Tag Archive for: neglect

US regulators sue SolarWinds and its security chief for alleged cyber neglect ahead of Russian hack

/in


U.S. regulators on Monday sued SolarWinds, a Texas-based technology company whose software was breached in a massive 2020 Russian cyberespionage campaign, for fraud for failing to disclose security deficiencies ahead of the stunning hack.

The company’s top security executive was also named in the complaint filed by the Securities and Exchange Commission seeking unspecified civil penalties, reimbursement of “ill-gotten gains” and the executive’s removal.

Detected in December 2020, the SolarWinds hack penetrated U.S. government agencies including the Justice and Homeland Security departments, and more than 100 private companies and think tanks. It was a rude wake-up call that raised awareness in Washington about the urgency of stepping up efforts to better guard against intrusions.

In the 68-page complaint filed in New York federal court, the SEC says SolarWinds and its then vice president of security, Tim Brown, defrauded investors and customers “through misstatements, omissions and schemes” that concealed both the company’s “poor cybersecurity practices and its heightened — and increasing — cybersecurity risks.”

In a statement, SolarWinds called the SEC charges unfounded and said it is “deeply concerned this action will put our national security at risk.”

Brown performed his responsibilities “with diligence, integrity, and distinction,” his lawyer, Alec Koch, said in a statement. Koch added that “we look forward to defending his reputation and correcting the inaccuracies in the SEC’s complaint.” Brown’s current title at SolarWinds is chief information security officer.

The SEC’s enforcement division director, Gurbir S. Grewal, said in a statement that SolarWinds and Brown ignored “repeated red flags” for years, painting “a false picture of the company’s cyber controls environment, thereby depriving investors of accurate material information.”

The very month that SolarWinds registered for an initial public offering, October 2018, Brown wrote in an internal presentation that the company’s “current state of security leaves us in a very vulnerable state,” the complaint says.

Among the SEC’s damning allegations: An internal SolarWinds…

Source…

SEC sues SolarWinds for alleged cyber neglect ahead of Russian hack

/in


U.S. regulators sued SolarWinds, a Texas-based technology company whose software was breached in a massive 2020 Russian cyberespionage campaign, for fraud for failing to disclose security deficiencies ahead of the stunning hack.

The company’s top security executive was also named in the complaint filed Oct. 30 by the Securities and Exchange Commission seeking unspecified civil penalties, reimbursement of “ill-gotten gains” and the executive’s removal.

RELATED

Detected in December 2020, the SolarWinds hack penetrated U.S. government agencies including the Justice and Homeland Security departments, and more than 100 private companies and think tanks. It was a rude wake-up call that raised awareness in Washington about the urgency of stepping up efforts to better guard against intrusions.

In the 68-page complaint filed in New York federal court, the SEC says SolarWinds and its then vice president of security, Tim Brown, defrauded investors and customers “through misstatements, omissions and schemes” that concealed both the company’s “poor cybersecurity practices and its heightened — and increasing — cybersecurity risks.”

In a statement, SolarWinds called the SEC charges unfounded and said it is “deeply concerned this action will put our national security at risk.”

Brown performed his responsibilities “with diligence, integrity, and distinction,” his lawyer, Alec Koch, said in a statement. Koch added that “we look forward to defending his reputation and correcting the inaccuracies in the SEC’s complaint.” Brown’s current title at SolarWinds is chief information security officer.

‘Repeated red flags’

The SEC’s enforcement division director, Gurbir S. Grewal, said in a statement that SolarWinds and Brown ignored “repeated red flags” for years, painting “a false picture of the company’s cyber controls environment, thereby depriving investors of accurate material information.”

The very month that SolarWinds registered for an initial public offering, October 2018, Brown wrote in an internal presentation that the company’s “current state of security leaves us in a very vulnerable state,” the complaint says.

Among the SEC’s damning…

Source…

Why Organizations Cannot Afford to Neglect Mobile Security – BlackBerry Rocks!

/in

Why Organizations Cannot Afford to Neglect Mobile Security
BlackBerry Rocks!
Lots of people now use mobile and internet banking services because they are convenient and save time. Unfortunately, there are several risks too. If your device is not secure, your financial information can be at risk. Fraudsters are increasingly

and more »

“mobile security” – read more

Comptroller: Catskill schools neglect purchase policy, computer security – Daily Freeman

/in

CATSKILL — A state comptroller’s audit of internal controls over purchasing and information technology has concluded the Catskill Central School District “did not enforce its purchasing policies and failed to implement effective information …
Read more