News
News
- April 25, 2024
25 Apr'24
Risk & Repeat: Change Healthcare's bad ransomware bet
This Risk & Repeat podcast discusses Change Healthcare's ransomware attack and the apparent further spread of sensitive data despite the company paying a ransom.
- April 25, 2024
25 Apr'24
Dymium scares ransomware attacks with honeypot specters
Dymium, a security startup that recently emerged from stealth, offers ransomware defense for data stores with a network of honeypot traps for spoofing attackers.
- April 25, 2024
25 Apr'24
Cisco zero-day flaws in ASA, FTD software under attack
Cisco revealed that a nation-state threat campaign dubbed 'ArcaneDoor' exploited two zero-day vulnerabilities in its Adaptive Security Appliance and Firepower Threat Defense products.
-
- April 24, 2024
24 Apr'24
Critical CrushFTP zero-day vulnerability under attack
While a patch is now available, a critical CrushFTP vulnerability came under attack as a zero-day and could allow attackers to exfiltrate all files on the server.
- April 24, 2024
24 Apr'24
Coalition: Insurance claims for Cisco ASA users spiked in 2023
Coalition urged enterprises to be cautious when using Cisco and Fortinet network boundary devices as attackers can leverage the attack vectors to gain initial access.
-
Sponsored News
-
Server Security in the Era of ChatGPT
Sponsored by Dell Technologies and Intel - The importance of security and compliance to applications and data environments cannot be overstated. A GenAI platform deployment is different from a typical infrastructure as a service (IaaS) implementation in terms of who holds the keys and who can read the data. Research by TechTarget's Enterprise Strategy Group has found that even cloud-first organizations are deploying some workloads on premises, rather than the cloud, due to concerns related to data governance and sovereignty (cited by 42% of respondents) and security (cited by 34%). These organizations understand the real potential for data leakage associated with GenAI. See More
-
Dell Technologies GenAI-validated Designs and Dell Reference Designs
Sponsored by Dell Technologies and Intel - It's important to have the right infrastructure in place to support generative AI solutions. The intent should be to keep control of both proprietary data and associated GenAI-related business outcomes. See More
-
Sustainability, AI and Dell PowerEdge Servers
Sponsored by Dell Technologies and Intel - When it comes to energy efficiency and sustainability in IT, rightsizing is critical. Optimizing the infrastructure model and the right hardware needed to run it should be the goal. See More
-
A Generative AI Use Case Brought to Life with Solutions from Dell Technologies
Sponsored by Dell Technologies and Intel - Generative AI is not science fiction. It is real. Implementing and using generative AI is a goal within reach of any organization, not just large technology-centric ones. According to research by TechTarget's Enterprise Strategy Group, 92% of organizations will have generative AI in production within the next year. IT vendors such as Dell Technologies are currently working to bring AI to businesses, organizations and institutions in a manner customized to their unique needs. See More
-
- April 24, 2024
24 Apr'24
GitHub vulnerability leaks sensitive security reports
The vulnerability is triggered when GitHub users correct code or other mistakes they discover on repositories. But GitHub does not believe it warrants a fix.
- April 23, 2024
23 Apr'24
U.S. cracks down on commercial spyware with visa restrictions
The move marks the latest effort by the U.S. government to curb the spread of commercial spyware, which has been used to target journalists, politicians and human rights activists.
- April 23, 2024
23 Apr'24
Mandiant: Attacker dwell time down, ransomware up in 2023
Mandiant's 'M-Trends' 2024 report offered positive signs for global cybersecurity but warned that threat actors are shifting to zero-day exploitation and evasion techniques.
- April 22, 2024
22 Apr'24
Mitre breached by nation-state threat actor via Ivanti flaws
An unnamed nation-state threat actor breached Mitre through two Ivanti Connect Secure zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, disclosed earlier this year.
- April 19, 2024
19 Apr'24
CISA: Akira ransomware extorted $42M from 250+ victims
The Akira ransomware gang, which utilizes sophisticated hybrid encryption techniques and multiple ransomware variants, targeted vulnerable Cisco VPNs in a campaign last year.
-
- April 18, 2024
18 Apr'24
Cisco discloses high-severity vulnerability, PoC available
The security vendor released fixes for a vulnerability that affects Cisco Integrated Management Controller, which is used by devices including routers and servers.
