#solarwinds

The CISA KEV Catalog now lists vulnerabilities affecting Microsoft Configuration Manager, Notepad++, SolarWinds Web Help Desk, and Apple systems, including SQL injection, code bypass, and buffer overflow flaws.

Source: CISA

Bình Thuận Province in South Vietnam. It is one of the windiest, sunniest and dryest place in the country, thus it has seen many solar and wind farms being built in Vietnam's recent renewable boom. Besides fast-growing industry such as energy and tourism, traditionally its people made their living through fishing and farming.

your data was probably exposed, too

Never thought I'd screencap a Mitt Romney tweet, but that's how bad this is: Even this dude is PO'd at the lack of White House response to what, in essence, is an act of war against several nations' governmental, civic, and private computer networks.

A few to worry about, beyond our nuclear arsenal:

The IRS - all your private information might be in the hands of Russian hackers now.

Microsoft - everyone using their software and cloud services have likely been exposed.

Infrastructure - power companies and utilities were breached, too.

Hospital networks - what a time for them to be dealing with data and network hacks.

...and pretty much every other major network and cloud storage system.

These hacks took place a while back, and most traces of what the attackers did were erased, so cyber-security experts assume they also installed more malware and back doors... this isn't over.

Sen. Elizabeth Warren (D-MA) visited with Stephen Colbert last night.

She wasted no time summarizing what is happening to the opposition party...

“The Republican Party is eating itself. And it is discovering that that meal is poisonous.”

She also talked about the sorry state of US cybersecurity. Putin-stooge Donald Trump was unwilling to take measures which might offend his master in Moscow. The result has been a seemingly endless series of cyberattacks on the US originating in Russia.

The worst hack on the US was uncovered last December when Trump was more interested in overturning the presidential election which he had just lost.

SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy and Commerce Departments

The recent ransomware attack on Colonial Pipeline most likely had at least indirect links to the Russian government. Investigative reporter and author Michael Weiss told the PBS NewsHour...

It is true that the FSB — that is the domestic security agency of the Russian government — has often outsourced its hacking operations to various criminal rogue elements, not only in the Russian Federation territory itself, but in other countries.

They have created this environment, this permissive environment, which has allowed these cyber-operators to proliferate. I find it very hard to believe that Russia's counterintelligence or their intelligence services haven't figured out who the actors were. And if they had given them a kind of by your leave, as it were, to go after targets in the West, but to do so with this veil of plausible deniability, that wouldn't surprise me in the least at all.

Colonial Pipeline is, of course, a private company. Despite its important role in America’s energy infrastructure it hadn’t been required to share cybersecurity information with the FBI or federal investigators. That is part of the Republican legacy of deregulation. President Biden is putting such slackness to an end. On Wednesday he signed an executive order tightening cybersecurity for both the public sector and all private enterprises that do business with the government.

Biden Signs Executive Order to Bolster Federal Government’s Cybersecurity

What’s also needed, though seldom stated publicly, is an offensive capability to hit back when attacked. Russia could afford to hack at will because the Kremlin knew that Trump would not do anything about it.

A surprising factor regarding cybersecurity is immigration – but not in a way many people might think.

Prof. Terry Thompson at Johns Hopkins University explains:

Many U.S. companies outsource software development because of a talent shortage, and some of that outsourcing goes to companies in Eastern Europe that are vulnerable to Russian operatives.

This outsourcing has increased to a large degree because of Trump’s immigration policies. Instead of attracting skilled immigrants to this country, companies are outsourcing the work abroad.

The vulnerability of the software supply chain – the collections of software components and software development services companies use to build software products – is a well-known problem in the security field. In response to a 2017 executive order, a report by a Department of Defense-led interagency task force identified “a surprising level of foreign dependence,” workforce challenges and critical capabilities such as printed circuit board manufacturing that companies are moving offshore in pursuit of competitive pricing. All these factors came into play in the SolarWinds attack.

SolarWinds, driven by its growth strategy and plans to spin off its managed service provider business in 2021, bears much of the responsibility for the damage, according to cybersecurity experts.  I believe that the company put itself at risk by outsourcing its software development to Eastern Europe, including a company in Belarus. Russian operatives have been known to use companies in former Soviet satellite countries to insert malware into software supply chains.

Belarus is basically a satellite of Putin’s Russia. d’oh!

There’s also a shortage of cybersecurity talent in the U.S. Engineers, software developers and network engineers are among the most needed skills across the U.S., and the lack of software engineers who focus on the security of software in particular is acute. 

It’s better to have qualified software engineers settle here and work under US supervision than to have anonymous remote workers overseas whose companies may be in thrall to some potential malefactor. We also need to make higher education more accessible and more affordable in the US to help end the shortage in cybersecurity experts. 

Sen. Warren feels that cyber defense needs to be taken as seriously as traditional military defense. In her words, attacks “aren’t just about bombs any more”.

American officials insist that the type of attack Microsoft reported falls into the category of the kind of spying major powers regularly conduct against one another. Still, the operation suggests that even while the two governments say they are meeting regularly to combat ransomware and other maladies of the internet age, the undermining of networks continues apace in an arms race that has sped up as countries sought Covid-19 vaccine data and a range of industrial and government secrets.

“Spies are going to spy,” John Hultquist, the vice president for intelligence analysis at Mandiant, the company that first detected the SolarWinds attack, said on Sunday at the Cipher Brief Threat Conference in Sea Island, where many cyberexperts and intelligence officials met. “But what we’ve learned from this is that the S.V.R., which is very good, isn’t slowing down.”

It is not clear how successful the latest campaign has been. Microsoft said it recently notified more than 600 organizations that they had been the target of about 23,000 attempts to enter their systems. By comparison, the company said it had detected only 20,500 targeted attacks from “all nation-state actors” over the past three years. Microsoft said a small percentage of the latest attempts succeeded but did not provide details or indicate how many of the organizations were compromised.

google’s user database has been hacked, but not their services.  you can still use some of their stuff anonymously.