How to Make Your Next Cybersecurity Compliance Audit a Breeze csoonline.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from csoonline.com Daily Mail and Mail on Sunday newspapers.
(Source: Mike via Flickr) The SolarWinds supply chain attack should prompt federal agencies and others to rethink how they approach security issues - especially identity and access management, according to a breakdown of the attack presented this week by the National Institute of Standards and Technology and the U.S. Cybersecurity and Infrastructure Security Agency.
At NIST s Information Security and Privacy Advisory Board meeting, Jay Gazlay, a technical strategist with CISA who has been examining the attack since it was first disclosed in December 2020, presented an analysis of what the agency has learned about the attack to date. That included a detailed timeline of how the hackers implanted a backdoor in a software update for SolarWind s Orion network monitoring platform. The update with the backdoor was eventually installed by about 18,000 of the company s customers.