(As we reach the end of our open access to Metacurity’s daily emails and our special reports, we urge you to consider signing up now for a premium subscription. Or better yet, email us at info@metacurity.com and let us know your organization is interested in a special bulk license. Just don’t miss out on our unique content and upcoming premium offerings. Thank you for reading Metacurity.)

Dozens of email accounts at the U.S. Treasury Department were breached as part of the SolarWinds hack, Senator Ron Wyden (D-OR) said, and Treasury Secretary Steven Mnuchin confirmed, saying the hackers penetrated only the unclassified network.

Microsoft and not the U.S. intelligence agencies informed the Treasury Department of the email breach. (Raphael Satter / Reuters)

Related: NBC News, Reuters, Channel News Asia, TODAYonline, Financial Times Technology, CRN, RT News, New York Times, Reddit - cybersecurity, AP Top News, CBSNews.com, UPI.com, Politico, The Hill: Cybersecurity,  ibtimes.sg : Top News, Bloomberg Politics, Yahoo, Raw Story, The Guardian, Courthouse News Service, Stars and Stripes,  Business Insider

Kim Zetter @KimZetter

Per briefing today on SolarWinds hack, @RonWyden says IRS was not compromised or taxpayer data affected. However, hack of Treasury Department "appears to be significant." Treasury breach began in July, "the full depth of which isn’t known."

December 22nd 2020

146 Retweets311 Likes

The reach of infected victims of the SolarWinds hack extends to at least two dozen organizations, including top technology giants Cisco Systems, Intel, Nvidia, Deloitte LLP, VMware, and Belkin.

The hackers were also able to install surveillance backdoors into the California Department of State Hospitals and Kent State University systems. (Kevin Poulsen, Robert McMillan, Dustin Volz / Wall Street Journal)

Related: ZDNet, Dark Reading: Attacks/Breaches, Marketwatch, TechTarget, Engadget, CRN, Cyberscoop, New York Times - Nicole Perlroth, The Verge

Share

Ian Thornton-Trump, a former security adviser to SolarWinds, says he warned the company in 2017 that its survival depended on “an internal commitment to security.”

He terminated his contract with the company shortly after informing of this matter because he believed it wasn’t making changes that would have a “meaningful impact.” (Ryan Gallagher / Bloomberg)

Related: Reddit-hacking, IT Pro,  Daily Mail, Reddit-hacking, Technology - CBSNews.com

Microsoft published two important blog posts related to the SolarWinds hack. The first offers guidance on the techniques to consider when helping an organization respond to suspected identity compromise.

The second focuses on understanding and detecting the kinds of identity compromises used in attacks on several organizations.

SwiftOnSecurity @SwiftOnSecurity

MORE - NEW: Microsoft posts more on stolen SAML certificate token signing and detection Understanding “Solorigate”’s Identity IOCs - for Identity Vendors and their customers.Microsoft recently disclosed a set of complex techniques used by an advanced actor to execute attacks against several key customers. While we detected anomalies by analyzing requests from customer environments to the Microsoft 365 cloud, the attacks generalize to any Identity Provider or Service pro…aka.ms

December 22nd 2020

8 Retweets42 Likes

Catalin Cimpanu @campuscodi

Microsoft has published two important blog posts today. The first is a guide "on techniques to consider when helping an organization respond to a suspected systemic identity compromise, like we’re seeing in some victims of the Solorigate malware" microsoft.com/security/blog/…

December 21st 2020

54 Retweets147 Likes

Catalin Cimpanu @campuscodi

The second is a collection of techniques used in the identity-forging attacks after the Solorigate/Sunburst intrusions techcommunity.microsoft.com/t5/azure-activ…

December 21st 2020

19 Retweets40 Likes

Follow Us on Twitter

Photo by Ted Eytan from Washington, DC, USA - 2019.10.04 DC People and Places, Washington, DC USA 277 09012-2, CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=83244763