fireye offering auditing services? On Mon, Dec 14, 2020 at 2:01 PM Ryan Ray <ryan...@gmail.com> wrote:
> Solarwinds says 18,000 customers got the malware. Basically whoever > orchestrated this hack now has intimate details of all 18,000 of those > customers' networks. They better make sure the rest of their network is up > to snuff because it will make it a lot easier for them to be attacked going > into the future. The hackers will probably lay dormant for a bit and pick > their targets carefully and orchestrate the same attacks now they they know > their network inside and out. > > I'd be very worried if I was an Orion user who got this. You'd need to > hire a security auditing firm right now to go over your network with a fine > tooth comb. > > > On Mon, Dec 14, 2020 at 11:52 AM Ryan Ray <ryan...@gmail.com> wrote: > >> This is a big deal. Solarwinds Orion is a product used in many of the Top >> 100 companies in the world. Including tons of healthcare. >> >> I dislike Solarwinds for many reasons and refused to use them even before >> this hack. Just add another reason to the list. >> >> >> >> On Mon, Dec 14, 2020 at 11:49 AM Steve Jones <thatoneguyst...@gmail.com> >> wrote: >> >>> So Im reading this now that Solar Winds updates have been delivering >>> payloads since june or july. Solar winds having crazy levels of access to >>> interior infrastructures. >>> >>> Im not sure what this is saying, it sounds like what fireye isnt saying >>> outwardly is their toolset was stolen prior to that and that was how they >>> were able to circumvent the solarwinds security infrastructure, as solar >>> winds relied on fireye? >>> >>> Anybody come across any good detail on solar winds impacted software? >>> Like if you downloaded the free subnet calculator, will they be taking your >>> google home account too? Imma be pretty pissed if they mess with my google >>> play playlists. >>> >>> I wonder if the disruptions with office365 and the weird spam filter >>> changes lately are related to cleanup prior to publication. >>> >>> We are a tiny company and got withing a hair of pulling the trigger on >>> various solarwinds offerings over the years. Thats with tiny company tiny >>> budgets. I cant imagine CTO voicemails going down around the world today, >>> depending on budget, you hand the keys over to solarwinds, and by design, >>> each key you hand over makes sense to spend a little more and hand over >>> another key. How would you even begin to clean up your organization when >>> your systems that would provide you your forensics are the systems that did >>> the damage? >>> >>> Is this just mediahype and more russia russia russia, or is this as big >>> of a deal as it seems >>> >>> On Mon, Dec 14, 2020 at 9:01 AM dave <dmilho...@wletc.com> wrote: >>> >>>> DA HUMANITY!! >>>> >>>> >>>> On 12/14/20 8:58 AM, Ken Hohhof wrote: >>>> >>>> I had a customer this morning complaining she couldn’t “sign on” to the >>>> Internet. I mentioned that Google had an outage this morning, but she >>>> responded that she doesn’t use any Google services. Of course her email >>>> was from a Gmail address. >>>> >>>> >>>> >>>> >>>> >>>> *From:* AF <af-boun...@af.afmug.com> <af-boun...@af.afmug.com> *On >>>> Behalf Of *Mike Hammett >>>> *Sent:* Monday, December 14, 2020 6:54 AM >>>> *To:* AnimalFarm Microwave Users Group <af@af.afmug.com> >>>> <af@af.afmug.com> >>>> *Subject:* Re: [AFMUG] Fireye >>>> >>>> >>>> >>>> "I know I'm next, they're coming after my google home mini and my >>>> netflix account." >>>> >>>> >>>> >>>> >>>> >>>> aaaaannnndddd Google is broken this morning. >>>> >>>> >>>> >>>> >>>> >>>> ----- >>>> Mike Hammett >>>> Intelligent Computing Solutions <http://www.ics-il.com/> >>>> <https://www.facebook.com/ICSIL> >>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>> <https://twitter.com/ICSIL> >>>> Midwest Internet Exchange <http://www.midwest-ix.com/> >>>> <https://www.facebook.com/mdwestix> >>>> <https://www.linkedin.com/company/midwest-internet-exchange> >>>> <https://twitter.com/mdwestix> >>>> The Brothers WISP <http://www.thebrotherswisp.com/> >>>> <https://www.facebook.com/thebrotherswisp> >>>> >>>> >>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >>>> ------------------------------ >>>> >>>> *From: *"Steve Jones" <thatoneguyst...@gmail.com> >>>> *To: *"AnimalFarm Microwave Users Group" <af@af.afmug.com> >>>> *Sent: *Sunday, December 13, 2020 9:57:21 PM >>>> *Subject: *Re: [AFMUG] Fireye >>>> >>>> Nope, per fireye, the toolset had to be released because of it being >>>> stolen, was not "in the wild" >>>> >>>> >>>> >>>> Going to get really interesting to see what comes of this, two federal >>>> agencies just happen to get hit shortly after. You can do plenty when you >>>> know how you would have otherwise been caught. >>>> >>>> >>>> >>>> And that's all fireye admits to having been breached. I'm gonna go >>>> ahead and not take their word on it definitively having been russia either. >>>> Convenient timing after iran specifically has stated they're going to >>>> retaliate for the dead scientist. China will probably confirm this shortly >>>> >>>> >>>> >>>> Pretty sure this is far from over and pretty sure this company is just >>>> the first to go public. >>>> >>>> >>>> >>>> I know I'm next, they're coming after my google home mini and my >>>> netflix account. >>>> >>>> >>>> >>>> On Sun, Dec 13, 2020, 9:10 PM Ken Hohhof <af...@kwisp.com> wrote: >>>> >>>> Not saying you are wrong. >>>> >>>> >>>> >>>> But I think I read somewhere that the Fireye tools that were stolen >>>> were a collection of malware already in the wild that they used for testing >>>> of client networks. So it was stuff already available, just neatly >>>> packaged. >>>> >>>> >>>> >>>> The guys who really f’d up were the “Equation Group” (cough, cough, >>>> NSA) who lost novel and very powerful hacking tools like Eternal Blue to >>>> the Shadow Brokers group. >>>> >>>> >>>> >>>> *From:* AF <af-boun...@af.afmug.com> *On Behalf Of *Steve Jones >>>> *Sent:* Sunday, December 13, 2020 8:45 PM >>>> *To:* AnimalFarm Microwave Users Group <af@af.afmug.com> >>>> *Subject:* [AFMUG] Fireye >>>> >>>> >>>> >>>> These guys F'd up beyond belief. >>>> >>>> >>>> >>>> Inept as jaime would say >>>> >>>> -- >>>> AF mailing list >>>> AF@af.afmug.com >>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>> >>>> >>>> -- >>>> AF mailing list >>>> AF@af.afmug.com >>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>> >>>> >>>> >>>> >>>> -- >>>> AF mailing list >>>> AF@af.afmug.com >>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>> >>> -- >>> AF mailing list >>> AF@af.afmug.com >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> >> -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com