Action Item Mgmt. Article via Harvard Business Review

Taming the Epic To-Do List by Allison Rimm

The to-do list can be an indispensable tool when used to mindfully manage your time. But used indiscriminately, you become its servant. To get control of your priorities, you actually need three lists and a calendar. 

List #1 is for important but non-time-sensitive projects. 

List #2 is for items that need to be completed today. 

The third list is a not-to-do list, to remind you of things you've consciously decided aren't worth your time. 

The calendar is for blocking out time to accomplish important matters on schedule. With your long-term goals in mind, decide which tasks really have to get done — and get done by you. Then, put them on your list — and more importantly, on your calendar. The things that don't need to get done, or done by you, can go on your "not doing" list. Once you get control of your priorities, and recognize that time is a finite resource, you'll feel liberated to focus on what really matters to you.

SolarWinds collection of articles

Found site/blog by CIEX, Inc.

Updates 2020-12-23

These are listed by date of discovery--some are several days older

1. SunBurst_DGA_Decode/decode.py at main · RedDrip7/SunBurst_DGA_Decode (GitHub)
2. Sunburst's C2 Secrets Reveal Second-Stage SolarWinds Victims (tpost)
3. CISA Warns Agencies of SolarWinds Orion Compromise via Emergency Directive (gcwire)
4. 'Very, very large' telecom organization and Fortune 500 company breached in SolarWinds hack (scmedia)
5. NSA Cybersecurity Advisory: Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources > National Security Agency Central Security Service > Article View 
6. SolarWinds CyberAttack and FireEye Red Team Tools Coverage 
7. SolarWinds breach raises stakes for NDAA Trump still threatens to veto (fednews)
8. Erlang Authenticated Remote Code Execution :: malicious.link — welcome 
9. SolarFlare Release: Password Dumper for SolarWinds Orion (secblvd)
10. SolarWinds, GitHub Leaks and Securing the Software Supply Chain (secblvd)
11. It's A Twister! Will SolarWinds Blow Cybersecurity Governance Reform Into The Boardroom? 
12. All SentinelOne Customers Protected from SolarWinds SUNBURST Attack (bizwire)
13. "Strategic Silence" and State (Sponsored Hacking: The US Gov't and SolarWinds)
14. Little (known SolarWinds gets scrutiny over hack, stock sales)
15. Top Democrat: 'Critical' that Pompeo brief senators on SolarWinds hack at State Dept. (hill)
16. FireEye, Crowdstrike enjoy record days as SolarWinds hack leads to soaring security stocks (MarketWatch)
17. DOE Update on Cyber Incident Related to Solar Winds Compromise (DOE)
18. Florida Investigating Server Hacking Through SolarWinds Software 
19. DOD has a leg up in mitigating potential SolarWinds breach, former officials say (FedScoop)
20. Expert warned 'solarwinds123' password could expose firm: Report (BI)
21. SolarWinds hack shows we need a 'whole of society' national cyber strategy (hill)
22. Senators Ask IRS Whether Taxpayer Data Hit in SolarWinds Hack (Bloomberg)
23. SolarWinds Breach: An RSAC Interview with Dmitri Alperovitch About Who, How and Why (RSA)
24. FireEye, SolarWinds Breaches: Implications and Protections (eSecurityPlanet)
25. SolarWinds Scandal Calls Attention to Supply Chain Security 
26. SolarWinds Should Have Been More 'Vigilant': Palo Alto Networks CEO 
27. DATA443 RELEASES STATEMENT ON FIREEYE AND SOLARWINDS HACK AND BREACH OTC Markets:ATDS 
28. Was my workplace hit by SolarWinds hack? FAQ answers. (trib)
29. The SolarWinds hack, and the danger of arrogance (scmedia)
30. Qualys Researchers Identify 7+ Million Vulnerabilities Associated with SolarWinds/FireEye Breach by Analyzing Anonymized Vulnerabilities across Worldwide Customer Base (secblvd)
31. SolarWinds Hack Blamed on Russia: What We Do and Don't Know (Bloomberg)
32. Continue Clean (up of Compromised SolarWinds Software)
33. Datto Offers All MSPs Free Scanner To Find Signs Of FireEye, SolarWinds Hack 
34. The Solarwinds breach — What do CIOs need to do now? 
35. CISA warns that SolarWinds software may not be only entry point in latest breaches - (GCN)
36. SolarWinds Hack Throws Wrench In Private Equity's Most Profitable Market 
37. More Hacking Attacks Found, Officials Warn of Risk to U.S. Government (nyt)
38. CYBER CONFLICT DATASET 
39. The Strategic Implications of SolarWinds (Lawfare)
40. Orion Platform - Scalable IT Monitoring (SolarWinds)
41. SolarWinds MSP To Revoke Digital Certificates For Tools, Issue New Ones As Breach Fallout Continues 
42. The SolarWinds Compromise and the Strategic Challenge of the Information and Communications Technology Supply Chain (Council on Foreign Relations)
43. SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security (secblvd)
44. DOE confirms its systems were compromised by SolarWinds hack (Utility Dive)
45. Q:CYBER spots lateral movement as used in the SolarWinds (Sunburst) calamity | State (insidenova.com)
46. Experts say SolarWinds hack could impact Kern County businesses 
47. Joe Biden Blames Russia For Huge SolarWinds Hack (HuffPost)
48. Hack Suggests New Scope, Sophistication for Cyberattacks (WSJ)
49. SolarWinds Hack Victims: From Tech Companies to a Hospital and University (WSJ)
50. Alex Stamos on Twitter: "There is a long history of "trickle down" effects in cyber, where a technique honed by a major player becomes commonplace. China's 2000s APTs -> Iran/DPRK/teenagers in the 2010s. Stuxnet ->smart ransomware. If supply (chain a)
51. Alex Stamos on Twitter: "@VickerySec So far, all of the activity that has been publicly discussed has fallen into the boundaries of what the US does regularly and what we explicitly excluded from the Obama (Xi deal. If we are going to set new red lines, th)
52. Statement by President-elect Joe Biden on Cybersecurity (President-Elect Joe Biden)
53. Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) (CISA)
54. SolarWinds hack continues to spread: What you need to know (CNET)

