Just a few brief thoughts on the initial reports of a SolarWinds Orion supply chain attack allegedly impacting a multitude of high profile government and corporate targets. We’re still waiting on quite a few important details; some great initial IOCs have been graciously provided by cybersecurity firm and attack victim FireEye. It unfortunately seems that… Read More Uh oh, Orion.
NotPetya may not have been the most sophisticated malware ever written. However, it was exceptionally effective due to the authors’ savvy exploitation of common security misconceptions and their deep understanding of poor security architecture. I want to briefly express my personal thoughts on why I found NotPetya particularly concerning and a bad omen for things… Read More Why NotPetya Kept Me Awake (& You Should Worry Too)