blackangst1
Lifer
Yeah the FireEye breach is a big deal. We have FireEye appliances as well as use Solarwinds. We have physically turned off our FireEyes, and the patch for Solarwinds came out today. So we're safe.
-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
HACKED! Multiple Federal Agencies Including Treasury.
Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Which election computers, specifically?
Meghan54
Lifer
That's what I'd like to know, too. In GA, at least, the voting machines are not internet connected and neither are the ballot counting machines. Those put their results on portable storage media, like thumb drives. And this doesn't even count the fact the ballot machines in GA produce a paper record, so there's that, too.
Don't know whose actual balloting machines are internet connected....can't imagine anyone with a lick of sense would set it up that way.
HomerJS
Lifer
The patch for SolarWinds is out? We are waiting for directives from DHS to apply. We had to turn ours off as well.
blackangst1
Lifer
Yeah we patched last night; however, I was in a SANS meeting yesterday, and they explained how the vulnerability works, the payload actions, etc. In SANS opinion, ANY version of SolarWinds is venerable.
hal2kilo
Lifer
Didn't care about bounties being paid by Russian to have American soldiers killed. Why change.
hal2kilo
Lifer
More detail on the hack. Always stupid gullible humans.
How suspected Russian hackers outed their massive cyberattack - POLITICO
How suspected Russian hackers outed their massive cyberattack - POLITICO
Fanatical Meat
Lifer
Ya’ll know in about six month there will be some kind of deep state Wikileaks type thing released. Like every current federal agency wanted the God Emperor gone so they made shit up and fiddled with the vote totals.
I predict it will happen.
I predict it will happen.
MrSquished
Lifer
Trump's legacy - leaving America and American industries hacked by the russians and not giving two shits.
hal2kilo
Lifer
So the government will still be paying for my coverage. I guess the OMB, the Blue Cross, and I forget what else has probably run out already, time for renewal.
Just the cost of doing business.
hal2kilo
Lifer
Their standards suck bigly. In my old job, I wouldn't have been able to use a password like that for at least the last 8 years or so.
hal2kilo
Lifer
This is really, really bad folks.
Nuclear weapons agency breached amid massive cyber onslaught - POLITICO
The Energy Department and National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, have evidence that hackers accessed their networks as part of an extensive espionage operation that has affected at least half a dozen federal agencies, officials directly familiar with the matter said.
On Thursday, DOE and NNSA officials began coordinating notifications about the breach to their congressional oversight bodies after being briefed by Rocky Campione, the chief information officer at DOE.
Nuclear weapons agency breached amid massive cyber onslaught - POLITICO
The Energy Department and National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, have evidence that hackers accessed their networks as part of an extensive espionage operation that has affected at least half a dozen federal agencies, officials directly familiar with the matter said.
On Thursday, DOE and NNSA officials began coordinating notifications about the breach to their congressional oversight bodies after being briefed by Rocky Campione, the chief information officer at DOE.
MrSquished
Lifer
ch33zw1z
Lifer
Oh how nice of him to locate his qualms all of a sudden. Fuck off collaborator
MrSquished
Lifer
I think he said something else about the white house not commenting on it was kinda crazy. I thought it was in that tweet but I was wrong
to be fair, he has been openly critical of trump, (one of few) and congratulated Biden some time ago, one of the few
Rep's I respect.
ch33zw1z
Lifer
Between his votes on repealing the aca, and his extreme social conservative views, don't care what he wants others to think.
hal2kilo
Lifer
It's all relative compared to the death cult, but yea.
CISA is now publicly admitting to the severity and ongoing difficulty in getting the hackers out of systems. This is not simply shut down/patch solarwinds and be home free, but is an advanced and persistent threat. This deep level intrusion can't be easily rooted out (if you were even a moderately high priority target that was exploited).
"CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations."
us-cert.cisa.gov
Compromise Mitigations
If the adversary has compromised administrative level credentials in an environment—or if organizations identify SAML abuse in the environment, simply mitigating individual issues, systems, servers, or specific user accounts will likely not lead to the adversary’s removal from the network. In such cases, organizations should consider the entire identity trust store as compromised. In the event of a total identity compromise, a full reconstitution of identity and trust services is required to successfully remediate. In this reconstitution, it bears repeating that this threat actor is among the most capable, and in many cases, a full rebuild of the environment is the safest action.
Operational Security
Due to the nature of this pattern of adversary activity—and the targeting of key personnel, incident response staff, and IT email accounts—discussion of findings and mitigations should be considered very sensitive, and should be protected by operational security measures. An operational security plan needs to be developed and socialized, via out-of-band communications, to ensure all staff are aware of the applicable handling caveats.
"CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations."
Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations | CISA
CISA is aware of compromises of US government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat actor beginning in at least March 2020.
us-cert.cisa.gov
If the adversary has compromised administrative level credentials in an environment—or if organizations identify SAML abuse in the environment, simply mitigating individual issues, systems, servers, or specific user accounts will likely not lead to the adversary’s removal from the network. In such cases, organizations should consider the entire identity trust store as compromised. In the event of a total identity compromise, a full reconstitution of identity and trust services is required to successfully remediate. In this reconstitution, it bears repeating that this threat actor is among the most capable, and in many cases, a full rebuild of the environment is the safest action.
Operational Security
Due to the nature of this pattern of adversary activity—and the targeting of key personnel, incident response staff, and IT email accounts—discussion of findings and mitigations should be considered very sensitive, and should be protected by operational security measures. An operational security plan needs to be developed and socialized, via out-of-band communications, to ensure all staff are aware of the applicable handling caveats.
cytg111
Lifer
Add a pinch of salt :
www.forbes.com
"The Russian infiltrators could have had complete access to many important and sensitive networks for six to nine months, Bossert warns, adding that Russia’s Foreign Intelligence Service (SVR) could have used this to gain high-level control over priority networks and then covered its tracks. "
One last kick in the nuts before the puppet leaves?
AH...
"Bossert wrote that the National Defense Authorization Act (NDAA) — which Trump has threatened to veto — is essential as it would authorize the Department of Homeland Security to hunt for infiltrations in federal government networks. "
He's gonna veto it ... wait for it.
add this
"and allow for removal of military from far away, and very unappreciative, lands."
- Another stab at NATO?
He is fluffing Putin so hard right now he is either way overdue or about to go limb (Putin ed).
‘We're Being Hacked’: As Trump Stays Silent, Ex-Security Adviser Sounds Alarm About Russian Infiltration
Recent SolarWinds hack could allow Russia to peer into U.S. intelligence briefings, former Trump security adviser has warned.
www.forbes.com
"The Russian infiltrators could have had complete access to many important and sensitive networks for six to nine months, Bossert warns, adding that Russia’s Foreign Intelligence Service (SVR) could have used this to gain high-level control over priority networks and then covered its tracks. "
One last kick in the nuts before the puppet leaves?
AH...
"Bossert wrote that the National Defense Authorization Act (NDAA) — which Trump has threatened to veto — is essential as it would authorize the Department of Homeland Security to hunt for infiltrations in federal government networks. "
He's gonna veto it ... wait for it.
add this
"and allow for removal of military from far away, and very unappreciative, lands."
- Another stab at NATO?
He is fluffing Putin so hard right now he is either way overdue or about to go limb (Putin ed).
Last edited:
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
-
-