- April 18, 2024
18 Apr'24
CrowdStrike extends cloud security to Mission Cloud customers
CrowdStrike Falcon Cloud Security and Falcon Complete Cloud Detection and Response (CDR) will be made available through the Mission Cloud One AWS MSP platform.
- April 17, 2024
17 Apr'24
Mandiant upgrades Sandworm to APT44 due to increasing threat
Over the past decade, Sandworm has been responsible for high-severity attacks that highlight the group's persistence, evasion techniques and threat to government bodies.
- April 16, 2024
16 Apr'24
OT security vendor Nozomi Networks lands Air Force contract
Nozomi Networks CEO Edgard Capdevielle said the $1.25 million contract will be a guarantee that 'our products will continue to meet the requirements of the Air Force.'
- April 12, 2024
12 Apr'24
CISA: Midnight Blizzard obtained federal agency emails
CISA ordered U.S. federal agencies to reset any credentials exposed by Midnight Blizzard's breach against Microsoft and notify CISA in the case of a known or suspected compromise.
- April 12, 2024
12 Apr'24
Palo Alto Networks discloses RCE zero-day vulnerability
Threat actors have exploited the remote code injection flaw, which affects the GlobalProtect gateway in Palo Alto Networks' PAN-OS software, in a 'limited' number of attacks.
- April 11, 2024
11 Apr'24
CISA discloses Sisense breach, customer data compromised
CISA is investigating a breach of data analytics vendor Sisense that may have exposed customers' credentials and secrets and could impact critical infrastructure organizations.
- April 11, 2024
11 Apr'24
RSA Conference 2024 focuses on collaboration, resilience
Follow TechTarget Security's RSAC 2024 guide for pre-conference insights and the most pressing presentations and breaking news at the world's biggest infosec event.
- April 10, 2024
10 Apr'24
Supply chain attack abuses GitHub features to spread malware
Checkmarx warned developers to be cautious when choosing which repositories to use, as attackers are manipulating GitHub features to boost malicious code.
- April 09, 2024
09 Apr'24
Unit 42: Malware-initiated scanning attacks on the rise
Palo Alto Networks' research team warned of threat actors compromising one victim and then using that victim's resources to discreetly scan for vulnerabilities on other systems.
- April 09, 2024
09 Apr'24
Why the Keitaro TDS keeps causing security headaches
Keitaro insists it is on the side of the law, but threat actors continue to flock to the software company's traffic distribution system to redirect users to malicious domains.
- April 08, 2024
08 Apr'24
Flaws in legacy D-Link NAS devices under attack
Internet scans show threat actors are targeting CVE-2024-3273 in thousands of end-of-life D-Link NAS devices, and exploitation requires no authentication.
- April 05, 2024
05 Apr'24
Risk & Repeat: Cyber Safety Review Board takes Microsoft to task
This podcast episode discusses the Cyber Safety Review Board's report on Microsoft and its conclusion that the software giant must overhaul its security culture.
- April 04, 2024
04 Apr'24
Ransomware attacks ravaged municipal governments in March
Many municipalities across the U.S. faced network outages, data breaches and large ransom demands following a flurry of ransomware attacks last month.
- April 04, 2024
04 Apr'24
Infosec professionals praise CSRB report on Microsoft breach
Security professionals and executives weigh in on how the Cyber Safety Review Board handled its investigation into Microsoft and what it could mean for the tech giant.
- April 03, 2024
03 Apr'24
Sophos: Ransomware present in 70% of IR investigations
Sophos' Active Adversary Report said securing remote desktop protocols and Active Directories and hardening credentials can help limit the influx of successful ransomware attacks.
- April 03, 2024
03 Apr'24
Cyber Safety Review Board slams Microsoft security failures
The Department of Homeland Security's Cyber Safety Review Board said a 'cascade' of errors at Microsoft allowed nation-state hackers to access U.S. government emails last year.
- April 03, 2024
03 Apr'24
Trend Micro: LockBit ransomware gang's comeback is failing
LockBit is struggling to resume operations in part due to the name-and-shame aspect of the international law enforcement operation responsible for the gang's disruption.
- April 02, 2024
02 Apr'24
Microsoft Copilot for Security brings GenAI to SOC teams
Microsoft's latest AI-powered tool, now generally available, has been beneficial for security teams regarding efficiency, but infosec experts see some room for improvements.
