At a glance.
- SolarWinds seeks dismissal of SEC lawsuit.
- Midnight Blizzard abused OAuth apps in Microsoft attack.
- Italy's data protection authority claims ChatGPT violates GDPR.
- Jenkins issues patch for critical vulnerability.
SolarWinds seeks dismissal of SEC lawsuit.
SolarWinds is seeking the dismissal of a US Securities and Exchange Commission (SEC) lawsuit that alleges the company and its CISO defrauded investors by concealing poor cybersecurity practices, Bloomberg Law reports. SolarWinds claims that the SEC "is trying to unfairly move the goalposts for what companies must disclose about their cybersecurity programs and, with the controls charges, claim a mandate for regulating those programs that the agency does not have."
The company maintains that it made clear that its systems were vulnerable to sophisticated nation-state attacks before they were compromised by a Russian state-sponsored threat actor in December 2020. The company adds, "The SEC complains these disclosures were insufficient, asserting that companies must disclose detailed vulnerability information in their SEC filings. But that is not the law, and for good reason: disclosing such details would be unhelpful to investors, impractical for companies, and harmful to both, by providing roadmaps for attackers."