CISA Says Victims of SolarWinds Hack Could Have Configured Firewalls to 'Neutralize' Malware
SEC probes companies who failed to report SolarWinds breach, Half of the defense contractors could be vulnerable to ransomware, Transmit Security raises unprecedented $543M in Series A round, more
Check out my latest column in CSO, which walks through the upcoming requirements for government contractors to supply software bills of material to shore up the security and safety of software.
In a June 3 letter sent by Senator Ron Wyden (D-OR), the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) said that victims of the SolarWinds hack did not configure firewalls on their SolarWinds servers so that they blocked all outbound connections, which would have “neutralized” the malware.
Targets of the Russian hackers behind the SolarWinds breach who did set up their firewalls that way "successfully blocked connection attempts" and had no "follow-on exploitation,” according to CISA. In asking CISA about the breach, Wyden’s office said that the servers running SolarWinds software did not need to send outbound traffic. Moreover, decade-old guidance from the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) has …
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.