SolarWinds Hack New Evidence Suggests Potential Links to Chinese Hackers
A malicious web shell deployed on Windows systems by leveraging a previously undisclosed zero-day in SolarWinds Orion network monitoring software may have been the work of a possible Chinese threat group.
In a report published by Secureworks on Monday, the cybersecurity firm attributed the intrusions to a threat actor it calls Spiral.
Back on December 22, 2020, Microsoft disclosed that a second espionage group may have been abusing the IT infrastructure provider s Orion software to drop a persistent backdoor called Supernova on target systems.
The findings were also corroborated by cybersecurity firms Palo Alto Networks Unit 42 threat intelligence team and GuidePoint Security, both of whom described Supernova as a .NET web shell implemented by modifying an app web logoimagehandler.ashx.b6031896.dll module of the SolarWinds Orion application.
Bug in Apple s Find My Feature Could ve Exposed Users Location Histories
Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple s crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby by deanonymizing users.
The findings are a consequence of an exhaustive review undertaken by the Open Wireless Link (OWL) project, a team of researchers from the Secure Mobile Networking Lab at the Technical University of Darmstadt, Germany, who have historically taken apart Apple s wireless ecosystem with the goal of identifying security and privacy issues.
SolarWinds Blames Intern for solarwinds123 Password Lapse
As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years.
The said password solarwinds123 was originally believed to have been publicly accessible via a GitHub repository since June 17, 2018, before the misconfiguration was addressed on November 22, 2019.
But in a hearing before the House Committees on Oversight and Reform and Homeland Security on SolarWinds on Friday, CEO Sudhakar Ramakrishna testified that the password had been in use as early as 2017.