- April 01, 2024
01 Apr'24
XZ backdoor discovery reveals Linux supply chain attack
A maintainer for XZ, a popular open source compression library for Linux distributions, compromised the open source project over the course of two years.
- March 29, 2024
29 Mar'24
Typosquatting campaign, malicious packages slam PyPI
Threat actors used automated typosquatting attacks to lead victims to malicious python packages in yet another campaign targeting the open-source software supply chain.
- March 27, 2024
27 Mar'24
Spyware vendors behind 75% of zero-days targeting Google
Google observed 97 zero-day vulnerabilities exploited in the wild last year, which was more than a 50% increase over the 62 exploited zero-day vulnerabilities tracked in 2022.
- March 27, 2024
27 Mar'24
Unpatched flaw in Anyscale's Ray AI framework under attack
Oligo Security researchers say thousands of Ray servers have been compromised through the flaw, but Anyscale said it has received no reports of exploitation.
- March 27, 2024
27 Mar'24
Flashpoint observes 84% surge in ransomware attacks in 2023
The threat intelligence vendor anticipates that enterprises will continue to face increases in ransomware activity and data breaches in 2024, with some silver linings ahead.
- March 26, 2024
26 Mar'24
SQL injection vulnerability in Fortinet software under attack
Fortinet and CISA confirmed CVE-2023-48788 is being actively exploited. But the Shadowserver Foundation found that many vulnerable instances remain online.
- March 26, 2024
26 Mar'24
Top.gg supply chain attack highlights subtle risks
Threat actors used fake Python infrastructure and cookie stealing to poison multiple GitHub code repositories, putting another spotlight on supply chain risks.
- March 22, 2024
22 Mar'24
'GoFetch' attack spells trouble for Apple M-series chips
Academic researchers discovered a hardware optimization feature called 'data memory-dependent prefetcher' could be abused to extract secret encryption keys from vulnerable systems.
- March 21, 2024
21 Mar'24
AWS fixes 'FlowFixation' vulnerability for account hijacking
A Tenable researcher discovered a session fixation flaw in AWS Managed Workflows for Apache Airflow that, combined with a misconfiguration, could enable account hijacking.
- March 21, 2024
21 Mar'24
NCC Group: Ransomware attacks jump 73% in February
While NCC Group expected an increase in ransomware attacks from January to February, year-over-year data showed just how persistent the threat is to enterprises.
- March 20, 2024
20 Mar'24
CISA urges defensive actions against Volt Typhoon threats
The U.S. cybersecurity agency advised critical infrastructure leaders to adopt several best practices and defensive measures to protect against Chinese state-sponsored attacks.
- March 19, 2024
19 Mar'24
Risk & Repeat: Microsoft's Midnight Blizzard mess
This podcast episode discusses the latest disclosure from Microsoft regarding Midnight Blizzard, which accessed internal systems, source code and some cryptographic secrets.
- March 18, 2024
18 Mar'24
Exploitation activity increasing on Fortinet vulnerability
The Shadowserver Foundation recently saw an increase in exploitation activity for CVE-2024-21762, two days after a proof-of-concept exploit was published.
- March 14, 2024
14 Mar'24
JetBrains, Rapid7 clash over vulnerability disclosure policies
In a blog post this week, JetBrains argued that attacks on TeamCity customers were the result of Rapid7 publishing the full technical details of two critical vulnerabilities.
- March 13, 2024
13 Mar'24
Risk & Repeat: CISA hacked via Ivanti vulnerabilities
The compromise of two internal CISA systems comes on the heels of ongoing attacks and developments related to two zero-day vulnerabilities Ivanti disclosed in January.
- March 12, 2024
12 Mar'24
Sophos: Remote ransomware attacks on SMBs increasing
According to new research from Sophos, small businesses are seeing a rise in threats such as remotely executed ransomware attacks, malvertising, driver abuse and more.
- March 12, 2024
12 Mar'24
LockBit attacks continue via ConnectWise ScreenConnect flaws
Coalition is latest company to confirm LockBit activity against vulnerable ScreenConnect instances. But the insurer found significant differences between previous LockBit attacks.
- March 11, 2024
11 Mar'24
CISA confirms compromise of its Ivanti systems
CISA said that approximately one month ago, it identified 'activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses.'
