Earlier this week, we learned that SolarWinds, the largest provider of network management tools for government and enterprise organizations fell victim to a supply chain attack. This attack affected their Orion network management system. Reportedly, 18,000 enterprise and government customers installed malware that was digitally signed by a valid certificate as part of an update from SolarWinds’ servers. Microsoft took control of one of the primary command-and-control domains, and a security researcher stated that he alerted the company in 2019 that anyone could access SolarWinds’ update server by using the password “solarwinds123.”
We also talk about a vulnerability in
Click here to continue reading this article.