{"id":52940,"date":"2023-07-26T23:48:51","date_gmt":"2023-07-26T23:48:51","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/"},"modified":"2023-07-26T23:48:51","modified_gmt":"2023-07-26T23:48:51","slug":"crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/","title":{"rendered":"Crooks pwned your servers? You&#8217;ve got four days to tell us, SEC tells public companies"},"content":{"rendered":"<p>Public companies that suffer a computer crime likely to cause a &#8220;material&#8221; hit to an investor will soon face a four-day time limit to disclose the incident, according to rules approved today by the US Securities and Exchange Commission.<\/p>\n<p>The SEC <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2022\/03\/09\/sec_cyberattack_disclosure\/\" rel=\"noopener\">proposed<\/a> the changes last March, and on Wednesday the financial watchdog voted to adopt the requirements [<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.sec.gov\/rules\/final\/2023\/33-11216.pdf\">PDF<\/a>]. The rules, which take effect 30 days after being signed into the Federal Register later this year, will require publicly traded firms to openly disclose in a new section (Item 1.05) of Form 8-K any cybersecurity incident that has a material impact on their business.&nbsp;<\/p>\n<p>Companies must make this determination &#8220;without reasonable delay,&#8221; according to the new rules. If they decide a security breach is material, then they have four days to submit an Item 1.05 Form 8-K report detailing the material impact of the incident&#8217;s &#8220;nature, scope, and timing,&#8221; plus any impact or likely impact on the business. Those 8-K forms are made public by the SEC.<\/p>\n<h3 class=\"crosshead\">What is material?<\/h3>\n<p>&#8220;The key word here is &#8216;material,&#8217; and being able to determine what that actually means,&#8221; Safe Security CEO Saket Modi told <em>The Register<\/em>.&nbsp;<\/p>\n<p>Modi&#8217;s company helps major corporations quantify and manage their cyber risk. He said most organizations don&#8217;t have systems in place to determine materiality, and, as such, will have a tough time complying with this new rule.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;The game needs to change to focus on protecting systems that pose the biggest material risk to business and making cyber investments that will reduce the likelihood of material risk breaches,&#8221; Modi said. &#8220;This means businesses will have to translate bits and bytes of cyber risk into dollars and cents of material business risk.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>There is, however, an exception to the four-day timeline: a company can delay filing this report with the SEC if the US Attorney General determines that openly disclosing the intrusion immediately would pose a major risk to national security or public safety.<\/p>\n<p>The rules also add a new reporting requirement, Regulation S-K Item 106, which will require public companies to describe their processes \u2014 if they have any \u2014&nbsp; for assessing, identifying, and managing material risks from cybersecurity threats.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Item 106 also requires firms to detail their board of directors&#8217; oversight of cyber threats, and management&#8217;s role in assessing and managing material risks from these threats. Companies will be required to publicly disclose this information in their annual report to the SEC on Form 10-K.<\/p>\n<p>And finally, the rules require foreign companies that do business in the US to disclose any material cybersecurity incidents that they experience on Form 6-K, as well as their cyber risk management strategy and governance on Form 20-F.<\/p>\n<h3 class=\"crosshead\">Changing the board&#8217;s role in cyber risk management<\/h3>\n<p>The Google Cybersecurity Action Team has published a couple of recent reports, one in April [<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/services.google.com\/fh\/files\/misc\/perspectives_on_security_for_the_board.pdf\">PDF<\/a>] and one in July [<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/services.google.com\/fh\/files\/misc\/perspectives_on_security_for_the_board_ed2.pdf\">PDF<\/a>] intended to help boards of directors take a more proactive role in corporate cybersecurity.&nbsp;<\/p>\n<p>While boards have traditionally approached infosec &#8220;as a siloed priority,&#8221; Item 106 should encourage board members to &#8220;view cyber risk through the lens of overall business risk,&#8221; said David Homovich, solutions consultant for Google Cloud Office of the CISO.<\/p>\n<p>&#8220;Ideally, boards will integrate cybersecurity and resiliency into their overall business strategy, risk management practices, budgeting, and resource allocation to underpin that cyber risk is everyone&#8217;s responsibility,&#8221; Homovich told <em>The Register<\/em>. &#8220;Boards&#8217; cybersecurity awareness and subsequent guidance in this area is absolutely critical to every organization&#8217;s long term success.&#8221;<\/p>\n<p>To do this, he suggests boards do three things.&nbsp;First: get educated about key topics. This will help &#8220;ensure that cyber and broader technology risk is embedded in operational risk and strategic discussions and organizational decisions,&#8221; he said.<\/p>\n<p>Second: engage with the CISO and other C-Suite leaders to better understand security gaps and resource needs, and make sure this risk &#8220;is treated as a priority for all executives \u2013 not just the cybersecurity team.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Third: &#8220;Stay informed about ongoing reporting activities, ask questions, and work with the CISO and other leaders to understand cyber risk metrics,&#8221; Homovich said.<\/p>\n<h3 class=\"crosshead\">Not every one likes the new regulations<\/h3>\n<p>Of course, not everyone is happy with the new cyber-reporting rules. The SEC&#8217;s 3-2 vote approving the changes went down along party lines, with the regulator&#8217;s two Republican commissioners opposing the requirements.