惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

雷峰网
雷峰网
Security Archives - TechRepublic
Security Archives - TechRepublic
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Last Week in AI
Last Week in AI
博客园 - 司徒正美
阮一峰的网络日志
阮一峰的网络日志
WordPress大学
WordPress大学
爱范儿
爱范儿
J
Java Code Geeks
T
Tailwind CSS Blog
Apple Machine Learning Research
Apple Machine Learning Research
人人都是产品经理
人人都是产品经理
宝玉的分享
宝玉的分享
博客园 - 【当耐特】
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Help Net Security
Help Net Security
Hacker News: Ask HN
Hacker News: Ask HN
月光博客
月光博客
S
Secure Thoughts
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 聂微东
Hugging Face - Blog
Hugging Face - Blog
V
Visual Studio Blog
博客园 - 三生石上(FineUI控件)
O
OpenAI News
酷 壳 – CoolShell
酷 壳 – CoolShell
N
News and Events Feed by Topic
腾讯CDC
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Webroot Blog
Webroot Blog
博客园 - Franky
有赞技术团队
有赞技术团队
美团技术团队
Jina AI
Jina AI
S
Security @ Cisco Blogs
博客园 - 叶小钗
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园_首页
C
CERT Recently Published Vulnerability Notes
T
Threat Research - Cisco Blogs
Project Zero
Project Zero
A
Arctic Wolf
大猫的无限游戏
大猫的无限游戏
Latest news
Latest news
小众软件
小众软件
IT之家
IT之家
S
Security Affairs

The Register - Security: CSO

Anthropic's Mythos has The Kettle crew curious, skeptical 'People's Panel' to check if UK wants controversial Digital ID will cost £630K Top npm package backdoored to drop dirty RAT on dev machines Lightning-fast exploits mean patch fast, says Cisco Talos Lightning-fast exploits mean patch fast, says Cisco Talos Smooth criminals talking their way into cloud environments, Google says Cybercrime up 245% since the start of the Iran war Scattered Lapsus$ Hunters seeks women to defraud helpdesks Every day in every way, passwords are getting worse CISA quietly updated ransomware flags on 59 flaws last year Deepfake job seeker applied to work for an AI security firm Deepfake job seeker applied to work for an AI security firm AI-powered cyberattack kits are 'just a matter of time' AI-powered cyberattack kits are 'just a matter of time' FortiGate SSO bug still exploitable despite December patch FortiGate SSO bug still exploitable despite December patch Judge tosses CrowdStrike shareholder suit over 2024 outage DRAM shortage may drive firewall prices higher: analysts Ransomware attacks kept climbing in 2025 as gangs refused to stay dead Around 1,000 systems compromised in ransomware attack on Romanian water agency 1,000 systems pwned in Romanian Waters ransomware attack Half of exposed React servers remain unpatched amid attacks CISA warns spyware crews are breaking into Signal and WhatsApp accounts FCC guts Salt Typhoon telco rules despite espionage risk CISA orders feds to patch Oracle Identity Manager zero-day SEC bails on SolarWinds lawsuit Palo Alto kit sees massive surge in malicious activity amid mystery traffic flood Palo Alto kit sees massive surge in malicious activity Countries use cyber targeting to plan strikes: Amazon CSO Overconfidence is the new zero-day as teams stumble through cyber simulations UK's Cyber Security and Resilience Bill makes Parliamentary debut Cyber insurers paid out over twice as much for UK ransomware attacks last year Cyberpunks mess with Canada's water, energy, and farm systems Trump's workforce cuts blamed as America's cyber edge dulls Feds flag active exploitation of patched Windows SMB vuln How malware vaccines could stop ransomware's rampage Salesforce refuses to pay ransomware crims' extortion demand Germany slams brakes on EU's Chat Control snoopfest Germany slams brakes on EU's Chat Control snoopfest Employees regularly paste company secrets into ChatGPT Oracle tells Clop-targeted EBS users to apply July patch Red Hat repos raided, claims cybercrew, files stolen Suspected Chinese spies broke into 'numerous' enterprises UK gov acknowledges 'strong case' for JLR financial support JLR extends shutdown – again – as toll on workers laid bare UK chancellor blames cyberattacks on Russia despite evidence Fortra discloses 10/10 severity bug in GoAnywhere MFT Entra ID bug could have granted access to every tenant UEFI Secure Boot for Linux Arm64 – where do we stand? JLR says cyber cleanup to take additional week Insider blamed for FinWise data breach affecting nearly 700K Nork snoops whip up fake military ID with help from ChatGPT UK government dragged for incomplete security reforms Church of England abuse victims exposed by lawyer's email US spy chief claims UK backdown on Apple backdoor demand Workday confirms CRM breach via social engineering Black Hat/DEF CON: AI more useful for defense than hacking Ex-White House cyber guru talks Microsoft security fails CISA releases malware analysis for Sharepoint Server attack China: US spies used Microsoft Exchange 0-day to steal info Security pros drowning in threat-intel data Identity attacks surge 156% as phishermen get craftier Organizations can’t keep up with supply chain security musts Amazon CISO: Iranian hacking crews ‘on high alert’ UK data watchdog fines 23andMe £2.3M over 2023 breach Employers are demanding too much from junior cyber recruits FCA warned four staffers who pocketed regulator data Ransomware just wrecked your network – now what? Ivanti RCE attacks 'ongoing,' exploitation hits clouds Ex-NSA listened to Scattered Spider's calls: 'They're good' Snowflake CISO talks lessons learned from breaches, improv Why CVSS is failing us and what we can do about it Infosec pros still aren't nailing the basics of AI security Ransomware crims targeting systems between IT and operations Why aggregating asset inventory leads to better security NCSC and industry at odds over how to tackle shoddy software Powerschool extortionists may not have deleted stolen data CrowdStrike trims workforce by 5 percent, aims to rely on AI NSO Group must pay Meta $168M in WhatsApp spy case Ghost in the shell script: Boffins seek code correctness How Intruder finds what others miss in cloud security Linux malware can avoid syscall-based endpoint protection Infosec pro blabs about alleged malware mishap on LinkedIn The future of AI in cybersecurity in a word – optimistic CVE board 'kept in the dark' on funding, members say Security snafus caused by third parties up from 15% to 30% Blue Shield shared 4.7M people's health info with Google Ads Who needs phishing when your login's already in the wild? US cyber defenses are being dismantled from the inside Bug hunter obtains an SSL cert for Alibaba Cloud in 5 steps
SEC drops SolarWinds lawsuit that painted a target on CISOs everywhere
2025-11-21 · via The Register - Security: CSO

