Security News

Eight braggadocious social media influencers fond of posing next to sportscars are facing charges from the US Securities and Exchange Commission and Department of Justice, who claim they manipulated their 1.5 million followers in order to help themselves to $100 million in "Fraudulent profits." The suspects, all men in their twenties and thirties, were charged with conspiracy to commit securities fraud in connection with a long-running, social media-based "Pump and dump" scheme, a recently unsealed Texas federal grand jury indictment [PDF] and an SEC complaint [PDF] revealed.

SolarWinds has agreed to pay $26 million to settle a shareholder lawsuit, and it's also expecting to be slapped with an enforcement action by Uncle Sam - both related to its infamous 2020 supply chain security fiasco, according to the software maker's most recent US regulatory filing. At the end of October, SolarWinds reached a deal with investors who sued the company, alleging they were misled about its security posture in advance of the Russian cyberattack on the business, according to an 8-K filing [PDF] with the US Securities and Exchange Commission.

SEC fines Morgan Stanley Smith Barney $35 million over failure to secure customer data We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. In a notice posted Monday, the SEC announced that the company consented to the agency's finding that it violated federal regulations regarding the safeguarding and disposal of customer data.

America's financial watchdog has accused 18 individuals and shell companies of using compromised brokerage accounts to manipulate stock prices to rake in $1.3 million in illicit profits. According to the SEC complaint, fraudsters in the US, Canada, and the Dominican Republican broke into at least 31 American-owned retail brokerage accounts in late 2017 and early 2018.

In this Help Net Security video, James Turgal, VP of Cyber Risk, Strategy and Board Relations at Optiv, discusses the proposed new SEC Cybersecurity Disclosure rule. The ruleset would require...

The U.S. Securities and Exchange Commission on Tuesday announced that it will expand and rebrand its Cyber Unit to fight against cyber-related threats and protect investors in cryptocurrency markets. To that end, the SEC is renaming the Cyber Unit within the Division of Enforcement to Crypto Assets and Cyber Unit and plans to infuse 20 additional positions with the goal of investigating wrongdoing in the crypto markets.

The US Securities and Exchange Commission intends to fill an additional 20 positions in a special unit that polices cryptocurrency fraud and other cybercrimes. This brings the newly renamed Crypto Assets and Cyber Unit's total to 50 roles as the SEC hopes to crack down on miscreants trying to profit from growing interest in digital assets and marketplaces.

The US Securities and Exchange Commission has proposed rule amendments to require publicly traded companies to report data breaches and other cybersecurity incidents within four days after they're discovered. According to newly proposed amendments to current rules, listed companies would have to provide information in periodic report filings on policies, implemented procedures, and the measures taken to identify and manage cybersecurity risks on Form 8-K. The amended rules would also instruct companies to provide updates regarding previously reported security breaches.

A new rule proposed by the US Securities and Exchange Commission would force public companies to disclose cyberattacks within four days along with periodic reports about their cyber-risk management plans. Specifically, the proposed rule would amend the Form 8-K reporting requirements to include cybersecurity incident disclosure "Within four business days after the registrant determines that it has experienced a material cybersecurity incident." The 8-K is the form that the SEC requires public companies file to publicly announce corporate changes or big events that may be material to shareholders.

Runecast is a patented enterprise IT platform created for administrators, by administrators, and is tailored to the needs of those teams and enterprise leaders. "There are 'influencers' in the virtualization community who are posting articles or tweeting about specific problems even before they're officially recognized by the vendor," Stanimir Markov, one of the Runecast co-founders and current CEO, told Help Net Security, and pointed out that that is one of the things that allows Runecast to be proactive.