- March 08, 2024
08 Mar'24
Midnight Blizzard accessed Microsoft systems, source code
Microsoft said Midnight Blizzard used data stolen from a breach of its corporate email system to access other parts of the company's network, including source code repositories.
- March 07, 2024
07 Mar'24
Risk & Repeat: Alphv/BlackCat's chaotic exit (scam)
This podcast episode discusses the possible exit scam of ransomware-as-a-service gang Alphv/BlackCat, as well as the chaotic months the gang had leading up to its closure.
- March 07, 2024
07 Mar'24
Former Google engineer charged with stealing AI trade secrets
Linwei Ding, a Chinese national, allegedly evaded Google's data loss prevention systems and stole confidential information to start his own China-based AI company.
- March 06, 2024
06 Mar'24
Apple discloses 2 iOS zero-day vulnerabilities
CVE-2024-23225 and CVE-2024-23296, which bypass kernel memory protections, mark the second and third zero-day vulnerabilities that Apple has disclosed and patched this year.
- March 05, 2024
05 Mar'24
Alphv/BlackCat leak site goes down in possible exit scam
An Alphv/BlackCat affiliate accused the ransomware gang of stealing a ransom payment worth more than $20 million that may have been obtained in the Change Healthcare attack.
- March 05, 2024
05 Mar'24
Critical JetBrains TeamCity vulnerabilities under attack
Exploitation activity has started against two vulnerabilities in JetBrains TeamCity, which has been targeted previously by nation-state threat actors such as Russia's Cozy Bear.
- March 05, 2024
05 Mar'24
Inside an Alphv/BlackCat ransomware attack
Sygnia researchers investigated an intrusion in a client's network and discovered an Alphv/BlackCat ransomware actor had been lurking in the environment for weeks.
- March 04, 2024
04 Mar'24
Infosec pros weigh in on proposed ransomware payment bans
Whether for or against a payment ban, security professionals are concerned regulations could negatively affect victims and result in fewer incident disclosures.
- March 04, 2024
04 Mar'24
LockBit, Alphv/BlackCat highlight February ransomware activity
With events surrounding the LockBit and Alphv/BlackCat gangs and the ConnectWise ScreenConnect flaws, ransomware activity continues this year after a surge in 2023.
- February 29, 2024
29 Feb'24
CISA warns Ivanti ICT ineffective for detecting compromises
CISA observed ongoing exploitation against four Ivanti vulnerabilities and found problems with the vendor's Integrity Checker Tool, which is designed to detect compromises.
- February 29, 2024
29 Feb'24
AWS on why CISOs should track 'the metric of no'
AWS' Clarke Rodgers believes that tracking the number of times CISOs say no to line-of-business requests will ultimately help them build a stronger security culture.
- February 28, 2024
28 Feb'24
Alphv/BlackCat attacking hospitals following FBI takedown
The ransomware attacks against hospitals and the healthcare sector come after law enforcement agencies, led by the FBI, disrupted Alphv/BlackCat's network in December.
- February 27, 2024
27 Feb'24
Risk & Repeat: LockBit resurfaces after takedown
LockBit returns just days after an international law enforcement operation infiltrated the ransomware gang's network and seized infrastructure, source code and decryption keys.
- February 27, 2024
27 Feb'24
Ransomware gangs exploiting ConnectWise ScreenConnect flaws
Ransomware activity is ramping up against vulnerable ScreenConnect systems as Black Basta and Bl00dy threat actors were observed exploiting the vulnerabilities.
- February 26, 2024
26 Feb'24
LockBit restores servers following law enforcement takedown
Law enforcement agencies last week announced a takedown of the LockBit ransomware gang that involved the seizure of servers, websites and decryption keys, as well as two arrests.
- February 26, 2024
26 Feb'24
CISA: APT29 targeting cloud accounts for initial access
U.K. and U.S. government agencies have observed the Russian nation-state group increasingly target dormant and inactive cloud service accounts to gain initial access.
- February 23, 2024
23 Feb'24
GitHub Copilot replicating vulnerabilities, insecure code
Research from Snyk shows that AI assistants such as GitHub Copilot, which offer code completion suggestions, often amplify existing bugs and security issues in a user's codebase.
