SolarWinds hack: what just happened?

Solarigate, Sunbusrt, UNC2452 or whatever they call it, how even fireEye, SolarWinds, Crowdstrike and many other involved are able to sell and survive after this disaster, and how security community is able to trust them again?

it is interesting that how these top security companies with lots of managed service and bunch of products in their portfolio lectured everybody and then for 9+ months they did not figure out that they had been hacked?!

I don’t care if SolarWinds share holders knew so they cashed out their stock a few days prior to breaking the news, as some media are talking about it, but about the hack and its technicality I have opinion: it is not sophisticated, and it is simply a matter of understanding essentials of supply chain security and exposures and executing standard security practices.

of course they say the hack was sophisticated because top security firms don’t want to admit they were naive in Detection & Response. let’s be result oriented.

By Kaveh Mofidi

While I enjoy working with electronics, computers, and the fields of information and cybersecurity, I believe our challenges as humans extend far beyond infosec—and even beyond technology itself. The real task, I would argue, is to discover solutions for unlimited clean energy, drinkable water, practical waste management and to address the root causes of hunger, war, and injustice on our beautiful little planet. Our primary goal—each of us—should be to keep Earth livable. That is the true challenge we face.

View all of Kaveh Mofidi's posts.