• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

SEC Announces ‘Enforcement Action’ For SolarWinds Over 2020 Hack

You are here: Home / General Cyber Security News / SEC Announces ‘Enforcement Action’ For SolarWinds Over 2020 Hack
November 8, 2022

SolarWinds has introduced it is facing US Securities and Trade Fee (SEC) enforcement action around the application firm’s large data breach in 2020.

In a the latest 8-K filing with the SEC, the corporation said it achieved an arrangement with shareholders, who at first sued SolarWinds over promises they have been misled about the 2020 hack.

“SolarWinds was one of the most significant cyber-attacks of the previous couple a long time, so it is not astonishing the corporation is now struggling with authorized motion,” Julia O’Toole, CEO of MyCena Security Methods, instructed Infosecurity.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“Even even though the attack was found nearly two decades in the past, quite a few specifics all around the incident are nonetheless unknown, and several of SolarWinds’s prospects nonetheless do not know if they had been compromised.”

According to the doc, the claimants proposed the enterprise misrepresented its security posture ahead of and all through the gatherings connected with the hack and unsuccessful to monitor cybersecurity challenges sufficiently.

“This authorized action is stating that SolarWinds did not do plenty of to secure its clients,” O’Toole included. “The truth that attackers were being likely on the organization’s network about a year ahead of they had been found signals this could be legitimate.”

The submitting also addresses this issue by means of a Wells Detect (a document warning that the SEC is arranging to bring an enforcement action) soon after SolarWinds said its disclosures and public statements at the time of the breach were “correct.”

The notice informs the firm of the regulator’s intention to file enforcement motion “with respect to its cybersecurity disclosures and community statements, as properly as its inner controls and disclosure controls and techniques.”

Many authorities departments were compromised during the hack, such as NASA, the Justice Department and Homeland Security. The the greater part of the victims, on the other hand, had been personal companies like FireEye, along with quite a few Fortune 500 firms, hospitals and universities.

The US administration ultimately attributed the hack to the Russian authorities.

“We are probable to see additional action like this in the foreseeable future, particularly as most organizations are not still securing and segmenting their network accessibility properly,” O’Toole warned.

In accordance to the government, when companies allow for staff members to make their passwords or digital keys, they drop management of their network obtain segmentation.

“Companies will need to harden their networks in opposition to this working with access encryption and segmentation. If not, they could come across on their own struggling with equivalent authorized motion to SolarWinds,” O’Toole concluded.

The submitting comes approximately a thirty day period right after the SEC fined financial solutions huge Morgan Stanley $35m over facts security lapses. Extra not too long ago, the Commission billed Kim Kardashian $1.26m for failing to disclose a payment for advertising and marketing a cryptocurrency merchandise.


Some areas of this write-up are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Conti Affiliates Black Basta, BlackByte Continue to Attack Critical Infrastructure
Next Post: Insider Risk on the Rise: 12% of Employees Take IP When Leaving Jobs Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.