Tag

Solarwinds

All articles tagged with #solarwinds

vulnerability-data-protection1 year ago•2 min saved

"Urgent: Patch SolarWinds Serv-U Vulnerability Amid Active Exploits"

A high-severity directory traversal vulnerability in SolarWinds Serv-U file transfer software (CVE-2024-28995) is being actively exploited, allowing attackers to read sensitive files. The flaw affects all versions up to Serv-U 15.4.2 HF 1 and has been patched in version 15.4.2 HF 2. Users are urged to update immediately to mitigate potential threats, as public proof-of-concept exploits make it easy for attackers to leverage this vulnerability.

via The Hacker News|

#cve-2024-28995 #cybersecurity #exploits

cybersecurity2 years ago•3 min saved

SEC Sues SolarWinds for Fraud and Negligence in Cyberattack Fallout

The Securities and Exchange Commission (SEC) has filed a lawsuit against SolarWinds, alleging that the company committed fraud and failed to maintain adequate internal controls prior to the massive cyberattack it suffered in 2019. The SEC also named SolarWinds' chief information security officer, Tim Brown, in the lawsuit, claiming that the company overstated its cybersecurity practices and understated known vulnerabilities. The attack, attributed to a Russian-backed hacking group, compromised SolarWinds' Orion software, which was widely used by government agencies. The SEC alleges that SolarWinds misled investors about its cybersecurity compliance and failed to disclose the extent of the vulnerabilities exploited by the hackers. SolarWinds has stated that it believes the SEC's enforcement action is misguided and improper and will contest the charges in court.

via CNBC|

#cyberattack #cybersecurity #cybersecurity-practices

cybersecurity2 years ago•4 min saved

SEC Charges SolarWinds and CISO With Fraud and Cybersecurity Negligence

The Securities and Exchange Commission (SEC) has filed charges against SolarWinds and its Chief Information Security Officer (CISO), Timothy G. Brown, alleging that the company misled investors about its cybersecurity practices and known risks. The charges stem from alleged fraud and internal control failures related to cybersecurity weaknesses that occurred between the company's IPO in October 2018 and the disclosure of the SUNBURST cyberattack in December 2020. The SEC claims that SolarWinds and Brown deceived investors by overstating cybersecurity practices while downplaying or failing to disclose specific risks. SolarWinds denies the allegations and plans to vigorously oppose the SEC's action.

via SecurityWeek|

#cyberattack #cybersecurity #fraud

cybersecurity2 years ago•2 min saved

SEC Files Charges Against SolarWinds for Concealing Cybersecurity Issues and Fraud

The Securities and Exchange Commission (SEC) has filed a lawsuit against SolarWinds, accusing the software company of failing to disclose cybersecurity vulnerabilities that led to a major breach. The SEC alleges that SolarWinds violated federal securities law by not disclosing known vulnerabilities that could be exploited by hackers. The breach, which occurred in 2020 and was linked to the Russian government, affected thousands of customer organizations, including nine federal agencies. SolarWinds, which claims to have over 300,000 customers, including 96% of the Fortune 500, has criticized the SEC's charges as "unfounded" and expressed concerns about national security implications. The SEC maintains that the company would have violated securities law even if the breach had not occurred.

via The Washington Post|

#breach #cybersecurity #disclosure

businesstech2 years ago•3 min saved

SEC Charges SolarWinds and CISO with Fraud and Cybersecurity Failures

The Securities and Exchange Commission (SEC) has charged software company SolarWinds and its chief information security officer, Timothy G. Brown, with fraud and internal control failures related to cybersecurity risks and vulnerabilities. The complaint alleges that SolarWinds misled investors about its cybersecurity practices and understated known risks. Internal assessments contradicted the company's public statements, revealing deficiencies in its cybersecurity practices. SolarWinds' stock price dropped following an incomplete disclosure about a cyberattack. The SEC seeks injunctive relief, disgorgement, civil penalties, and an officer and director bar against Brown.

via SEC.gov|

#businesstech #cybersecurity #fraud

cybersecurity2 years ago•5 min saved

DOJ Knew of SolarWinds Breach Pre-Public Disclosure

The US Department of Justice (DOJ) discovered the SolarWinds breach six months earlier than previously reported, in May 2020, but was unaware of the significance of what they had found. Suspicions were triggered when the department detected unusual traffic emanating from one of its servers that was running a trial version of the Orion software suite made by SolarWinds. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked. It also engaged Microsoft, though it’s not clear why the software maker was also brought onto the investigation. The incident underscores the importance of information-sharing among agencies and industry, something the Biden administration has emphasized.

via WIRED|

#breach #cybersecurity #doj