New evidence suggests #SolarWinds hackers likely compromised the software build infrastructure of Orion platform & added malicious code, which was then eventually delivered within new updates that the company compiled, signed, and delivered.
SolarWinds attackers mimic the software developers' coding style and naming standards to blend in their malicious code with the rest of the code.
Although first version containing the backdoor was traced to 2019.4.5200.9083, new report says version 2019.4.5200.8890, from October 2019, included an empty .NET class that attackers added to verify if their modifications to the codebase were being delivered into new updates.
Citing unnamed sources, media said the latest cyberattacks against #FireEye and U.S. government agencies were the work of Russian state-sponsored #APT29 or Cozy Bear #hacking group.
According to FireEye, attackers tampered with a #software update released by #SolarWinds, which eventually led to the compromise of numerous public and private organizations around the world with #SUNBURST backdoor.
Researchers confirm the new #Windows vulnerability, dubbed 'SigRed,' is a wormable bug, allowing attackers to launch #malware attacks that can spread from one vulnerable computer to another without any human interaction.
If exploited, #SigRed Windows Server #vulnerability enables hackers to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials, and eventually compromise an organization's entire IT infrastructure.
#Strandhogg task hijacking vulnerability can be exploited to display a fake user interface (UI) while tricking users into thinking they are using a legitimate app, making it easy for the malware to steal their credentials using spoofed login interfaces.
All the attacker needs to do is… interrupt the network connectivity of a targeted client system and Tadaaaa...! the lock screen will disappear
Starting with Windows 10 1803 and #Windows Server 2019, this flaw exists when login over #RDP requires the clients to authenticate with Network Level Authentication, an option that #Microsoft recently recommended as a workaround against the critical #BlueKeep RDP vulnerability.
"Two-factor authentication systems that integrate with the Windows login screen, such as Duo Security MFA, are also bypassed using this mechanism. Any login banners enforced by an organization will also be bypassed." @wdormann confirmed.
EXCLUSIVE — A hacker who previously claimed to have hacked massive databases [millions of records] from multiple websites and then put them online for sale in 3 rounds has now come back with a new set of databases breached from 6 other websites
(story coming shortly, stay tuned)
[ROUND 4] List of breached sites:
1) Youthmanual — Indonesian college and career platform 2) GameSalad — Online learning platform 3) Bukalapak — Online Shopping Site 4) Lifebear — Japanese Online Notebook 5) EstanteVirtual — Online Bookstore 6) Coubic — Appointment Scheduling
[Story] Round 4 — Hacker Puts 26 Million New Accounts Up For Sale On the Dark Web