Security news aggregator

Latest coverage for SolarWinds

SolarWinds is associated with software supply-chain security, network management tools, and the 2020 compromise that affected public and private organizations.

21 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

SolarWinds is a software company whose IT-management and network-monitoring products are used to administer systems and collect operational data. In security news, the tag commonly covers its products, vulnerabilities, and the 2020 Orion supply-chain compromise, in which attackers inserted malicious code into legitimate software updates; selected downstream customers were then targeted.

The central security concern is that management software often has broad network visibility and administrative access, making its build pipeline, update mechanism, and deployment environment high-value attack surfaces. Organizations should distinguish the Orion compromise from separately reported product vulnerabilities, maintain an inventory of affected versions, apply verified fixes, and restrict management servers’ privileges and outbound communications. Monitoring unusual authentication, remote administration, or connections from management infrastructure can support detection, while threat intelligence and incident response may be needed to assess whether a compromised update was installed and what systems it could reach.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 21 Filtered view
Bank Info Security 1 month, 3 weeks ago

OMB Scraps Biden-Era Cyber Logging Rules

New Memo Replaces SolarWinds-Era Rules With Risk-Based ModelThe White House issued a new memo replacing SolarWinds-era logging mandates with a narrower framework focused on risk, threat hunting and forensic readiness as agencies confront faster artificial intelligence-enabled intrusions across federal networks.

Bank Info Security 4 months, 3 weeks ago

Breach Roundup: Finnish Hacker Sentenced to Nearly 7 Years

Also, More ShinyHunters Breaches, North Korea Laptop Farm Operator SentencedThis week, Finland's Aleksanteri Kivimäki sentenced. ShinyHunters breaches. Laptop farm rancher sentenced. Oregon state agency hacker sentenced. African scammers arrested. MuddyWater AI-assisted hacks. Advantest ransomware incident, SolarWinds and Microsoft patches. FileZen flaw. QualDerm breach.

Bank Info Security 5 months, 1 week ago

Breach Roundup: Italy Thwarts Russian Olympic Hacks

Also, Active Exploits Hit SolarWinds, Ivanti as APT28 Targets EU, UkraineThis week, Italy blocked Russian cyberattacks targeting the Olympics. Flaws in SolarWinds, Ivanti and Microsoft Office. Russia's APT28 ramped up attacks in Ukraine, supply chain attacks, regulators probed major breaches and a U.S. judge sentenced the operator of a darkweb drug marketplace.

Bank Info Security 5 months, 1 week ago

Breach Roundup: Italy Thwarts Russian Olympic Hacks

Also, Active Exploits Hit SolarWinds, Ivanti as APT28 Targets EU, UkraineThis week, Italy blocked Russian cyberattacks targeting the Olympics. Flaws in SolarWinds, Ivanti and Microsoft Office. Russia's APT28 ramped up attacks in Ukraine, supply chain attacks, regulators probed major breaches and a U.S. judge sentenced the operator of a darkweb drug marketplace.

Bank Info Security 5 months, 2 weeks ago

SolarWinds CTO Breaks Down Its Secure AI Agent Design

Krishna Sai on Secure-by-Design Principles Behind SolarWinds' Agentic AI PlatformAgentic artificial intelligence is redefining the operational contract between humans and software. Krishna Sai, CTO of SolarWinds, unpacks the technical architecture behind the company's approach to agentic AI and why fully autonomous remediation is a deliberate line not yet crossed.

Also: SolarWinds Case Nears Quiet Settlement; Securing Agentic AI Requires LayersIn this week's edition, Information Security Media Group editors discussed Russia’s cyber treason arrests, the A U.S. Securities and Exchange Commission legal settlement with SolarWinds - and its impact on security leaders - and how organizations are working to secure agentic AI.

Proposed Deal Could End Precedent-Setting SEC Case Over Cybersecurity MisstatementsThe SEC and SolarWinds told a federal judge they’ve reached a tentative agreement to resolve a first-of-its-kind fraud case over cybersecurity disclosures. Federal regulators alleged that SolarWinds misled investors about its cybersecurity, and the settlement hinges on SEC commissioner approval.

Bank Info Security 1 year, 2 months ago

Inside the Relentless Liability Pressures Facing CISOs

SolarWinds CISO Tim Brown's Case Shows Personal, Legal and Health Risks for CISOsCISOs face tremendous stress in dealing with regulatory scrutiny and legal exposure in the wake of a data breach. SolarWinds CISO Tim Brown shares the personal and professional impact of Securities and Exchange Commission charges against him after the 2020 SolarWinds supply chain attack.

