CISA Orders Agencies to Mitigate Pulse Secure VPN Risks databreachtoday.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from databreachtoday.com Daily Mail and Mail on Sunday newspapers.
To embed, copy and paste the code into your website or blog:
On April 15, 2021, the Biden Administration took a significant step in announcing sanctions against the Russian Government and private Russian entities for multiple internationally-destabilizing activities, including the Russian Foreign Intelligence Service’s (SVR) supply chain attack of the SolarWinds Orion platform and other technology infrastructures.
It will take time (and further analysis) for companies to fully unpack and implement the technical guidance in the joint advisory. But the sanctions alone may be a bellwether for the Biden Administration’s approach to cybersecurity enforcement on the international stage.
The Administration expressly links this activity to Russian intelligence actors. Citing “high confidence” from the U.S. Intelligence Community, the United States formally identified SVR as the source of the SolarWinds supply chain attack. This follows the example set by the Trump Administra
The White House announced a range of sanctions against Russia, and security agencies warned of software vulnerabilities that Russian intelligence services are actively exploiting.
Lessons learned and mission accomplished, apparently Share
Copy
The US government s response groups for dealing with recent SolarWinds and Microsoft Exchange vulnerabilities have reached the end of the road.
In a statement on Monday, US Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger said the two Unified Coordination Groups (UCGs) formed in January and March respectively will be disbanded. Due to the vastly increased patching and reduction in victims, we are standing down the current UCG surge efforts and will be handling further responses through standard incident management procedures, said Neuberger.
The SolarWinds incident, disclosed last December and subsequently attributed to the Russian Foreign Intelligence Service (SRV), involved the hacking of SolarWinds Orion IT management platform and is believed to have compromised at least nine federal agencies and about 100 private sector organizations.
Hundreds of networks reportedly hacked in Codecov supply-chain attack
By
03:49 AM
More details have emerged on the recent Codecov system breach which is now being likened to the SolarWinds hack.
In new reporting by Reuters, investigators have stated that hundreds of customer networks have been breached in the incident, expanding the scope of this system breach beyond just Codecov s systems.
As reported by BleepingComputer last week, Codecov had suffered a supply-chain attack that went undetected for over 2-months.
In this attack, threat actors had gained Codecov s credentials from their flawed Docker image that the actors then used to alter Codecov s Bash Uploader script, used by the company s clients.