Updates regarding SolarWinds 2020-12-22 

1. SolarWinds Adviser Warned of Lax Security Years Before Hack(Bloomberg) From the article "Thornton-Trump said that in his experience SolarWinds didn't put enough investment into building a cybersecurity culture within the company."
2. SolarWinds Achieves SOC 2 Type II Certification (orangematter 2019-06-12 
3. Understanding "Solorigate"'s Identity IOCs - for Identity Vendors and their customers. (ms)
4. SolarWinds Hack Victims: From Tech Companies to a Hospital and University (wsj)
5. SUPERNOVA: A Novel .NET Webshell (paloalto)
6. Microsoft identifies second hacking group affecting SolarWinds software (cyberscoop)
7. Microsoft president calls SolarWinds hack an "act of recklessness" (arstechnica) 
8. Russian hackers hit US government using widespread supply chain attack (arstechnica from 2020-12-14 
9. Hackers last year conducted a 'dry run' of SolarWinds breach (yahoo)
10. Treasury Department's Senior Leaders Were Targeted by Hacking
11. Cyber- Photokeratitis - Some Thoughts On The Events Associated with UNC2452 (prevallion)

New articles recently discovered, updates 2020-12-21

1. Billions spent on U.S. Defenses Failed to Detect Hack (nyt) 
2. Richard Blumenthal: Classified briefing ... left me deeply alarmed 
3. Second Hacking team targeting SolarWinds (reuters)
4. FireEye CEO says hack "totally unique" (cbs video) 
5. DebUNCing Attribution: tracking threat actors
6. Chris Krebs says officials still tracking scope (msn) 
7. Biden team and lawmakers raise alarms (wapo video)
8. Giant U.S. Computer Security Breach Exploited Common Software (Scientific American) 
9. How U.S. agencies' trust in untested software opened the door to hackers (politico) 
10. A "do not infect" list from the hack. 
11. MS Analyzes the DLL, finds second malware (MS) [somehow this failed to get into yesterday's list] 
12. SolarWinds/SunBurst hash exclusions (googledoc) 
13. Does SolarWInds change the rules (scmagazine)
14. SolarWinds Hack is Historic Mess (wired)
15. Continue Clean-Up of Compromised SolarWinds Software (tripwire) 
16. MS Says 40 customers hit by ongoing hack (npr) 
17. A hack Foretold (slate)

    An appropriate comment by Kate Moussouris, founder of @LutaSecurity: "So many illusions of control in these articles written about #SolarWinds No regulation is going to stop this from happening. No new requirements for certifications & attestations of security will make us less vulnerable. Knowing the ingredients in software won't fix it either"

