The FBI has published guidance on how companies can request a delay in disclosing cyber incidents to the Securities and Exchange Commission (SEC). The document is a followup to new rules that the SEC approved in June requiring companies to quickly disclose “material” cybersecurity incidents and share the details of their cybersecurity risk management, strategy […]
Microsoft says four Exchange vulnerabilities disclosed by Trend Micro’s Zero Day Initiative (ZDI) last week have either already been patched or they don’t require immediate attention. ZDI disclosed the existence of four high-severity Exchange vulnerabilities identified by the company’s Piotr Bazydlo after being informed by Microsoft that the issues do not require immediate servicing. According […]
ZDI discloses four zero-day flaws in Microsoft Exchange Pierluigi Paganini November 03, 2023 Researchers disclosed four zero-day flaws in Microsoft Exchange that can be remotely exploited to execute arbitrary code or disclose sensitive information on vulnerable installs. Trend Micro’s Zero Day Initiative (ZDI) disclosed four zero-day vulnerabilities in Microsoft Exchange that can be remotely exploited […]
Editor’s note: This story is developing and will be updated. The Securities and Exchange Commission charged SolarWinds and its CISO Timothy Brown with fraud and internal control failures for allegedly misleading investors about its cybersecurity practices leading up to the Sunburst attack discovered in December 2020. The SEC on Monday alleged the company overstated its […]
The newly released Security and Exchange Commission (SEC) cyber incident disclosure rules have been met with mixed reviews. Of particular concern is whether public companies who own and operate industrial control systems and connected IoT infrastructure are prepared to fully define operational risk, and therefore are equipped to fully disclose material business risk from cyber […]
The US Securities and Exchange Commission is launching its own investigation into the vulnerability in Progress Software’s MOVEit transfer tool that exposed data from more than 2,000 organizations and 60 million individuals. Tracked as CVE-2023-34362, the flaw was exploited as a zero-day by the notorious Russia-linked Cl0p ransomware group to steal data from organizations using […]
The Securities and Exchange Commission introduced new requirements for disclosing material cybersecurity incidents on Sept. 5, placing pressure on organizations to adopt robust reporting mechanisms. The C-suite impact is clear: company leadership must be able to quickly determine whether an incident is material to business operations. A four-business-day clock at that point starts ticking, a […]
Hong Kong-based cryptocurrency exchange platform, CoinEx, has seen the loss of US$70 million in cryptocurrency following a cyber attack. The cryptocurrency exchange platform made users aware of the cyber attack on September 12 via a post on social media site X (formerly Twitter). In the post, the company explained that the cyber attack was discovered after its […]
Digital information exchange can be safer, cheaper and more environmentally friendly with the help of a new type of random number generator for encryption developed at Linköping University. Experimental setup of the quantum random number generator. The yellow squares on the glass plate are the perovskite LEDs. Photo by Magnus Johansson. The researchers behind the […]