According to the Wall Street Journal, well-informed observers are moving toward the view that the threat actors responsible for the SolarWinds compromise are also likely to have been behind the Mimecast certificate incident. Acting CISA director Wales thinks more US Federal agencies will find themselves affected by the SolarWinds supply chain compromise, CyberScoop reports.
An individual or group claiming responsibility for compromising SolarWinds (nom-de-hack "SolarLeaks") is offering to sell "SolarWinds products source code (all including Orion) + customer portal dump" for $250,000, and "FireEye private redteam tools, source code, binaries and documentation" for another $50,000. BleepingComputer says it tried to contact SolarLeaks through the contact email address the offer provided, but without luck. Whether the SolarLeaks site is what it purports to be remains unconfirmed, as does its possession of any stolen files. The SolarLeaks domain is registered through NJALLA, a registrar favored by Russian intelligence services.
Yesterday's Patch Tuesday saw software updates from several companies, including SAP (which released ten security notes, seven of which represented updates to earlier fixes), Adobe (whose security bulletins addressed Adobe Photoshop (APSB21-01), Adobe Illustrator (APSB21-02), Adobe Animate (APSB21-03), Adobe Campaign Classic (APSB21-04), Adobe InCopy (APSB21-05), Adobe Captivate (APSB21-06) and Adobe Bridge (APSB21-07)), and Microsoft (which, according to SecurityWeek, dealt with eighty-three issues, ten of them critical, one of which is undergoing active exploitation). One of Microsoft's patches addresses a Windows Defender flaw, and the Zero Day Initiative speculates in its Patch Tuesday summary that this particular issue was exploited in the Solorigate cyberespionage campaign.