Security
-
Critical Microsoft Alert and Patching Update
As part of the July “Patch Tuesday”, Microsoft released a total of 123 CVEs (or “Common Vulnerabilities or Exposures”). That comes on the back of a record-breaking number of June CVEs totaling 129. The year-on-year volume of CVEs from Microsoft is increasing rapidly, with 2020 totaling 657 so far. We are not far from eclipsing…
-
Availability – The Forgotten Stepchild of Cybersecurity
On an early Monday in the lock-down process for the UK, many companies settled their staff into the comfort of their homes and logged into Corporate services to test their networks. Some of those using collaboration tools from Office365 were greeted with the message “We’re investigating problems in Microsoft Teams…”. A truly unfortunate start to…
-
Can your credit union afford a cyberattack
Originally Published in American Banker. This story is the latest entry in Credit Union Journal’s special report on cybersecurity, which has run throughout the month of October. Got a spare $1.8 million? Institutions that don’t have adequate cybersecurity protections may need that much or more to clean up after a cyberattack. A report on 2018 cybersecurity incidents from…
-
Cybersecurity Q&A: ‘At the moment it’s an afterthought’
Originally Published in Private Funds CFO. Three financial cybersecurity experts talk about data sharing, phishing and how to protect a private equity firm from cyber attacks. Cybersecurity is a growing concern in the private equity sphere, both at the management and portfolio levels. But how can firms protect themselves, and what should they be looking out…
-
Stop Hacks and Improve Electronic Data Security Act (SHIELD Act)
On July 25, 2019, the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) and the Identity Theft Prevention and Mitigation Services Act were signed into law in the State of New York. Both Acts strengthen cybersecurity and consumer privacy protections for New York state residents. The SHIELD Act The SHIELD Act amends New…
-
CYBERSECURITY RISK ALERT: WhatsApp Vulnerability
Yesterday, various governmental agencies and news outlets were made aware of a security vulnerability affecting the WhatsApp messaging platform. The vulnerability may have enabled malicious actor(s) to inject spyware on user devices which potentially exposed user information on mobile devices. WhatsApp has encouraged users to update the application immediately to avoid potential exposure and compromise of data.…
-
CYBERSECURITY RISK ALERT: Broadcom Wi-Fi
For individuals using Broadcom Wi-Fi, on April 17, 2019, the CERT Coordination Center (“CERT/CC”) published information identifying various vulnerabilities stemming from the Broadcom ‘w1’ driver and open source ‘brcmfmac’ driver for Broadcom Wi-Fi chipsets. Ultimately, these vulnerabilities could allow an unauthenticated attacker to execute arbitrary code on a vulnerable system, most frequently resulting in a…
-
RISK ALERT: GOOGLE CHROME VULNERABILITY
Recently, Google identified a zero-day vulnerability affecting Chrome internet browsers. The vulnerability is a memory management error which could allow a remote attacker to read the contents of files stored on a user’s computer. Google addressed the vulnerability in Chrome version 72.0.3626.121. Check if your Chrome browser is up-to-date: Click this icon in the upper right corner…
-
CYBERSECURITY RISK ALERT: CISCO WEBEX VULNERABILITY
Cisco has identified a vulnerability in its Webex Meetings Desktop App and Webex Productivity Tools. By invoking the update service command with a crafted argument, an authenticated, local attacker could run arbitrary commands with SYSTEM level user privileges. The vulnerability may also be exploited remotely in Active Directory deployments by leveraging operating system remote management…
-
CYBERSECURITY RISK ALERT: Cisco Webex Alert
Cisco Webex Cybersecurity Alert: Cisco has identified a vulnerability in its Webex Meetings Desktop App and Webex Productivity Tools. By invoking the update service command with a crafted argument, an authenticated, local attacker could run arbitrary commands with SYSTEM level user privileges. The vulnerability may also be exploited remotely in Active Directory deployments by leveraging…
-
Cybersecurity News Alert: SEC Infiltration EDGAR System Hack
On Tuesday, January 15th, the U.S. Securities and Exchange Commission (SEC) announced that it charged nine defendants in an alleged hack of the SEC’s EDGAR system. The hackers allegedly infiltrated the SEC EDGAR system and extracted nonpublic information to use for illegal trading, ultimately profiting $4,135,015 in the process. The hackers mostly stem from Ukraine…
-
Cybersecurity Vulnerability Alert – Microsoft Windows
Microsoft Windows Alert: Microsoft has recently identified a vulnerability in its Windows products. The vulnerability could allow a local attacker to elevate privileges on the targeted Windows-based system. A successful attack would require user-level access and would allow the attacker to execute arbitrary code with escalated privileges and compromise the system entirely. Microsoft has released…
