The SEC’s OCIE Releases Their Observations From Examinations

On January 27, 2020 the Securities and Exchange Commission Commission’s Office of Compliance Inspections and Examinations issued examination observations related to cybersecurity and operational resiliency practices undertaken by market participants. We reviewed this alert and simplified it into major points that are easily digestible. The OCIE provided the following observations: Governance and Risk Management Senior leadership is […]

Citrix ADC CVE-2019-19781 Public Exploits Available

On December 17, 2019, Citrix published an article describing vulnerability affecting the Citrix Application Delivery Controller (ADC) and Citrix Gateway formerly known as NetScaler ADC and Gateway. The vulnerability was assigned the following CVE number: CVE-2019-19781 : Vulnerability in Citrix Application Delivery Controller and Citrix Gateway leading to arbitrary code execution The vulnerability affects all product […]

CFTC issues alerts and expects responses!

In December 2019, the U.S. government issued indictments against two hackers who were allegedly involved in a multiyear effort to penetrate the systems of several IT Vendors and Managed Services Providers (MSPs). The attack known today as the “Cloud Hopper Mega Hack” was first noticed in 2016, as indicated by the Wall Street Journal. Preview […]

Information Leakage and Improper Error Handling vulnerability found in Axcient / eFolder Synced Tool

This vulnerability was responsibly disclosed to Axcient/Anchor on November 4, 2019. Affected versions: > 2.7.1.1498 During a penetration test we came across a file sharing application called SynedTool. When performing some of the more simpler tests we identified that this application is vulnerable to an Information Leakage and Improper Error Handling vulnerability. The application allows […]