AI-Driven Incident Response, Observability Boost SolarWinds' Operational EfficiencySolarWinds’ acquisition of Squadcast strengthens its IT management portfolio with AI-powered incident response. Customers report faster remediation, reduced noise, and improved resilience. The integration promises a smarter, more efficient approach to IT operations.

Bank Info Security 1 year, 5 months ago

SolarWinds to Be Purchased By Turn/River Capital for $4.4B

CEO: Going Private Will Help SolarWinds Expand Its Operational Resilience VisionSolarWinds agreed to be bought by Turn/River Capital for $4.4 billion just six years after the observability and IT management software firm went public. The proposed deal will help SolarWinds expand its vision in operational resilience and ensure the company's IT infrastructure remains robust.

Bank Info Security 1 year, 6 months ago

Biden's Cybersecurity Legacy Now Hinges on Trump

Experts Say Biden's Cyber, Tech and AI Legacy Faces Uncertain Future Under TrumpPresident Biden’s tenure has been marked by significant efforts to tackle cybersecurity challenges, from the SolarWinds attack to Salt Typhoon, but experts say his legacy remains uncertain as the new administration faces tough decisions on upholding his initiatives.

Federal Agencies Tasked with Adopting New Cloud Security Policies Beginning in 2025The Cybersecurity and Infrastructure Security Agency is requiring federal agencies to adopt secure cloud configurations, integrate monitoring tools and report cloud systems starting in 2025 as part of an effort to address vulnerabilities in part exposed by the SolarWinds attack.

Testimony Request Targets Cybersecurity Concerns Raised by Ex-SolarWinds EngineerIn its fraud case against SolarWinds, the SEC is pursuing testimony from former SolarWinds engineer Robert Krajcir - who lives in the Czech Republic - to address claims of lax cybersecurity practices. SolarWinds - which is also representing Krajcir - has until Friday to respond to the SEC's motion.

Bank Info Security 1 year, 8 months ago

Check Point, Mimecast Settle SEC Case From SolarWinds Hack

SEC: Check Point, Mimecast Disclosures Didn't Capture Severity of SolarWinds HackCheck Point and Mimecast will each pay regulators nearly $1 million to settle charges of making materially misleading disclosures related to the SolarWinds Orion hack. The SEC alleged public disclosures from Check Point and Mimecast didn't capture the severity of the compromise.

Bank Info Security 1 year, 10 months ago

ISMG Editors: CISO Disclosure Rules Changing Post-SolarWinds

Also: Ransomware Threats in Healthcare; the Growth of MimecastIn the latest weekly update, ISMG editors discussed the evolving disclosure responsibilities of CISOs, yet another ransomware attack targeting the healthcare sector, and Mimecast's latest strategic acquisition as part of its broader expansion efforts.

Bank Info Security 1 year, 10 months ago

CISOs on the Hook: SEC Tightens Cybersecurity Disclosures

Lee of Jenner & Block on How SolarWinds Case Ushered in New Era of Risk ManagementThe SolarWinds case has redefined cybersecurity disclosure obligations, especially for chief information security officers. The SEC's novel theories in this case have set a precedent for how organizations must present their cybersecurity practices, said Jennifer Lee, partner at Jenner & Block.

Bank Info Security 2 years, 1 month ago

Breach Roundup: US Federal Cyber Incidents Go Up

Also: Ukraine Arrests Alleged Ransomware Developer; Patches Galore; and BurnoutThis week, feds counted cyber incidents; Ukraine made arrest; BlackBasta seemed to exploit flaw; 51 flaws in Patch Tuesday; SolarWinds, JetBrains patched flaws; Alan Turning Institute debunked paper on AI; Santander wants password changes; Christie's spoke of data breach and cyber pros face burnout.

Bank Info Security 2 years, 4 months ago

'Silver SAML' Haunts Entra ID SIngle Sign On Security

Moving From AFDS to Avoid 'Golden SAML' Wasn't A Cure-AllA post-SolarWinds move away from Active Directory Federation Services to Azure AD - now known as Entra ID - didn't necessarily stop hackers from forging single sign on authentication messages, warn security researchers from Semperis, who unveiled an attack they dub "Silver SAML."

Bank Info Security 2 years, 5 months ago

SolarWinds Requests Court Dismiss Regulator's Fraud Case

Calls Securities and Exchange Commission's Cybersecurity Allegations 'Unfounded'Network monitoring software vendor SolarWinds moved to dismiss a federal lawsuit accusing the company and its CISO of securities fraud after they allegedly misstated the efficacy of its cybersecurity controls. Russian intelligence hacked the company in an incident disclosed in 2020.

Loading more headlines...