SolarWinds: Hackers Accessed Our Office 365 Since Early 2019
Hackers persistently accessed SolarWinds’ internal systems, Microsoft Office 365 environment and software development environment for months before carrying out their vicious cyberattack, the company said. By Michael Novinson May 07, 2021, 06:49 PM EDT
Hackers persistently accessed SolarWinds’ internal systems, Microsoft Office 365 environment and software development environment for months before carrying out their vicious cyberattack.
The Austin, Texas-based IT infrastructure management vendor said hackers compromised SolarWinds’ credentials and conducted research and surveillance via persistent access for at least nine months prior to their October 2019 trial run. Hackers tested their ability to inject code into SolarWinds Orion network monitoring software in fall 2019, months before they actually started putting poisoned code into Orion.
Required:
The ideal candidate would be 50% programmer and 50% hacker. Examples of qualifications that resemble this profile are as follows:
3-5 years’ experience in a software development field such as Software Developer, Architect, Software Quality Assurance, or Application Security Engineer
Highly proficient in at least one of the following development languages: C#, C++, Java, .NET, Node.js, or Python
Possess a strong understanding of application architectural patterns, such as MVC, Microservices, Event-driven etc.
Creative, organized, responsive, and highly thorough problem solver
Possess strong business acumen with ability to work with application development, QA and security teams.
Possess a restlessness or desire to break into things.
Product Security Engineer-REMOTE at Allstate / Insurance Journal Jobs insurancejournal.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from insurancejournal.com Daily Mail and Mail on Sunday newspapers.
Vulnerability in iPhone app exposed recorded phone calls
SHARE
A vulnerability in an iOS call recording app was found to give access to recorded phone calls by knowing the phone number of a user.
Detailed today by Anand Prakash from PingSafe AI, the vulnerability was discovered in an app known as “Automatic Call Recorder” that had been downloaded more than a million times from the Apple App Store. As its name suggests, the app records incoming and outgoing phone calls automatically.
The vulnerability related to insecure communications going in and out of the app. Using a proxy tool such as Burp Suite, Prakash could view and modify network traffic, allowing him to pass another user’s number in the recording request. The application programming interface would then respond with the URL of the Amazon Web Services Inc. S3 storage bucket where the recording was being stored.