Security News

A judge has mostly thrown out a lawsuit brought by America's financial watchdog that accused SolarWinds and its chief infosec officer of misleading investors about its computer security practices and the backdooring of its Orion product. In a Thursday ruling [PDF], US federal district Judge Paul Engelmayer dismissed all of the so-called "Post-SUNBURST" claims the SEC levied against SolarWinds.

A Panaseer investigation into organizations’ annual 10-K filings reported to the SEC shows that from January-May 2024, at least 1,327 filings mentioned NIST – a key indicator that cybersecurity...

In this Help Net Security video, Mark Millender, Senior Advisor of Global Executive Engagement at Tanium, discusses the overall sentiment from CISOs of large, public companies on the effectiveness and understanding of SEC's cyber disclosure rules and common misconceptions and gray areas to watch for. Learn what C-suite leaders can expect from the cyber disclosure rules in the next 6-12 months based on feedback, effectiveness, and guidance from industry peers.

The Intercontinental Exchange will pay a $10 million penalty to settle charges brought by the U.S. Securities and Exchange Commission after failing to ensure its subsidiaries promptly reported an April 2021 VPN security breach. ICE is an American company listed on the Fortune 500 that owns and operates financial exchanges and clearing houses worldwide, including the New York Stock Exchange.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

The Securities and Exchange Commission announced the adoption of amendments to Regulation S-P to modernize and enhance the rules that govern the treatment of consumers' nonpublic personal information by certain financial institutions."These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers' financial data. The basic idea for covered firms is if you've got a breach, then you've got to notify. That's good for investors."

The Securities and Exchange Commission has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. Notify affected individuals within 30 days if their sensitive information is, or is likely to be, accessed or used without authorization, detailing the incident, breached data, and protective measures taken.

81% of respondents say the new SEC cybersecurity disclosure ruling will substantially impact their business. The SEC's new cybersecurity rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure took effect on Dec. 15, 2023.

SEC's new cybersecurity risk management, strategy, governance, and incident disclosure rules, which require increased transparency around cybersecurity incidents, have been in effect since December 18, 2023. For businesses that already harbor concerns over their cybersecurity protections, visibility, and incident response preparedness, meeting the SEC's new incident reporting rules can be a serious challenge.

The Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission's strict data breach reporting rule. The SEC's rule require public companies hit by cybercriminals to report the incident within four days.