- February 22, 2024
22 Feb'24
ConnectWise ScreenConnect flaws under attack, patch now
Huntress said in a blog post this week that the ConnectWise ScreenConnect flaws, which have come under attack, were 'trivial and embarrassingly easy' for a threat actor to exploit.
- February 21, 2024
21 Feb'24
Apple unveils PQ3 post-quantum encryption for iMessage
Apple said its new PQ3 protocol for iMessage is the first of its kind and addresses both future threats from quantum computing as well as "harvest now, decrypt later" attacks.
- February 21, 2024
21 Feb'24
Coalition: Vulnerability scoring systems falling short
Coalition said enterprises faced more substantial fallout from attacks on Citrix Bleed and Progress Software's MoveIt Transfer due to inadequate vulnerability prioritization.
- February 21, 2024
21 Feb'24
CrowdStrike 'Global Threat Report': Cloud intrusions up 75%
This year's report covered cloud intrusions, data extortion attacks, and the ongoing conflict between Israel and Hamas.
- February 20, 2024
20 Feb'24
Operation Cronos dismantles LockBit ransomware gang
An international law enforcement operation led by the U.K.'s National Crime Agency seizes LockBit's websites, servers, source code and decryption keys.
- February 15, 2024
15 Feb'24
Ransomware disrupts utilities, infrastructure in January
Ransomware attacks last month caused outages and disruptions at public sector and critical infrastructure organizations as well as a major financial services firm.
- February 15, 2024
15 Feb'24
Eclypsium: Ivanti firmware has 'plethora' of security issues
In its firmware analysis, Eclypsium found that the Ivanti Pulse Secure appliance used a version of Linux that was more than a decade old and several years past end of life.
- February 14, 2024
14 Feb'24
Microsoft, OpenAI warn nation-state hackers are abusing LLMs
Microsoft and OpenAI observed five nation-state threat groups leveraging generative AI and large language models for social engineering, vulnerability research and other tasks.
- February 13, 2024
13 Feb'24
Iranian cyberattacks targeting U.S. and Israeli entities
Google said Tuesday that state-backed Iranian actors targeted the U.S. and Israel consistently in the years prior to the start of the Israel-Hamas war as well as the months after.
- February 13, 2024
13 Feb'24
Proofpoint: 'Hundreds' of Azure accounts compromised
Proofpoint researchers found that the attackers manipulated the MFA of compromised accounts, registering their own methods to maintain persistent access.
- February 12, 2024
12 Feb'24
CISA warns Fortinet zero-day vulnerability under attack
CISA alerted federal agencies that a critical zero-day vulnerability in FortiOS is being actively exploited, though Fortinet has yet to confirm reports.
- February 08, 2024
08 Feb'24
NCC Group records the most ransomware victims ever in 2023
Enterprises faced an alarming number of ransomware attacks as gangs targeted supply chains and took advantage of zero-day vulnerabilities and organizations' patching struggles.
- February 07, 2024
07 Feb'24
CISA: Volt Typhoon had access to some U.S. targets for 5 years
A joint cybersecurity advisory expanded on the Volt Typhoon threat Wednesday, confirming attackers maintained prolonged persistent access to critical infrastructure targets.
- February 07, 2024
07 Feb'24
Chainalysis: 2023 a 'watershed' year for ransomware
Chainalysis said ransomware payments ballooned to reach $1.1 billion in 2023, marking a complete reversal from the decline in ransomware payments seen the year prior.
- February 06, 2024
06 Feb'24
Google: Spyware vendors are driving zero-day exploitation
Google's Threat Analysis Group urged further government action against commercial surveillance vendors that let customers abuse spyware products with impunity.
- February 06, 2024
06 Feb'24
Linux group announces Post-Quantum Cryptography Alliance
The Post-Quantum Cryptography Alliance aims to 'drive the advancement and adoption of post-quantum cryptography' and respond to security threats introduced by the emerging tech.
- February 05, 2024
05 Feb'24
AnyDesk hacked, details unclear
Of the hack, AnyDesk said it found 'no evidence that any end-user devices have been affected.' But researchers said they saw AnyDesk customer credentials for sale on the dark web.
- February 02, 2024
02 Feb'24
Cloudflare discloses breach related to stolen Okta data
Cloudflare initially believed it contained an attempted cyberattack last October by a threat actor using an access token stolen in a breach of Okta's customer support system.
