CISA said late yesterday that it had determined that the threat actors behind the Solorigate incident used additional SAML attack vectors beyond the now well-known SolarWinds supply chain approach. The agency has also updated Emergency Directive 21-01 to reflect what’s now known about the campaign, and offering new guidance on effective remediation.
CISA didn't say so in yesterday's statements, but the New York Times reports that both Government investigators and private security firms are now looking into the possibility that JetBrains, a Czech firm with researchers in Russia, may have had a tool compromised. JetBrains' tools are used by developers in several large companies, including SolarWinds.
The AP reports that the US Department of Justice has confirmed that some of its systems, although none that handle classified information, were compromised in Solorigate. The compromise also extended to US Federal Courts. The Administrative Office of the US Courts says “an apparent compromise” of the US judiciary’s case management and electronic case file system is under investigation.
Rioters protesting the results of the 2020 US Presidential election rampaged through the US Capitol yesterday evening to protest the certification of the electoral votes that (now certified) have confirmed the victory of President-elect Biden. Three aspects of the riot are of significance to cybersecurity:
- The use of social media to incite the riot.
- The use of social media to organize the riot.
- The physical compromise of computers as rioters occupied Congressional offices.
NSA has released a free tool for removing obsolete TLS and SSL encryption protocols.