Today's D Brief: Epic password fail; Russian anti-satellite test; COVID & natsec; Chess for grunts; And a bit more.
Ben Watson
By Ben Watson
December 16, 2020 10:56 AM ET
The D Brief
Password123. That was pretty much all you needed in 2019 if you wanted to access the update server at SolarWinds, the network-management firm that was the victim of a massive cyber intrusion reportedly discovered only recently. That’s the latest according to Reuters, which updated the story it broke on Sunday.
Rewind: Some unknown person appears to have snuck an update into certain products from SolarWinds, and possibly as early as March. Reuters reported Tuesday that the firm was told in 2019 that it had left its update server considerably vulnerable to hackers — by leaving the password as “solarwinds123.†That backdoor through the update server allowed hackers to steal information like emails and across multiple federal agencies. The list of known victims so far includes the U.S. Treasury, Commerce and Homeland Security Departments.
https://www.defenseone.com/threats/2020/12/the-d-brief-december-16-2020/170805/
