Security News

RCE vulnerabilities fixed in SolarWinds enterprise solutions
2024-02-19 05:00

SolarWinds has released updates for Access Rights Manager and Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations. The company whose Orion IT administration platform has been infamously compromised in 2020 to deploy backdoors on select agencies' and companies' systems, has patched five vulnerabilities affecting its Access Rights Manager solution.

SolarWinds fixes critical RCE bugs in access rights audit solution
2024-02-16 18:32

SolarWinds has patched five remote code execution flaws in its Access Rights Manager solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.Access Rights Manager allows companies to manage and audit access rights across their IT infrastructure to minimize insider threat impact and more.

SolarWinds slams SEC lawsuit against it as 'unprecedented' victim blaming
2024-01-29 20:52

In a motion to dismiss [PDF] the SEC's lawsuit, the embattled developer described the fraud charges leveled against it, and its CISO Tim Brown, "As unfounded as they are unprecedented." In a statement to The Register, Serrin Turner, an attorney at Latham and Watkins, which is representing SolarWinds, railed against the SEC's charges.

SolarWinds says SEC sucks: Watchdog 'lacks competence' to regulate cybersecurity
2023-11-09 17:03

The SEC's cybersecurity-related capabilities were again questioned when SolarWinds addressed the allegations that it didn't follow the NIST Cybersecurity Framework at the time of the attack. The thrust of the SEC's lawsuit concerns how the communication from and actions taken by the company and its CISO, Timothy G Brown, allegedly misled investors about its security practices and known risks, and there are claims SolarWinds did not directly address in its riposte.

SEC Charges SolarWinds and CISO With Fraud Related to 2020 Cyberattack
2023-11-02 18:43

The Securities and Exchange Commission brought charges against both Austin, TX-based information security software company SolarWinds and its CISO Timothy G. Brown on October 30. The SEC alleges that between SolarWinds' October 2018 initial public offering and the December 2020 announcement of the large-scale cyberattack, SolarWinds and Brown specifically " defrauded investors by overstating SolarWinds' cybersecurity practices and understating or failing to disclose known risks.

SolarWinds and CISO accused of fraud, control failures
2023-10-31 08:15

The Securities and Exchange Commission announced charges against SolarWinds and its CISO, Timothy G. Brown, for fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities. The complaint alleges that, from at least its October 2018 initial public offering through at least its December 2020 announcement that it was the target of a massive, nearly two-year long cyberattack, dubbed SUNBURST, SolarWinds and Brown defrauded investors by overstating SolarWinds' cybersecurity practices and understating or failing to disclose known risks.

SEC sues SolarWinds for misleading investors before 2020 hack
2023-10-30 21:54

The U.S. Securities and Exchange Commission today charged SolarWinds with defrauding investors by allegedly concealing cybersecurity defense issues before a December 2020 linked to APT29, the Russian Foreign Intelligence Service hacking division. The SEC claims SolarWinds failed to notify investors about cybersecurity risks and poor practices that its Chief Information Security Officer, Timothy G. Brown, knew about.

Critical RCE flaws found in SolarWinds access audit solution
2023-10-20 14:59

Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager product that remote attackers could use to run code with SYSTEM privileges. SolarWinds ARM is a tool that enables organizations to manage and audit user access rights across their IT environments.

LogRhythm vs. SolarWinds (2023): SIEM Tool Comparison
2023-09-25 18:10

This is an in-depth LogRhythm vs. SolarWinds SIEM tool comparison, covering their key features, pricing, and more. Use this guide to find your best fit.

SolarWinds Detected Six Months Earlier
2023-05-03 10:13

iAPX May 3, 2023 6:37 AM. "Unusual traffic" is suspect traffic, that's why traffic is monitored and everything "Unusual" is logged to be audited if not immediately launching an alarm! If they couldn't have a good network hygiene when evaluating a new solution, there are few chances they do it for production systems where it's more complex with a lot more traffic.