Episode 99: SolarWinds Supply Chain Attack Affects Government and Fortune 500 Businesses

Earlier this week, we learned that SolarWinds, the largest provider of network management tools for large enterprise organizations fell victim to a supply chain attack. This attack affected their Orion network management system. Reportedly, 18,000 enterprise and government customers downloaded and installed malware that was digitally signed by a valid certificate as part of an update from SolarWinds’ own servers. Microsoft took control of one of the primary command-and-control domains. We also talk about a vulnerability in the PageLayer plugin and a wormable zero-click XSS bug found in the Jabber client.