Yazılar

US SEC and SolarWinds Reach Preliminary Settlement in Cyberattack Lawsuit

/in /tarafından

The U.S. Securities and Exchange Commission (SEC) has reached a deal in principle with SolarWinds Corp and its chief information security officer, Timothy Brown, to settle litigation related to a Russia-linked cyberattack on the software company. The agreement was revealed in a court filing on Wednesday.

SolarWinds, the SEC, and Brown jointly requested a federal judge to pause court proceedings while they finalize the settlement paperwork, which the judge approved. The case centers around the “Sunburst” cyberattack, which lasted two years and targeted SolarWinds, based in Austin, Texas.

The SEC accused the company and its security officer of defrauding investors by hiding security vulnerabilities. However, much of the SEC’s case was dismissed last year by U.S. District Judge Paul Engelmayer, who criticized the claims as relying on hindsight and speculation.

Both the SEC and SolarWinds declined to comment on the settlement details beyond public filings. SolarWinds expressed satisfaction with the potential resolution and a desire to focus on its business operations moving forward.

The parties plan to file the final settlement documents or a joint status report by September 12.

Cyberattack on Brazil Tech Provider Disrupts Reserve Accounts of Several Financial Institutions

/in /tarafından

Brazil’s central bank revealed on Wednesday that C&M Software, a technology services provider catering to financial institutions without their own connectivity infrastructure, suffered a cyberattack targeting its systems. In response, the central bank ordered C&M to suspend access to the infrastructure it manages for these institutions.

Kamal Zogheib, C&M Software’s commercial director, confirmed the company was a direct victim of the attack, which involved fraudulent use of client credentials to try to access its services. Despite the breach, C&M said its critical systems remain intact and fully operational, with all security protocols activated. The company is working closely with the central bank and Sao Paulo state police as investigations continue.

Brazilian financial institution BMP and five other banks reported unauthorized access to their reserve accounts during the Monday attack. These reserve accounts, held directly at the central bank, are used solely for interbank settlements and are separate from client accounts, which were unaffected. BMP stated it has taken appropriate operational and legal measures and holds sufficient collateral to cover any impacted amounts, ensuring no disruption to its operations or partners.

An anonymous official indicated C&M services about two dozen smaller financial institutions, and the financial impact of the attack does not reach billions of reais. Another source confirmed no losses were sustained by clients.

The central bank refers to these affected entities as “financial institutions lacking their own connectivity infrastructure,” including many digital payment providers that have grown rapidly in Brazil. The Pix instant payment system, operated by the central bank since late 2020, has become the country’s most popular payment method, driving competition and innovation in the sector.

India’s Max Financial Reports Cybersecurity Incident at Axis Max Life Insurance Unit

/in /tarafından

Max Financial Services announced on Wednesday that its subsidiary, Axis Max Life Insurance, received an anonymous communication warning of unauthorized access to some customer data. The company has launched a security assessment and is analyzing data logs to investigate the breach.

Max Financial stated that a detailed investigation is underway with the help of cybersecurity experts to identify the root cause and implement necessary remedial actions.

Axis Max Life Insurance is a joint venture between Max Financial and private lender Axis Bank. The announcement comes amid a rising wave of cyberattacks in India’s financial sector, with firms like Angel One, Niva Bupa, Star Health, and HDFC Life Insurance reporting significant breaches in the past year.

These incidents have triggered regulatory mandates for comprehensive IT audits across the insurance industry. Cyber fraud cases in India surged more than fourfold in fiscal 2024, resulting in losses exceeding $20 million. Government data shows that since 2021, individuals have lost nearly $1.26 billion to cyber fraud at financial institutions.