Episode 99: SolarWinds Supply Chain Attack Affects Government and Fortune 500 Businesses

16:06
 
Share
 

Archived series ("Inactive feed" status)

When? This feed was archived on October 25, 2021 06:08 (1M ago). Last successful fetch was on September 16, 2021 15:41 (3M ago)

Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 280400864 series 2491387
By Mark Maunder. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Earlier this week, we learned that SolarWinds, the largest provider of network management tools for large enterprise organizations fell victim to a supply chain attack. This attack affected their Orion network management system. Reportedly, 18,000 enterprise and government customers downloaded and installed malware that was digitally signed by a valid certificate as part of an update from SolarWinds’ own servers. Microsoft took control of one of the primary command-and-control domains. We also talk about a vulnerability in the PageLayer plugin and a wormable zero-click XSS bug found in the Jabber client.

125 episodes