Security News

The Securities and Exchange Commission has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. Notify affected individuals within 30 days if their sensitive information is, or is likely to be, accessed or used without authorization, detailing the incident, breached data, and protective measures taken.

81% of respondents say the new SEC cybersecurity disclosure ruling will substantially impact their business. The SEC's new cybersecurity rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure took effect on Dec. 15, 2023.

SEC's new cybersecurity risk management, strategy, governance, and incident disclosure rules, which require increased transparency around cybersecurity incidents, have been in effect since December 18, 2023. For businesses that already harbor concerns over their cybersecurity protections, visibility, and incident response preparedness, meeting the SEC's new incident reporting rules can be a serious challenge.

The Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission's strict data breach reporting rule. The SEC's rule require public companies hit by cybercriminals to report the incident within four days.

The SEC isn’t giving SaaS a free pass. Applicable public companies, known as “registrants,” are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in...

In a motion to dismiss [PDF] the SEC's lawsuit, the embattled developer described the fraud charges leveled against it, and its CISO Tim Brown, "As unfounded as they are unprecedented." In a statement to The Register, Serrin Turner, an attorney at Latham and Watkins, which is representing SolarWinds, railed against the SEC's charges.

The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. Today, the SEC has confirmed that a cell phone account associated with the X account suffered a SIM-swapping attack.

The SEC has instituted a set of guidelines "Requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance." These new guidelines went into effect on December 18, 2023, which means 2024 will be an important year for enterprises and how they adhere to current security regulations. Establishing a reporting infrastructure that sheds light on what, how, and when security incidents are disclosed is important for the industry at large and is a huge step toward having cybersecurity seen as a business-wide issue.

Someone has hijacked the X account of the US Securities and Exchange Commission, and posted an announcement saying the agency has decided to allow the listing of Bitcoin ETFs on registered national security exchanges. SEC X account hijacked, "Unauthorized tweet" posted.

The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. "Today the SEC grants approval to Bitcoin ETFs for listing on registered national security exchanges," read the fake X post.