開源日報 每天推薦一個 GitHub 優質開源項目和一篇精選英文科技或編程文章原文,堅持閱讀《開源日報》,保持每日學習的好習慣。
今日推薦開源項目:《nacos》
今日推薦英文原文:《Microsoft says SolarWinds hackers viewed source code》

今日推薦開源項目:《nacos》傳送門:項目鏈接
推薦理由:Nacos是阿里巴巴推出來的一個新開源項目,這是一個更易於構建雲原生應用的動態服務發現、配置管理和服務管理平台。Nacos致力於幫助您發現、配置和管理微服務。Nacos提供了一組簡單易用的特性集,幫助您快速實現動態服務發現、服務配置、服務元數據及流量管理。
今日推薦英文原文:《Microsoft says SolarWinds hackers viewed source code》作者:Steven Musil
原文鏈接:https://www.cnet.com/news/microsoft-says-solarwinds-hackers-viewed-source-code/
推薦理由:SolarWinds黑客繼續蔓延的相關消息。 據美國國務院、網路安全和基礎設施安全局(CISA)和安全公司稱,俄羅斯一個情報機構進行了一場複雜的惡意軟體活動,影響了美國的地方、州和聯邦機構以及包括微軟在內的私營公司, 這次大規模的入侵事件始於今年早些時候,黑客入侵了SolarWinds公司的IT管理軟體,其中包括財政部高層領導使用的電子郵件系統。

Microsoft says SolarWinds hackers viewed source code

The hackers who carried out a sophisticated cyberattack on US government agencies and on private companies were able to access Microsoft's source code, the company said Thursday.

A Microsoft investigation turned up "unusual activity with a small number of internal accounts" and also revealed that "one account had been used to view source code in a number of source code repositories," the company said in a blog post. Microsoft said that the account didn't have the ability to modify code and that no company services or customer data was put at risk.

Microsoft zealously guards its source code, the foundation of its software, but it does provide access to certain "qualified" customers, governments and partners for debugging and for reference.

"The investigation, which is ongoing, has also found no indications that our systems were used to attack others," the company said.

A Russian intelligence agency is suspected of carrying out the massive campaign, which reportedly affected an email system used by senior leadership at the Treasury Department. It started earlier this year, when hackers compromised IT management software from SolarWinds. The Austin, Texas-based company sells software that lets an organization see what's happening on its computer networks.

Hackers inserted malicious code into an update of that software, which is called Orion. Around 18,000 SolarWinds customers installed the compromised update onto their systems, the company said.

US national security agencies have called the breach "significant and ongoing." According to an analysis by Microsoft and security firm FireEye, both of which were infected, the malware gives hackers broad reach into impacted systems.

Microsoft earlier said it had identified more than 40 customers that were targeted in the hack. More information is likely to emerge about the hack and its aftermath.
下載開源日報APP:https://openingsource.org/2579/
加入我們:https://openingsource.org/about/join/
關注我們:https://openingsource.org/about/love/