Category Archives: SolarWinds

Biden administration nears completion of second cybersecurity executive order with plethora of agenda items

Posted on by

Federal agencies would have to address everything from AI to cloud security to access management, sources told CyberScoop.

The post Biden administration nears completion of second cybersecurity executive order with plethora of agenda items appeared first on CyberScoop.

Continue reading Biden administration nears completion of second cybersecurity executive order with plethora of agenda items

SEC fines tech companies for misleading SolarWinds disclosures

Posted on by

The Securities and Exchange Commission charged four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited – with making materially misleading disclosures regarding cybersec… Continue reading SEC fines tech companies for misleading SolarWinds disclosures

Smashing Security podcast #390: When security firms get hacked, and your new North Korean remote worker

Posted on by

The SolarWinds have returned to haunt four cybersecurity companies who tried to hide their breaches and ended up with their trousers around their ankles, and North Korea succeeds in getting one of its IT workers hired… but what’s their plan?

All t… Continue reading Smashing Security podcast #390: When security firms get hacked, and your new North Korean remote worker

SEC hits four companies with fines for misleading disclosures around SolarWinds hack

Posted on by

Unisys, Avaya, Check Point and Mimecast will pay fines to settle charges that they downplayed in SEC filings the extent of the compromise.

The post SEC hits four companies with fines for misleading disclosures around SolarWinds hack appeared first on CyberScoop.

Continue reading SEC hits four companies with fines for misleading disclosures around SolarWinds hack

ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks

Posted on by

CISA advisor Nicole Perlroth closed out ISC2 Security Congress’ keynotes with a wake-up call for security teams to watch for nation-state-sponsored attacks. Continue reading ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

Posted on by

Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to remotely read and modify all help desk ticket details, are… Continue reading PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

Posted on by

A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed out… Continue reading Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw

Posted on by

SolarWinds has issued a Web Help Desk hotfix to remove hardcoded credentials from last week’s hotfix for a critical-severity vulnerability.
The post SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw appeared first on SecurityWeek.
Continue reading SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw