SEC Charges SolarWinds and Its CISO With Fraud and Cybersecurity Failures

October 30, 2023 at 09:54PM The Securities and Exchange Commission (SEC) has filed charges against SolarWinds and its Chief Information Security Officer (CISO), alleging that the company misled investors about its cybersecurity practices and known risks. The charges stem from alleged fraud and internal control failures related to cybersecurity weaknesses. SolarWinds is accused of disclosing … Read more

SEC sues SolarWinds for misleading investors before 2020 hack

October 30, 2023 at 05:56PM SolarWinds has been charged by the SEC for allegedly hiding cybersecurity issues from investors before the December 2020 APT29 breach. The SEC claims the company failed to disclose the risks and only shared broad information. The SEC also alleges that SolarWinds’ Chief Information Security Officer knew about the vulnerabilities but … Read more

Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover

October 20, 2023 at 04:34PM Eight critical vulnerabilities have been discovered in SolarWinds’ Access Rights Manager Tool, exposing unpatched systems to potential privilege escalation by attackers. The vulnerabilities range from allowing remote code execution to performing local privilege escalation. A new ARM version, 2023.2.1, has been released to fix the vulnerabilities, and SolarWinds clients are … Read more

Critical RCE flaws found in SolarWinds access audit solution

October 20, 2023 at 11:06AM Researchers discovered three critical remote code execution vulnerabilities in SolarWinds Access Rights Manager (ARM), allowing attackers to run code with SYSTEM privileges. SolarWinds ARM helps organizations manage and audit user access rights. The vendor promptly released a patch in version 2023.2.1 of the system. The vulnerabilities’ severity ratings are all … Read more