Articles regarding SolarWinds, updated 2020-12-19

1. A moment of reckoning: the need for a strong and global cybersecurity response (Brad Smith, MS) 
2. FireEye Threat Research 
3. Hacker group behind Treasure and Commerce breaches
4. Hackers spied on US treasure emails
5. Hackers have a clever way to bypass multi-factor auth
6. Dark Halo Leverages SolarWinds Compromise to Breach
7. ~18,000 organizations downloaded backdoor
8. Sunburst countermeasures
9.  Active Exploitation of SolarWinds Software | CISA
10. Exposed FTP Credentails in GithubPage
Hackers turned SolarWinds' dominance against it
11. SolarWinds Update Server could be accessed in 2019 with simple password
How hackers outed their massive cyberattack
12. Disruptive cyber crisis engulfs multiple agencies
13. SolarWinds 8-K filing
14. Malicious domain in SolarWinds Hack turned into kill switch (Krebs)
15. Some Customers And another version of the list
16. SolarWinds hack could affect 18,000 customers (Krebs)
17. ReDrip7/Sunburst decode
18. Hackers behind Sunburst put lost of effort into avoiding detection (from twitter) And Threadreader unroll
19. Sunburst: Next level of stealth (Reversing Labs)
20. SolarWinds stock drops 22%; And significant stock sales before hack was announced (The Register) 
21. SolarWinds Investors sold millions of Shares (exbulletin)
22. Why the Sunburst attack is so serious (BBC) 
23. SolarWinds Breach Used to Infiltrate Customer Networks (Infosec Handlers Diary 
24. Hacking spree apparenlty reached into Microsoft (Reuters) 
25. I Was the Homeland Security Adviser to Trump. We're Being Hacked. - The New York Times 
26. Orion IT Management Platform Security Advisory (ServerCentral) 
27. CISA Issues Emergency Directive regarding Orion The directive
28. Hackers broke into Federal Agencies, officials suspect (nyt) 
29. More hacking attacks found (nyt) 
30. CISA: APT Compromise of Agencies, Infrastructure, Private sector 
31. Investigators find evidence of new tactics (wapo) 
32. Steps to take to protect from recent cyberattacks (MS) 
33. Customer Guidance (MS Security Response Center) 
34. Nuclear Weapons Agency hacked 
35. SolarWInds not the only Initial Attack Vector
36. MS Says that no customer data compromised with MS hack 
37. MS identifies organizations targeted in attack 
38. Hackers have been inside Austin city network for months 
39. VMware Flaw a Vector in SolarWinds Breach? 
40. The SolarWinds Orion SUNBURST supply-chain Attack (Truesec) 
41. SolarWinds hackers broke into U.S. cable firm and Arizona county, web records show (reuters)
42. Hacks Suggest New Scope, Sophistication for Cyberattacks 
43. SolarWinds Security Advisory
44. SolarWinds FAQ regarding the Security Advisory

Software Supply Chain Attack - Solarwinds

Summary and quotes of developing news related to Solarwinds' hack

·       March 2020, highly sophisticated threat actor and ATP [repeated emphasis in the industry i.e. no protection would have identified it]

·       It installed a Solarwinds digitally signed backdoor (DLL) in Solarwinds Orion platform versions 2019.4 to 2020.2.1 [however, no version is safe] and HF1 may (or not) be affected

·       Rather than an exploit but instead embeddedown configuration data into the Solarwinds config files

·       Backdoor and/or injected code allowed full Admin rights to Solarwinds Orion Platrom and all service accounts and local accounts, and likely hosts monitored by SW Orion i.e. 18,000 of possible 33,000 customers at the least may have been affected 

·       Vulnerability discovered as a result of forensics analysis of FireEye compromise 

·       Microsoft took over domain name avsvmcloud.com used by the hacker to communicate with compromised backdoor 

·       CISA issued Directive 21-01 to government as well as private industry and will post additional IOCs to their website as more is known

·       Leveraged / elevated privileges then APT that cleaned up so even if DLL is not found, compromise is still possible

·       Emphasis "keys to the kingdom" services and need for greater collaboration between IT and InfoSec

·       FireEye's IOC have not seen false positive nor true positives (as of yesterday?) but/and IOCs will change (and attackers didn't use same patterns) 

·       Lawsuits are coming including legal/regulatory fallouts to be uncovered

Consideration and Countermeasures

·       Isolate or block traffic otherwise disconnect solarwinds system from the rest of the network

·       Take forensics evidence of Solarwinds system

·       Start threat hunting (and anomaly analysis) dating back from March 2020

·       Remove all accounts in scope of compromise

·       Review other Network Management tools and evaluate with caution e.g. access level and access to management interface

Presentations - dos and don'ts

According to the Harvard Business Review article, to build an engaging presentation:

1) It's not about you. It's about your point

2) Know your point

3) Let your notes support you

4) Get loud

5) Be yourself

6) Practice meaningfully

7) Turn nervous energy into excitement

8) Kill Roy

And, what not to do

https://hbr.org/2018/10/how-to-blow-a-presentation-to-the-c-suite 

The Integrity Dividend by Tony Simons

Very good read...

