NSA issued an advisory that hackers were exploiting VMWare’s and SolarWinds’ Orion vulnerabilities to perform federated login and execute attacks as part of SolarWinds hack.
CISA says that SolarWinds hack possibly affected federal, state, and local government agencies and critical infrastructure entities dealing with gas, electricity, and manufacturing.
The March 2020 SolarWinds hack, which was not discovered for months, has formally been blamed on Russian hackers by a coalition of US intelligence agencies.
Suspected Chinese hackers exploited a second SolarWinds hack to compromise the National Finance Center, which processes salaries for agencies including the FBI and the DHS.
Cybersecurity professionals were left in the dark as the SolarWinds attack unfolded. Looking at how this could have been prevented, three distinct vulnerabilities stand out.