Alerts
Timely alerts on emerging threats, regulatory changes and industry risks – curated by the Drawbridge team. Keep your firm and investors informed with updates that matter most.
-
August 19, 2022: Drawbridge Releases Latest Version of Cybersecurity Program Management Platform
Release continues focus on quality-of-life and functional enhancements. Drawbridge is pleased to announce another update to the Drawbridge cybersecurity program management platform . We completed QA earlier this week and promoted the latest version of the platform to production overnight. Following is a recap of enhancements released this week. Continued Focus on Vulnerability Management Drawbridge continues to…
-
The SEC’s Proposed Cybersecurity Rules (File No. S7-04-22): Drawbridge’s Formal Response
On February 9, 2022, the U.S. Securities and Exchange Commission (SEC) issued a release detailing new proposed cybersecurity rules for registered investment advisers and funds. In the intervening weeks, we have held several webinars exploring the ramifications of this proposal and offering advice for how to prepare for eventual rule changes. We will be teaming up with partners in the industry to…
-
Zero-day Exploit Affecting Java Applications
UPDATE As the collective understanding and impact of the Log4Shell Vulnerability continues to build, Drawbridge is releasing updated information. Please read carefully to understand the impact this vulnerability may have on your systems, and recommended mitigating actions. The first reports of attacks are appearing, with researchers confirming vulnerable systems on the Internet having crypto-mining malware…
-
Cybersecurity News Ransomware
Cybersecurity News: The Importance of The White House’s International Meeting on Ransomware October 16, 2021 Recently, efforts by the United States Government to fight back against ransomware have been in full swing. To better combat these growing threats, The White House has met with representatives from numerous nations in order to focus on the threat…
-
Market Spotlight: The Necessity of Cybersecurity for Venture Capital Firms
Investment firms of all types are at a risk for data breaches. In this modern era, firms are dealing with personal and financial information often at a digital level. Because of this, the risk for potential cyber-attacks increases, and the manner with which malicious parties attack these firms are in constant flux. Venture capital firms…
-
Service Spotlight: Cybersecurity Training for your Employees
There is growing evidence that cyber attackers are only becoming stronger and better at what they do. As the cybersecurity landscape evolves to meet these new challenges, so do hackers, who evolve their own cyber threats and attacks. There is an unsuspecting first line of defense in your firm’s cybersecurity efforts: your employees. As cyber…
-
Cybersecurity: Ransomware Alert
On July 10, 2020, The SEC’s Office of Compliance Inspections and Examinations (OCIE) released an alert on the growth of the ransomware threat for financial services market participants and its commitment to providing advisory to assist these firms in taking proactive measures to protect their businesses. Phishing attacks and other social engineering campaigns are being…
-
Cybersecurity News: SEC & CFTC Update
Cybersecurity News Alert 2020 SEC EXAMINATION PRIORITIES On Tuesday, January 7th, 2020, the U.S. Securities and Exchange Commission (SEC) released the examination priorities for 2020. The SEC has shifted their examination priorities from years past in an effort to adapt to emerging risks, but cybersecurity continues to remain a top priority for the SEC. The…
-
CYBERSECURITY RISK ALERT: WhatsApp Vulnerability
Yesterday, various governmental agencies and news outlets were made aware of a security vulnerability affecting the WhatsApp messaging platform. The vulnerability may have enabled malicious actor(s) to inject spyware on user devices which potentially exposed user information on mobile devices. WhatsApp has encouraged users to update the application immediately to avoid potential exposure and compromise of data.…
-
CYBERSECURITY RISK ALERT: Broadcom Wi-Fi
For individuals using Broadcom Wi-Fi, on April 17, 2019, the CERT Coordination Center (“CERT/CC”) published information identifying various vulnerabilities stemming from the Broadcom ‘w1’ driver and open source ‘brcmfmac’ driver for Broadcom Wi-Fi chipsets. Ultimately, these vulnerabilities could allow an unauthenticated attacker to execute arbitrary code on a vulnerable system, most frequently resulting in a…
-
CYBERSECURITY RISK ALERT: SEC Regulation S-P Risk Alert
Today, April 16, 2019, the SEC’s Office of Compliance Inspections and Examinations (OCIE) published a risk alert regarding compliance issues related to Regulation S-P. The focal points identified by the OCIE were the failure to provide customers with privacy and opt-out notices, as well as the failure to adopt written policies and procedures that address…
-
RISK ALERT: GOOGLE CHROME VULNERABILITY
Recently, Google identified a zero-day vulnerability affecting Chrome internet browsers. The vulnerability is a memory management error which could allow a remote attacker to read the contents of files stored on a user’s computer. Google addressed the vulnerability in Chrome version 72.0.3626.121. Check if your Chrome browser is up-to-date: Click this icon in the upper right corner…
