HolyGhost logoHolyGhost

#supply-chain

2 posts

Analysis

SolarWinds: When the Trusted Update Was the Attack

Attackers did not break into thousands of networks one by one. They compromised a single software vendor's build process and let the trusted updates carry the backdoor in. A breakdown of the SolarWinds supply chain attack.

8 min read·#solarwinds#supply-chain#backdoor
AnalysisCVE-2021-44228

Log4Shell: How a Logging Library Became the Internet's Worst Day

A single string written into a log file could run attacker code on millions of servers. Here is how Log4Shell (CVE-2021-44228) worked, why it spread so far, and what it taught the industry about dependencies.

9 min read·#log4shell#java#rce