Dark Reading

Echoes of SolarWinds in New 'Silver SAML' Attack Technique

After the threat actor behind the SolarWinds attack compromised the company's Orion network management product and leveraged it to break into target enterprise networks, the group often used a ...
Computerworld

Does Microsoft share blame for the SolarWinds hack?

Critics, including a prominent U.S. senator, are pointing fingers at Microsoft for not warning customers about the Golden SAML security hole. Doing so might have headed off SolarWinds. Editor’s note: ...
Wired

The SolarWinds Hackers Used Tactics Other Groups Will Copy

One of the most chilling aspects of Russia's recent hacking spree—which breached numerous United States government agencies among other targets—was the successful use of a “supply chain attack” to ...
CRN

VMware Flaw Used To Hit Choice Targets In SolarWinds Hack: Report

A VMware vulnerability that allowed federated authentication abuse was used by the SolarWinds hackers to attack valuable targets, KrebsOnSecurity said. VMware said it didn’t have any indication of ...
Bleeping Computer

Microsoft: SolarWinds hackers' goal was the victims' cloud data

Microsoft says that the end goal of the SolarWinds supply chain compromise was to pivot to the victims' cloud assets after deploying the Sunburst/Solorigate backdoor on their local networks. No new ...
CSOonline

If you are generating SAML signing certificates externally, STOP!

SAML authentication certificates, generated with tools other than dedicated cloud identity solutions, can be forged by hackers, according to a new proof of concept. There is now a way to forge ...