Remember last week how I said things would be punchier? Well, I updated the DevOps’ish Solarwinds supply chain compromise Index. By the way, Microsoft says it was, “used by a different threat actor.”
I wrote the parts of the newsletter below, which are probably helpful. ¯\_(ツ)_/¯
The past few days have been incredibly challenging mentally and physically. I’m not sure if I would do it all the same way again.
Read more →This being a holiday break my intros will probably be a little bit shorter than normal. “More punchy” as my first boss at Red Hat would say. Let’s start with the thing with an ever-increasing blast radius: Solarwinds.
Solarwinds Supply Chain Compromise For the record, Reuters has been all over this coverage wise. I can’t do them justice. This story has been evolving so rapidly that by the time I hit send, my coverage will be incomplete.
Read more →A one-stop shop for opinion, analysis, and/or coverage of the Solarwinds supply chain compromise. Coverage includes official statements and filings, accredited media coverage, industry analyisis, and noteworthy blogs, digital media, and other mediums as deemed worthwhile.
Official Statements Security Advisory | SolarWinds Solarwinds US SEC 8K Mitigate SolarWinds Orion Code Compromise - Emergency Directive 21-01 CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise | CISA Microsoft Internal Solorigate Investigation Update – Microsoft Security Response Center Statement on the story from The New York Times regarding JetBrains and SolarWinds | JetBrains Blog CLASS ACTION COMPLAINT FOR VIOLATION OF THE FEDERAL SECURITIES LAWS SOLARWINDS CORPORATION, KEVIN B.
Read more →