said it the most succinctly: “you should be on a conference bridge right now”, checking for the IOCs provided by FireEye and strategizing for a worst case Incident Response scenario as more details and indicators trickle in about this event.
How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication https://ift.tt/3r0IRYU
// An important insight. Realize that privileged access had to be established to get this key to generate the parallel valid cookie. Make sure changing secret keys is in your IR plan.
Cybersecurity News You Can Use: SolarWinds Edition - Insights and Observations from a week of dealing with SolarWinds Orion https://t.co/9EdqT5f39Y— //security (@forwardslashsec) December 20, 2020

December 19, 2020 at 06:45PM
via Twitter https://twitter.com/forwardslashsec
Russia’s SolarWinds Attack and Software Security https://ift.tt/3hVbSRq
The fundamental problem is one of economic incentives. The market rewards quick development of products... it does not reward security, safety or transparency. It doesn’t reward reliability past a bare minimum, and it doesn’t reward resilience at all.
Ransomware Profitability https://ift.tt/3aSS9i5
"The number rose 311% compared to 2019, Chainalysis said, blaming this sudden increase on "a number of new strains taking in large sums from victims" and "a few pre-existing strains drastically increasing earnings."
Another SolarWinds Orion Hack https://ift.tt/3rpqewO
Love this last line, "SolarWinds increased its profits by increasing its cybersecurity risk, and then transferred that risk to its customers without their knowledge or consent."