tech:

taffy

SEC charges SolarWinds and its CISO with fraud over cybersecurity failures

The U.S. Securities and Exchange Commission (SEC) has filed charges against Austin-based software firm SolarWinds and its chief information security officer, Timothy Brown.

This appears to be the first time that the SEC is suing a company for intent to deceive stakeholders regarding cybersecurity, as well as failure to build internal checks and balances for security. This is also the first time that the SEC has brought action against a chief information security officer (CISO) in a cybersecurity enforcement action.

The SEC’s allegations focus on misleading investors regarding the company’s cybersecurity measures and not disclosing known risks. These actions span nearly two years from the company’s initial public offering in October 2018 until the public announcement of a large-scale cyberattack in December 2020, named SUNBURST.

In its filings with the SEC during this period, SolarWinds allegedly misled investors by disclosing only generic and hypothetical risks at a time when the company knew of specific deficiencies in SolarWinds’ cybersecurity practices as well as the increasingly elevated risks the company faced at the same time.

According to the SEC’s complaint, SolarWinds’ public disclosures about its cybersecurity posture were inconsistent with internal evaluations. An internal report from 2018, prepared by an engineer, raised concerns about the company’s remote access security. The report was shared internally, including with Mr. Brown. The document highlighted that an attacker exploiting these vulnerabilities could go undetected, potentially causing severe financial and reputational damage to the company.

Additionally, presentations by Mr. Brown in 2018 and 2019 flagged the company’s weak state of security, particularly concerning access and privileges to critical systems. Several communications between SolarWinds employees between 2019 and 2020 questioned the company’s ability to secure its critical assets from cyberattacks.

The SEC complaint alleges that despite being aware of these issues, adequate steps were not taken to resolve them or escalate them within the organization. The inability to secure its key assets, including its flagship Orion product, resulted in a lack of reasonable assurances for its protection.

After SolarWinds disclosed the SUNBURST attack in a Form 8-K filing on December 14, 2020, the company’s stock price dropped by approximately 25% in the following two days and by around 35% by the end of the month.

The SEC’s lawsuit, filed in the Southern District of New York, seeks a variety of penalties against both SolarWinds and Mr. Brown, including permanent injunctive relief, disgorgement with prejudgment interest, civil penalties, and a bar against Brown serving as an officer or director.

Just in

Tembo raises $14M

Cincinnati, Ohio-based Tembo, a Postgres managed service provider, has raised $14 million in a Series A funding round.

Raspberry Pi is now a public company — TC

Raspberry Pi priced its IPO on the London Stock Exchange on Tuesday morning at £2.80 per share, valuing it at £542 million, or $690 million at today’s exchange rate, writes Romain Dillet. 

AlphaSense raises $650M

AlphaSense, a market intelligence and search platform, has raised $650 million in funding, co-led by Viking Global Investors and BDT & MSD Partners.

Elon Musk’s xAI raises $6B to take on OpenAI — VentureBeat

Confirming reports from April, the series B investment comes from the participation of multiple known venture capital firms and investors, including Valor Equity Partners, Vy Capital, Andreessen Horowitz (A16z), Sequoia Capital, Fidelity Management & Research Company, Prince Alwaleed Bin Talal and Kingdom Holding, writes Shubham Sharma. 

Capgemini partners with DARPA to explore quantum computing for carbon capture

Capgemini Government Solutions has launched a new initiative with the Defense Advanced Research Projects Agency (DARPA) to investigate quantum computing's potential in carbon capture.