#RussianAPT29

CISA orders agencies impacted by Microsoft hack to mitigate risks

by

April 11, 2024 at 01:49PM The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive requiring U.S. federal agencies to address risks arising from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. The directive mandates agencies to investigate affected emails, reset compromised credentials, and secure privileged Microsoft … Read more

SolarWinds fixes critical RCE bugs in access rights audit solution

by

February 16, 2024 at 01:36PM SolarWinds patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities allowing unauthenticated exploitation. Four flaws were found and reported by researchers. The company also fixed three other critical RCE bugs in October. SolarWinds was charged with defrauding investors by failing … Read more