Julia's coding blog - Practice makes perfect

From January 2015, she started to practice leetcode questions; she trains herself to stay focus, develops "muscle" memory when she practices those questions one by one. 2015年初, Julia开始参与做Leetcode, 开通自己第一个博客. 刷Leet code的题目, 她看了很多的代码, 每个人那学一点, 也开通Github, 发表自己的代码, 尝试写自己的一些体会. She learns from her favorite sports – tennis, 10,000 serves practice builds up good memory for a great serve. Just keep going. Hard work beats talent when talent fails to work hard.

Saturday, February 20, 2021

SWI stock: Investigation update | Hackers | SolarWinds Corp. | 250 shares

Feb. 20, 2021

SAN FRANCISCO (Reuters) - The hackers behind the worst intrusion of U.S. government agencies in years won access to Microsoft's secret source code for authenticating customers, one of the biggest vectors used in the attacks.

Microsoft said in a blog post Thursday that its internal investigation had found that the hackers studied parts of the source code instructions for its Azure cloud programs related to identity and security, its Exchange email programs, and Intune management for mobile devices and applications.

Some of the code was downloaded, the company said, which would have allowed the hackers more freedom to hunt for security vulnerabilities, create copies with new flaws, or examine the logic for ways to exploit customer installations.

Microsoft had said before that the hackers had accessed some source code, but had not said which parts, or that any had been copied.

U.S. authorities said Wednesday the breaches revealed in December extended to nine federal agencies and 100 private companies, including major technology providers and security firms. They said the Russian government is likely behind the spree, which Moscow has denied.

Initially discovered by security provider FireEye Inc, the hackers used advanced skills to insert software back doors for spying into widely used network-management programs distributed by Texas-based SolarWinds Corp.

At the most prized of the thousands of SolarWinds customers were exposed last year, the hackers added new Azure identities, added greater rights to existing identities, or otherwise manipulated the Microsoft programs, largely to steal email. Some hacking also used that method on targets which did not use SolarWinds.

Microsoft previously acknowledged that some of its resellers, who often have continual access to customer systems, had been used in the hacks. It continues to deny that flaws in anything it provides directly have been used as an initial attack vector.

Actionable Items

Look up Microsoft Intune management for mobile devices and applications
Nine federal agencies and 100 private companies, including major technology providers and security firms
FireEye Inc. – get to know more about FireEye Inc.
SolarWinds Corp
I like to work on my equity research on SWI, so I purchased 250 shares on Feb. 19, 2021.

Julia's coding blog - Practice makes perfect

Saturday, February 20, 2021

SWI stock: Investigation update | Hackers | SolarWinds Corp. | 250 shares

No comments:

Post a Comment