The US Securities and Exchange Commission (SEC) has abandoned the lawsuit it pursued against SolarWinds and its chief infosec officer for misleading investors about security practices that led to the 2020 SUNBURST attack.

In a joint motion filed Thursday, the SEC along with SolarWinds and its Chief Information Security Officer Timothy G. Brown, asked the court dismiss [PDF] the commission's ongoing civil enforcement action.

The SEC did note that its decision to seek dismissal is "in the exercise of its discretion" and "does not necessarily reflect the Commission's position on any other case."

A SolarWinds spokesperson told The Register that the company is "clearly delighted" with the outcome.

"We fought with conviction, arguing that the facts demonstrated our team acted appropriately,” the spokesperson said, adding that the SEC’s decision “is a welcome vindication of that position.”

"We hope this resolution eases the concerns many CISOs have voiced about this case and the potential chilling effect it threatened to impose on their work."

In a subsequent blog about the dismissal of the case, SolarWinds CEO Sudhakar Ramakrishna said the SEC decision "marks the end of a transformative chapter for SolarWinds and the beginning of our next." Ramakrishna said the attack – which saw Russian spies backdoor the vendor's Orion network monitoring suite after gaining access to the company's internal infrastructure – "shaped a new SolarWinds."

Around 18,000 organizations downloaded the poisoned software, and about 100 were later hacked by Russia's Cozy Bear crew. Victims included Microsoft, Intel, FireEye and Cisco, plus the USA’s departments of Treasury, Justice, Defense, and Energy.

"[SUNBURST] pushed us to think even more deeply about newer, emerging threats, resulting in Secure by Design, our pledge to set a new standard for trustworthy and secure software development across the industry," Ramakrishna wrote.

The SEC's 2023 lawsuit alleged SolarWinds and its CISO misled investors about its security practices as far back as October 2018, and later intentionally downplayed the scope and severity of the cyberattack.

At the time, SolarWinds accused America's financial watchdog of seeking to "revictimise the victim" with its lawsuit, which was a rare example of a regulator targeting a CISO after a cyber-incident.

In July 2024, a judge mostly set aside the SEC's allegations – so it's possible the commission was reading the writing on the wall in agreeing to drop the case. We have asked the SEC for comment, and will update this story if we receive any response. ®