SUNSPOT Malware Was Used to Inject SolarWinds Backdoor

As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company’s Orion network monitoring platform. Called “Sunspot,” the malignant tool adds to a growing list of previously disclosed malicious software such as Sunburst and Teardrop.…

Poor Password Policies Initial Cause of Massive SolarWinds Breach

It is virtually impossible to estimate the scale of the ongoing cyberattack that relied on administrative tools developed by the security vendor SolarWinds, according to a memo released on Wednesday, January 6, 2021, by the Administrative Office (AO) of the U.S. Courts. While we don’t know the scope of the incident, we do know it was the result of poor password policies on the vendor’s end.

Poor Password Policies Initial Cause of Massive SolarWinds Breach

It is virtually impossible to estimate the scale of the ongoing cyberattack that relied on administrative tools developed by the security vendor SolarWinds, according to a memo released on Wednesday, January 6, 2021, by the Administrative Office (AO) of the U.S. Courts. While we don’t know the scope of the incident, we do know it was the result of poor password policies on the vendor’s end.