Alerts
Timely alerts on emerging threats, regulatory changes and industry risks – curated by the Drawbridge team. Keep your firm and investors informed with updates that matter most.
-
CYBERSECURITY RISK ALERT: CISCO WEBEX VULNERABILITY
Cisco has identified a vulnerability in its Webex Meetings Desktop App and Webex Productivity Tools. By invoking the update service command with a crafted argument, an authenticated, local attacker could run arbitrary commands with SYSTEM level user privileges. The vulnerability may also be exploited remotely in Active Directory deployments by leveraging operating system remote management…
-
CYBERSECURITY RISK ALERT: Cisco Webex Alert
Cisco Webex Cybersecurity Alert: Cisco has identified a vulnerability in its Webex Meetings Desktop App and Webex Productivity Tools. By invoking the update service command with a crafted argument, an authenticated, local attacker could run arbitrary commands with SYSTEM level user privileges. The vulnerability may also be exploited remotely in Active Directory deployments by leveraging…
-
CYBERSECURITY NEWS ALERT: CFTC’s First Ever Examination Priorities
On February 12, 2019, the Commodity Futures Trading Commission (CFTC) released its first-ever examination priorities for registrants of the Division of Market Oversight (DMO), Division of Swap Dealer & Intermediary Oversight (DSIO), and Division of Clearing & Risk (DCR). A notable inclusion in the examination priorities is service provider oversight. In the release, the CFTC…
-
CYBERSECURITY RISK ALERT: Vulnerability
Microsoft has recently identified a vulnerability (CVE-2019-0676) within Internet Explorer (IE). When IE improperly handles objects in memory, it is possible for an attacker to test for the presence of files on disk. Attackers can exploit this vulnerability by sending the user a link leading to a malicious website and coercing them to follow the…
-
Cybersecurity Vulnerability Alert – Microsoft Windows
Microsoft Windows Alert: Microsoft has recently identified a vulnerability in its Windows products. The vulnerability could allow a local attacker to elevate privileges on the targeted Windows-based system. A successful attack would require user-level access and would allow the attacker to execute arbitrary code with escalated privileges and compromise the system entirely. Microsoft has released…
-
Cybersecurity Risk Alert – NFA
The National Futures Association (NFA) recently amended the NFA Compliance Rules 2-9, 2-36, and 2-49: Information Systems Security Programs. The amendments address three areas originally covered in the 2016 Interpretive Notice and go into effect on April 1, 2019. The amendments are as follows: Cybersecurity Training Previously, the NFA required employee cybersecurity training upon hire and periodically…
-
Cybersecurity Vulnerability Alert – Cisco
Cisco Cybersecurity Alert: NOTE: This vulnerability affects Cisco ASA Software that is running on any Cisco product that has web management access enabled. On December 19th, Cisco identified a vulnerability in the authorization subsystem of ASA Software on Cisco products. This vulnerability would allow an authenticated, but unprivileged, remote attacker to perform privileged actions by…
-
Cybersecurity Risk Alert – Facebook
Facebook Cybersecurity Risk Alert: On Tuesday, September 25th, Facebook discovered a security breach affecting approximately 50 million users. Attackers exploited a vulnerability in the “View As” feature of Facebook, which allows users to view their profile from the perspective of another user. As a result of the exploit, the attackers stole Facebook access tokens, which…
