开源日报 每天推荐一个 GitHub 优质开源项目和一篇精选英文科技或编程文章原文,坚持阅读《开源日报》,保持每日学习的好习惯。
今日推荐开源项目:《nacos》
今日推荐英文原文:《Microsoft says SolarWinds hackers viewed source code》
开源日报第998期:《nacos》
今日推荐开源项目:《nacos》传送门:项目链接
推荐理由:Nacos是阿里巴巴推出来的一个新开源项目,这是一个更易于构建云原生应用的动态服务发现、配置管理和服务管理平台。Nacos致力于帮助您发现、配置和管理微服务。Nacos提供了一组简单易用的特性集,帮助您快速实现动态服务发现、服务配置、服务元数据及流量管理。
今日推荐英文原文:《Microsoft says SolarWinds hackers viewed source code》作者:Steven Musil
原文链接:https://www.cnet.com/news/microsoft-says-solarwinds-hackers-viewed-source-code/
推荐理由:SolarWinds黑客继续蔓延的相关消息。 据美国国务院、网络安全和基础设施安全局(CISA)和安全公司称,俄罗斯一个情报机构进行了一场复杂的恶意软件活动,影响了美国的地方、州和联邦机构以及包括微软在内的私营公司, 这次大规模的入侵事件始于今年早些时候,黑客入侵了SolarWinds公司的IT管理软件,其中包括财政部高层领导使用的电子邮件系统。

Microsoft says SolarWinds hackers viewed source code

The hackers who carried out a sophisticated cyberattack on US government agencies and on private companies were able to access Microsoft’s source code, the company said Thursday.

A Microsoft investigation turned up “unusual activity with a small number of internal accounts” and also revealed that “one account had been used to view source code in a number of source code repositories,” the company said in a blog post. Microsoft said that the account didn’t have the ability to modify code and that no company services or customer data was put at risk.

Microsoft zealously guards its source code, the foundation of its software, but it does provide access to certain “qualified” customers, governments and partners for debugging and for reference.

“The investigation, which is ongoing, has also found no indications that our systems were used to attack others,” the company said.

A Russian intelligence agency is suspected of carrying out the massive campaign, which reportedly affected an email system used by senior leadership at the Treasury Department. It started earlier this year, when hackers compromised IT management software from SolarWinds. The Austin, Texas-based company sells software that lets an organization see what’s happening on its computer networks.

Hackers inserted malicious code into an update of that software, which is called Orion. Around 18,000 SolarWinds customers installed the compromised update onto their systems, the company said.

US national security agencies have called the breach “significant and ongoing.” According to an analysis by Microsoft and security firm FireEye, both of which were infected, the malware gives hackers broad reach into impacted systems.

Microsoft earlier said it had identified more than 40 customers that were targeted in the hack. More information is likely to emerge about the hack and its aftermath.
下载开源日报APP:https://openingsource.org/2579/
加入我们:https://openingsource.org/about/join/
关注我们:https://openingsource.org/about/love/