Today the Securities and Exchange Commission (SEC) sanctioned eight firms in three actions for failures in their cybersecurity policies and procedures that resulted in email account takeovers exposing the personal information of thousands of customers and clients at each firm. A total of $800,000 were levied against these firms. In summary, the firms named in
Our founder Anand Mohabir was interviewed by Kindra Cooper, from Springboard, on the topic of Ethical hacking. “There’s a lot that comes into play when you’re trying to become an ethical hacker. You have to know how a network is designed and operated, how servers interact, how virtual machines, storage and firewalls work,” said Mohabir.
Yesterday the U.S. Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) released its 2021 exam priorities. In the letter the SEC highlighted that their focus remains the same from prior years with a slight shift in priorities and adjustment of focus. The SEC stated that they will review whether firms have
Fireye detected that Solarwinds Orion is being used by attackers to steal sensitive company data. Fireye’s threat research division found that a highly sophisticated and evasive attacker compromised the Solarwind’s Orion IT monitoring and management platform to deliver a backdoor trojan. It is suspected that the campaign has started as early as April 2020 and
Yesterday The Office and Compliance Inspections and Examinations ("OCIE") issued an alert about safeguarding client accounts against credential compromise that highlighted the issue of "credential stuffing attacks". Credential stuffing is a type of cyber attack where many compromised user credentials are tried against systems to gain unauthorized access, using automated means. Over the past few
A service provider of SEI Investments Co., affected by a ransomware attack. SEI Investments Co., a fund administrator for several high-profile asset management firms experienced a breach, exposing the personal information of investors for approximately 100 clients. SEI stated that the breach occurred through one of their service providers that faced a ransomware attack. M.J.
Today the OCIE issued a Ransomware Alert, highlighting an uptick in sophisticated social engineering and other cyber campaigns, designed to infiltrate the networks of financial institutions to access sensitive information and/or to deploy ransomware. As a reminder, ransomware actors typically demand monetary payment for the return of data. We can spend time regurgitating what was
On June 29, 2020 Palo Alto Networks published a notice about a critical vulnerability affecting their devices. https://security.paloaltonetworks.com/CVE-2020-2021. The vulnerability, which is listed as an issue affecting the way SAML (Security Assertion Markup Language) authentication happens, can be exploited by remote attackers to gain access to the device. Dissecting this vulnerability, Palo Alto states that
Will Work From Home (WFH) be an Alternative Asset Management Firm’ new norm? Firstly, let me address the question that comes to mind after reading the title, this isn’t just another article about how COVID-19 has affected us………now keep reading. I’m not writing this article to express my opinion about whether WFH is good or
