- More Solarwinds News
- SolarWinds hack was ‘largest and most sophisticated attack’ ever: Microsoft president [Brad Heath, Reuters]
- Microsoft says SolarWinds hackers stole source code for 3 products [Dan Goodin, Ars Tech]
- Microsoft admits some Azure, Exchange, Intune source code snaffled in SolarWinds schemozzle [Simon Sharwood, The Register]
- Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack [Simon Sharwood, The Register]
- Exploits/ Patches
- Half of Apps Contain at Least One Serious Exploitable Vulnerability [James Coker, Info Security Group]
- Exploit Details Emerge for Unpatched Microsoft Bug [Tara Seals, Threat Post]
- Mac Malware Targets Apple’s In-House M1 Processor [Lindsey O’Donnell, Threat Post]
- Three New Vulnerabilities Patched in OpenSSL [Eduard Kovacs, Security Week]
- Agent Tesla hidden in a historical anti-malware tool [Jan Kopriva, ISC InfoSec Handlers Diary Blog]
- Microsoft starts removing Flash from Windows devices via new KB4577586 update [Catalin Cimpanu, ]
- Compromises
- Yandex said it caught an employee selling access to users’ inboxes [Catalin Cimpanu, ZDNet]
- New type of supply-chain attack hit Apple, Microsoft and 33 other companies [Dan Goodin, Ars Tech]
- Fake Amazon reviews still sold in bulk—it costs $10,900 for 1,000 reviews. [Jon Brodkin, Ars Tech]
- Owner of app that hijacked millions of devices with one update exposes buy-to-infect scam [Charlie Osborne, ZDNet]
- Windows and Linux servers targeted by new WatchDog botnet for almost two years [Catalin Cimpanu, ZDNet]
- WebKit Zero-Day Vulnerability Exploited in Malvertising Operation [Eduard Kovacs, Security Week]
C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F