LastPass, a popular password management service, has revealed that malicious actors have gained access to unencrypted customer data, including web URLs, email addresses, company names, billing addresses, telephone numbers, and IP addresses of LastPass customers, as well as encrypted copies of customer password vaults. This information was compromised using previously stolen data from a breach in
Earlier today the Securities and Exchange Commission voted to propose rules related to cybersecurity risk management for registered investment advisers, and registered investment companies and business development companies (funds), as well as amendments to certain rules that govern investment adviser and fund disclosures. The SEC Chair Gary Genlser stated that the proposed rules and amendments
You probably heard the news this weekend about the new critical remote code execution vulnerability affecting Apache log4j 2. A remote code execution vulnerability is an attack that can be launched from anywhere in the world, as long as an affected system is available remotely. Why is important? The vulnerability affects millions of devices, including
Ransomware, the word alone evokes fear into many companies. How did this form of crime actually start? In 1989, Dr. Joseph L. Popp created the first ransomware called the "AIDS Trojan." This trojan virus encrypted files on a computer after rebooting a number of times. Fast forward to 2006, Archiveus, a computer virus that affected
Apple has released an emergency security update to address vulnerabilities in iOS and iPadOS for a zero-click zero day exploit that allows the installation of malware on a device. An attacker could exploit these vulnerabilities to take control of an affected device if they are unpatched. "Attacks like the ones described are highly sophisticated, cost
Today the Securities and Exchange Commission (SEC) sanctioned eight firms in three actions for failures in their cybersecurity policies and procedures that resulted in email account takeovers exposing the personal information of thousands of customers and clients at each firm. A total of $800,000 were levied against these firms. In summary, the firms named in
PrintNightmare, Vulnerability Affecting Windows Print Spooler Eleven years ago, an escalation of privilege bug in the Windows print spooler services was used in the Stuxnet attack, the notorious worm that destroyed the enrichment centrifuges of an Iranian Nuclear facility. Over the past eleven years, Microsoft's print spooler is still plagued by multiple vulnerabilities. Yesterday, proof-of-concept
On June 15, 2021 “The Securities and Exchange Commission (“SEC”) announced settled charges against real estate settlement services company First American Financial Corporation for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information.” On May 24, 2019, Brian Krebs notified First American Financial Corporation of a vulnerability with its
Our founder Anand Mohabir was interviewed by Kindra Cooper, from Springboard, on the topic of Ethical hacking. “There’s a lot that comes into play when you’re trying to become an ethical hacker. You have to know how a network is designed and operated, how servers interact, how virtual machines, storage and firewalls work,” said Mohabir.
Yesterday the U.S. Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) released its 2021 exam priorities. In the letter the SEC highlighted that their focus remains the same from prior years with a slight shift in priorities and adjustment of focus. The SEC stated that they will review whether firms have
