October 25, 2024 at 05:09PM The SEC has charged four companies for inadequate disclosures related to the 2020 SolarWinds breach. Unisys faced the largest penalty of $4 million. The SEC aims to deter vague breach disclosures and stresses the importance of precise communication to avoid future legal ramifications, urging closer collaboration between CISOs and legal … Read more
August 30, 2024 at 09:35AM Cybersecurity researchers discovered a vulnerability in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs, allowing unauthorized access to skip airport security and enter the cockpit of commercial airliners. By exploiting a SQL injection bug in the third-party vendor site FlyCASS, the researchers gained admin access and manipulated … Read more
November 7, 2023 at 01:52AM The Securities and Exchange Commission (SEC) has implemented a new rule requiring companies to disclose cybersecurity incidents and provide annual information on their cybersecurity risk management, strategy, and governance. The rule mandates the filing of Form 8-K within four business days of determining an incident as material, with enforcement starting … Read more
October 30, 2023 at 09:54PM The Securities and Exchange Commission (SEC) has filed charges against SolarWinds and its Chief Information Security Officer (CISO), alleging that the company misled investors about its cybersecurity practices and known risks. The charges stem from alleged fraud and internal control failures related to cybersecurity weaknesses. SolarWinds is accused of disclosing … Read more
October 11, 2023 at 10:07AM Citrix has released patches for a critical vulnerability in NetScaler Application Delivery Controller (ADC) and NetScaler Gateway. The vulnerability, CVE-2023-4966, could lead to sensitive information disclosure and can be exploited without authentication. Citrix advises customers to upgrade their appliances to the supported versions. The company has also addressed a denial-of-service … Read more