Ars Technica

SEC sues SolarWinds and CISO, says they ignored flaws that led to major hack

The US Securities and Exchange Commission sued SolarWinds Corp. and Chief Information Security Officer Timothy Brown yesterday, alleging that they concealed security failures that led to a nearly ...
Bleeping Computer

SolarWinds patches critical code execution bug in Orion Platform

SolarWinds has released security updates to address four vulnerabilities impacting the company's Orion IT monitoring platform, two of them allowing attackers to execute arbitrary code remotely. The ...
SDxCentral

SolarWinds Patches Critical Zero-Day Bug Amid Targeted Attacks

Hackers, which Microsoft says in high confidence are based in China and have been dubbed DEV-0322, exploited the zero-day CVE-2021-35211 vulnerability. Hackers, which Microsoft says in high confidence ...
ZDNet

Third malware strain discovered in SolarWinds supply chain attack

Cyber-security firm CrowdStrike, one of the companies directly involved in investigating the SolarWinds supply chain attack, said today it identified a third malware strain directly involved in the ...
Infosecurity-magazine.com

SolarWinds Urges Upgrade After Revealing Critical RCE Bug

IT management software provider SolarWinds has urged customers to immediately patch a critical vulnerability in its Web Help Desk platform. CVE-2024-28986 is a Java deserialization remote code ...
Dark Reading

Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024

In December 2020, the SolarWinds attack sent shockwaves around the world. Attackers gained unauthorized access to SolarWinds' software development environment, injected malicious code into Orion ...
Reuters

SolarWinds’ supporters blast US SEC's ‘chilling’ lawsuit over cyberattack

Feb 6 (Reuters) - Could the U.S. Securities and Exchange Commission’s groundbreaking case accusing software company SolarWinds of deceiving investors about a devastating Russian hack actually make U.S ...