Expecting scope of this SolarWinds fallout to massively expand this week.

At least it's not your SF-86's again.

Maybe.
Also expecting: same APT/perhaps same method for recent FireEye pwn. FireEye & fed IR tracked it back to "Oh Shit" waterfall moment with SolarWinds.

Means that May/June SW backdoor was in place most of the year.

Considering SW customers, this is very very bad.
To be clear: this is all speculation.

But, fuuuuuuuuuuuuuuuuuck.
If the below is the CVE involved in SolarWinds/Treasury/etc would the publication date lend toward damage being more limited than what it seemed at first glance? (ie, 3/20-6/20ish versus 3/20-nowish).

Or is that an unwarranted assumption?

https://nvd.nist.gov/vuln/detail/CVE-2020-13912
Good thread on SolarWinds technicals from Kim Zetter: https://twitter.com/KimZetter/status/1338305089597964290
You can follow @neurovagrant.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.