<\/p>\n<p>The Bank Policy Institute (BPI) is also not a fan, and said the disclosures will end up &#8220;harming the very investors it purports to protect by prematurely publicizing a company&#8217;s vulnerabilities,&#8221; according to Heather Hogsett, senior veep of technology and risk strategy for BPI&#8217;s technology policy division.&nbsp;<\/p>\n<blockquote class=\"pullquote\" readability=\"6\">\n<p>No reasonable investor would want premature disclosure of a cyber event to malicious actors or a hostile nation-state<\/p>\n<\/blockquote>\n<p>&#8220;No reasonable investor would want premature disclosure of a cyber event to malicious actors or a hostile nation-state, which could exacerbate security risks and creates a recipe for disaster the next time a major cyber incident occurs,&#8221; Hogsett told <em>The Register<\/em>.<\/p>\n<p>Again, we&#8217;ll point out that security events determined to pose a national security or public safety risk aren&#8217;t held to the four-day reporting deadline.<\/p>\n<p>Major security breaches reported by public companies increased by nearly 600 percent in the past decade, according to Commissioner Caroline Crenshaw, citing earlier SEC figures. &#8220;The costs, borne by issuers and their investors, are estimated to be in the trillions of dollars per year in the US alone,&#8221; she added in a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.sec.gov\/news\/statement\/crenshaw-statement-cybersecurity-072623?utm_medium=email&amp;utm_source=govdelivery#_ftnref2\">statement<\/a> about the new rules.<\/p>\n<p>&#8220;The rule will, among other things, provide investors and market participants across the board with critical information relating to a company&#8217;s risk management and strategy, as well as governance, in its periodic reporting,&#8221; Crenshaw, a Democrat, said.<\/p>\n<h3 class=\"crosshead\">But will they make orgs safer?<\/h3>\n<p>Ultimately, the rules should also make American companies and individuals safer, said Tenable CEO and chairman Amit Yoran, who called them &#8220;right on the money.&#8221; This is understandable, since his business makes its dosh in computer security.<\/p>\n<p>&#8220;In many ways, the SEC&#8217;s rule will regulate what companies should have been implementing in the first place \u2014 good cyber hygiene,&#8221; he told <em>The Register<\/em>. &#8220;For a long time, the largest and most powerful US companies have treated cybersecurity as a nice-to-have, not a must have. Now, it&#8217;s abundantly clear that corporate leaders must elevate cybersecurity within their organizations.&#8221;<\/p>\n<p>Plus, he added, investors have a right to know about organizations&#8217; cyber risk management, because breaches have real-life consequences and costs.&nbsp;<\/p>\n<p>&#8220;This is a dramatic step toward greater transparency and accountability and will greatly improve our cybersecurity preparedness as a nation,&#8221; Yoran said. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2023\/07\/26\/sec_reporting_security\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cripes, they actually sound serious Public companies that suffer a computer crime likely to cause a &#8220;material&#8221; hit to an investor will soon face a four-day time limit to disclose the incident, according to rules approved today by the US Securities and Exchange Commission.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-52940","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Crooks pwned your servers? You&#039;ve got four days to tell us, SEC tells public companies 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Crooks pwned your servers? You&#039;ve got four days to tell us, SEC tells public companies 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-26T23:48:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Crooks pwned your servers? You&#8217;ve got four days to tell us, SEC tells public companies\",\"datePublished\":\"2023-07-26T23:48:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\\\/\"},\"wordCount\":1115,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\\\/\",\"name\":\"Crooks pwned your servers? You've got four days to tell us, SEC tells public companies 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2023-07-26T23:48:51+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Crooks pwned your servers? You&#8217;ve got four days to tell us, SEC tells public companies\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Crooks pwned your servers? You've got four days to tell us, SEC tells public companies 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/","og_locale":"en_US","og_type":"article","og_title":"Crooks pwned your servers? You've got four days to tell us, SEC tells public companies 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-07-26T23:48:51+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Crooks pwned your servers? You&#8217;ve got four days to tell us, SEC tells public companies","datePublished":"2023-07-26T23:48:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/"},"wordCount":1115,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/","url":"https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/","name":"Crooks pwned your servers? You've got four days to tell us, SEC tells public companies 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2023-07-26T23:48:51+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZMG-4B38lCc8-9bs2LAQLwAAABM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/crooks-pwned-your-servers-youve-got-four-days-to-tell-us-sec-tells-public-companies\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Crooks pwned your servers? You&#8217;ve got four days to tell us, SEC tells public companies"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52940","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=52940"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52940\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=52940"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=52940"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=52940"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}