May 24, 2024 at 09:59AM In October 2023, the SEC filed a landmark lawsuit against SolarWinds Corp. and its CISO, Timothy Brown, over alleged false statements about cybersecurity. CISOs should enhance communication with financial teams, ensure all statements are rigorously reviewed, maintain top-notch security policies, collaborate with assurance providers, and seek legal counsel amidst evolving … Read more
April 25, 2024 at 10:04AM The article covers the SEC’s SolarWinds’ indictments and proposes a remediation safe harbor for cybersecurity incidents. It discusses the discrepancy between SolarWinds’ public cybersecurity statements and internal knowledge of risks, highlighting the need for better cybersecurity disclosures. The author suggests CISOs should have more control over and involvement in company … Read more
March 3, 2024 at 10:20PM LockBit ransomware gang continues operations despite law enforcement takedown, claiming to possess sensitive data. Analyst suggests gang’s posturing to reassure affiliates, while CISA warns Ivanti vulnerabilities could persist even after factory resets. Security researchers raise concerns about potential cloud-based SAML token forgery vulnerability, advising organizations to safeguard certificates against potential … Read more
February 16, 2024 at 01:36PM SolarWinds patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities allowing unauthenticated exploitation. Four flaws were found and reported by researchers. The company also fixed three other critical RCE bugs in October. SolarWinds was charged with defrauding investors by failing … Read more
January 29, 2024 at 04:50PM SolarWinds disputed SEC’s jurisdiction and denial of cybersecurity shortcomings charges. SEC alleged SolarWinds failed to protect systems and misled customers about cyber threats. SolarWinds insisted it made proper disclosures, and SEC seeks to regulate cybersecurity controls beyond its scope. SolarWinds maintained transparency and claimed to be unfairly characterized as a … Read more
January 29, 2024 at 03:55PM SolarWinds, victim of Russian cyber-attack, accuses SEC of unfair treatment. The company argues the watchdog’s charges are baseless and seek to impose unreasonable cybersecurity disclosure requirements. SolarWinds maintains it made proper and accurate disclosures before and after the attack. The SEC alleges that SolarWinds misled investors about its security practices, … Read more
December 18, 2023 at 10:05AM The SolarWinds attack in December 2020 compromised 18,000 organizations and revealed vulnerabilities in supply chain security. Recent developments highlight SolarWinds’ breach detection timeline and resulted in legal action. Regulators are pursuing improved security practices, and governments and organizations are working together to strengthen cybersecurity frameworks, promote information sharing, and prioritize … Read more
December 14, 2023 at 06:24AM Russian threat actors linked to APT29 and SVR have been targeting unpatched JetBrains TeamCity servers since September 2023, exploiting CVE-2023-42793. This involves initial access to the compromised network environments and subsequent deployment of backdoors. The attacks aim to compromise source code, signing certificates, and software deployment processes, impacting numerous sectors … Read more
November 9, 2023 at 12:12PM SolarWinds has strongly defended itself against the Securities and Exchange Commission’s (SEC) lawsuit over the 2020 SUNBURST cyberattack. The company called the SEC’s claims “fundamentally flawed” and stated that it had appropriate cybersecurity controls in place before the attack. SolarWinds accused the SEC of overreaching and lacking the authority to … Read more
October 31, 2023 at 04:10PM The US Securities and Exchange Commission (SEC) has filed a lawsuit against SolarWinds’ former Chief Information Security Officer (CISO), Timothy Brown, alleging that he failed to disclose critical information about the cyberattack on the company’s software supply chain. The lawsuit is seen as a rare instance of a regulatory body … Read more