Solar winds: second, independent backdoor malware for orion platform discovered

Solar winds: Second, independent backdoor malware for Orion platform discovered

In the period from marz to june 2020, a so far unidentified criminal hacker group shouted the malware "sunburst" on systems of up to 18.000 users of network management platform solar winds orion. Communicated over a backdoor (s) sunburst with the attackers. These are supposed to have us governments in sight and be responsible for a short break in the security software company fireeye.

The code analyzes tailored by the incident now asked a second backdoor that security researchers as "supernova" describe. Probably the most interesting thing about the find: the researchers are largely agreed that behind supernova is a second, completely independent group. As with sunburst you also see professionals at the factory. However, from the previously published analyzes does not emphasize whether and to what extent the code was used at all in the wild.

Our site had already reported several times around sunburst:

Cloud: nexus repository pro 3.30 allows storage management in azure cloud

Cloud: Nexus repository Pro 3.30 allows storage management in Azure Cloud

The company sonatype has version 3.30 of the repository manager nexus repository pro. The update brings support for creating blob stores to microsoft’s azure cloud storage with nexus repository pro.

Support for azure blob storage

With the introduced support for microsoft’s azure blob storage, a software that is designed for storing large quantities of unstructured data, developers receive the possibility to manage and provide critical infrastructure on the azure cloud. An azure blob store stores blobs as objects within a storage account container on microsoft azure. Binaries are stored for better performance and more storage flexibility as blobs blobs.

Over azure blob storage, developer teams should receive faster access to build artifacts and components in the nexus repository and extended cloud native memory. With nexus repository, the on-premise infrastructure can be scaled into the cloud – and expanding the storage capacity unlimited. Version 3.In addition, the azure public cloud as well as the azure government cloud is supported. The developer team behind the repository manager has also worked on the safety and possibilities for authentication via developer teams. Especially the transition of on-premise into the cloud can bring about some challenges in relation to these two aspects. Clear information about the release can be found in the post on the sonatype blog.

Uefi secure boot locks some free software

UEFI Secure Boot locks some free software

Monthly delays in the release of free operating systems for the bootloader shim prepare developers and software companies considerable problems. This applies above all non-linux operating systems away from the large linux distributions, which can not deliver certain patches and new software versions because of the long processing times.

"Principal" at microsoft

Most current desktop pcs, notebooks and servers as well as many embedded systems with x86 processors start with uefi secure boot to strong safety. The cryptographic "principal" however, has de facto microsoft in the hand.

Although secure boot can be switched off in many systems in the bios setup and some uefi bios implementations allow you to import your own certificates for yourself signed bootloaders into the firmware. The latter is complicated and expensive, the former peak the security.