The known extent of Solorigate continues to expand. Four security firms (Mimecast, Palo Alto Networks, Qualys, and Fidelis) have acknowledged that they had installed Trojanized versions of SolarWinds’ Orion application. Some of the disclosure was prompted by Netresec’s report Monday that identified twenty-three targets of what most observers regard as a Russian cyberespionage campaign.
On Tuesday US President Biden made his first official call to Russian President Putin. Defense One reports that President Biden brought up Russian complicity in Solorigate. Russian statements characterized the call as “open and businesslike;” the Wall Street Journal quotes Russian sources as emphasizing President Putin’s interest in “normalizing ties” between the two countries. Russia has categorically denied any involvement in Soloigate.
Qualys warns of a heap overflow vulnerability (“Baron Samedit”) in the widely-used Unix and Linux utility sudo. The company recommends patching immediately.
Europol this morning announced a takedown of Emotet. A cooperative operation in which Europol and Eurojust acted in concert with authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine took control of Emotet's infrastructure earlier this week. Those interested in whether their email address was among those found in Emotet's haul may consult a database the Dutch police have made available.
Verizon experienced an outage that disrupted Internet connectivity in the Northeastern US for several hours yesterday, the Verge and others report. Service was substantially restored yesterday afternoon. The cause remains under investigation, but seems to have been an “issue,” not an attack, WRAL says.