Quotes from The Integrity Dividend: How Excellent Hospitality Leadership Drives Bottom-Line Results by Tony Simons 

• importance of management integrity to a firm's success
• My research shows that the way employees feel about their managers throughout the company has a huge impact on the proportion of each revenue dollar that becomes profit
• Good leadership is, "Whatever I say I'm going to do, I'm going to do." That means I have to know what my limitations are and what I'm capable of delivering. As a leader if you don't fulfill your commitments, I can't think of anything that can hurt you more than that. —Frank Guidara, president and CEO, Uno's Chicago Grill
• Use the word integrity to mean the fit between a person's words and actions, as seen by others
• Behavioral integrity is not about what a person values, but rather how well a person follows through on the values he or she claims to hold
• As effective leaders (or business partners, suppliers, or board members), our challenge is to penetrate the veil of others' subjective perceptual processes and convey integrity regardless of those subjective processes
• Building an impeccable word requires both excellent follow through and excellent communication skills. Fortunately, both of those skillsets can be developed with training, coaching and practice
• Several studies have shown that trust in leadership drives subordinates' positive attitudes and their willingness to expend effort beyond formal job definitions
• Fairness perceptions and perceived violations of "psychological contracts" have also been shown to affect employees' attitudes, discretionary effort, and retention
• Survey finding: Hotels with high integrity scores typically reported higher guest satisfaction, lower employee turnover, and higher profitability. So powerful was the overall impact of integrity scores on the bottom line that a mere quarter-point difference between two hotels on the ten-point integrity scale translated into a profit difference of $250,000 per year (on gross revenues of around $10 million)
• What these calculations show is that we should not think of integrity as merely a "people" issue. Instead, integrity is connected both to people and the bottom line
• Genuine leadership incorporates a number of attributes, but none of them works until there is trust
• Stated more directly, where employees reported high integrity on the part of their managers, I found: Deeper employee commitment, leading to – Lower employee turnover and – Superior customer service; both leading to – Higher profitability. As final point regarding this study, I want to emphasize that the integrity dividend describes differences between average managers and great ones.
• Trust is a critical outcome of integrity, but trust entails a certain amount of vulnerability. If you trust a person, you are counting on that person to deliver, and you leave yourself open to disappointment (or worse). If, as a leader, you are asking employees to try something new, to work harder, or to focus on particular values, you are really asking for their trust. We know trust must be earned, and this research shows that consistently delivering on your word is part of earning that trust.
• Genuine leadership incorporates a number of attributes, but none of them works until there is trust.
• Leaders' behavioral integrity also affects the culture of the organization and its managers. It determines the effectiveness of change efforts. It profoundly colors relationships with organized labor
• Clear direction goes hand in hand with credibility
• The laying out of consequences, good and bad, is fundamental to leadership. 
• This combination of strong connection and clear communicational so engages followers' hearts
• I submit that the engagement workers feel when they are in a trust-based relationship with their leader and have a clear sense of direction trumps even the inspiration that charismatic leaders can generate
• The initiative of engaged employees does not just drive problem solving; it drives customer service as well
• If the leader doesn't have trust, respect, authenticity, [and] credibility, the level of followership is going to be much lower. Workers and managers will do stuff, but their level of commitment, their willingness to appropriately do whatever it takes, is going to be lower. People are going to survive. They're not going to go the extra mile on behalf of that person because that person doesn't deserve it. The survival strategy is, "I'm just going to do my job, keep my head down, not raise any issues, and just try to help out the team and other people in the organization as best I can." Most people in most companies operate like that because that's the situation.
• Managers are almost never evil—they can simply fail to prioritize and build skills for maintaining this kind of credibility. The challenge, then, is one of discipline and skill, not character.
• As I spoke with executives, it became clear that behavioral integrity is an aspect of the organization's culture. In addition to forming part of culture, integrity is also essential for instilling that culture in employees. High integrity managers are better able to shape the culture toward professed values because they model those values and workers trust them
• This gets down to execution, and that's why it gets so complicated. It's not just execution in the sense of "I walked over and cleaned the carpet," or "I walked over and picked up the piece of paper." It gets down to whether you embody the values of the organization. Do you embody the mission and vision of the organization? Do you do what you say you're going to do? Actions that are trustworthy in nature build trust. —Jay Witzel, president and CEO of Carlson Hotels Worldwide
• One of the biggest mistakes that happens over and over again, particularly in big companies, is that senior management expects behavioral patterns or attitudes to originate in the middle of the company, as opposed to from the top of the company. 
• summary, employee perceptions of their leaders' word action consistency—their behavioral integrity, their promise keeping, the extent to which they" walk their talk"—demonstrated extremely high impact on hotels' bottom-line financial performance.

Quotes from The Integrity Dividend: How Excellent Hospitality Leadership Drives Bottom-Line Results by Tony Simons