- February 01, 2024
01 Feb'24
Critical infrastructure hacks raise alarms on Chinese threats
FBI Director Christopher Wray and CISA Director Jen Easterly warned that China was targeting critical infrastructure for possible destructive attacks in the event of a conflict with the United States.
- February 01, 2024
01 Feb'24
CISA deputy director touts progress, anti-ransomware efforts
In this Q&A, CISA Deputy Director Nitin Natarajan shares his thoughts on scaling up to meet high demand, the agency's new initiative to address ransomware and more.
- January 31, 2024
31 Jan'24
Ivanti discloses new zero-day flaw, releases delayed patches
While Ivanti customers can start patching two previously disclosed vulnerabilities, they must also address two new flaws for the same product.
- January 30, 2024
30 Jan'24
Corvus: 2023 was a 'record-breaking' ransomware year
The insurance company analyzed claims data and ransomware gangs' data leak sites, which suggests as many as 7,600 organizations across the globe were attacked in 2023.
- January 30, 2024
30 Jan'24
Security executives slam Microsoft over latest breach
Criticisms about Microsoft's breach include the lack of multifactor authentication on the targeted account and the company's approach to disclosing information about the attack.
- January 29, 2024
29 Jan'24
Citizen Lab details ongoing battle against spyware vendors
At the SANS Cyber Threat Intelligence Summit, Citizen Lab researcher Bill Marczak discusses spyware proliferation from commercial vendors such as NSO Group, Cytrox and Quadream.
- January 26, 2024
26 Jan'24
Microsoft: Legacy account hacked by Russian APT had no MFA
Microsoft has begun notifying other organizations that have been targeted in recent attacks by Midnight Blizzard, a Russian nation-state actor also known as Cozy Bear and APT29.
- January 25, 2024
25 Jan'24
HPE breached by Russian APT behind Microsoft hack
HPE suspects that Cozy Bear, a Russian state-sponsored threat actor also known as Midnight Blizzard and Nobelium, breached its network twice in 2020.
- January 24, 2024
24 Jan'24
NCSC says AI will increase ransomware, cyberthreats
While other threats are likely to increase as well, the U.K.'s National Cyber Security Centre warns that threat actors will use AI to continue the influx of ransomware attacks.
- January 23, 2024
23 Jan'24
Attacks begin on critical Atlassian Confluence vulnerability
Exploitation activity for CVE-2023-22527 marks the third time in four months that a critical Atlassian Confluence flaw has gained threat actors' attention.
- January 22, 2024
22 Jan'24
Microsoft breached by Russian APT behind SolarWinds attack
Several email accounts belonging to Microsoft senior leadership were accessed as part of the breach, though Microsoft found 'no evidence' of customer environments being accessed.
- January 19, 2024
19 Jan'24
Chinese threat group exploited VMware vulnerability in 2021
After VMware confirmed that CVE-2023-34048 had been exploited, Mandiant attributed the activity to a China-nexus threat group and revealed that exploitation began in late 2021.
- January 18, 2024
18 Jan'24
CISA posts incident response guide for water utilities
In its guide, CISA urged water and wastewater sector utility operators to harden their security posture, increase information sharing and build incident response plans.
- January 18, 2024
18 Jan'24
Chainalysis observes decrease in cryptocurrency crime in 2023
During 2023, Chainalysis tracked a decrease in the total value and volume of illicit cryptocurrency transactions. But it is unclear if the downward trend will continue.
- January 18, 2024
18 Jan'24
SolarWinds breach news center
The massive SolarWinds supply chain attack continues to invade networks. Here's the latest news on the breach, how the malware infiltrates systems and the IT industry response.
- January 17, 2024
17 Jan'24
New zero-days in Citrix NetScaler ADC, Gateway under attack
The new vulnerabilities come four months after a variety of threat actors exploited the 'Citrix Bleed' zero-day flaw in NetScaler ADC and Gateway products.
- January 17, 2024
17 Jan'24
Google, researchers in dispute over account hijacking attacks
Google disputes aspects of threat research that CloudSEK published last month claiming threat actors are maintaining persistence after hijacking Google user accounts.
- January 17, 2024
17 Jan'24
CISOs on alert following SEC charges against SolarWinds
The Securities and Exchange Commission announced charges against SolarWinds and its CISO in October, but will it help improve transparency or simply scare infosec executives?