Call Us Today! (866) 435-8364

SEC Charges First American Financial Corporation With Cybersecurity Disclosure Controls Failures

On June 15, 2021 “The Securities and Exchange Commission (“SEC”) announced settled charges against real estate settlement services company First American Financial Corporation for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information.” On May 24, 2019, Brian Krebs notified First American Financial Corporation of a vulnerability with its

2021-06-15T12:53:23-04:00June 15th, 2021|Cyber, OCIE, Privacy, Regulatory, SEC, Vulnerability, Vulnerability Disclosure|

What is Ethical Hacking? Everything You Need to Know About Ethical Hacking—With Examples

Our founder Anand Mohabir was interviewed by Kindra Cooper, from Springboard, on the topic of Ethical hacking. “There’s a lot that comes into play when you’re trying to become an ethical hacker. You have to know how a network is designed and operated, how servers interact, how virtual machines, storage and firewalls work,” said Mohabir.

2021 SEC OCIE Cybersecurity Exam Priorities

Yesterday the U.S. Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) released its 2021 exam priorities. In the letter the SEC highlighted that their focus remains the same from prior years with a slight shift in priorities and adjustment of focus. The SEC stated that they will review whether firms have

Solarwinds ORION delivers backdoor Trojan to worldwide networks

Fireye detected that Solarwinds Orion is being used by attackers to steal sensitive company data. Fireye’s threat research division found that a highly sophisticated and evasive attacker compromised the Solarwind’s Orion IT monitoring and management platform to deliver a backdoor trojan. It is suspected that the campaign has started as early as April 2020 and

OCIE issues a new Cybersecurity: Ransomware Alert

Today the OCIE issued a Ransomware Alert, highlighting an uptick in sophisticated social engineering and other cyber campaigns, designed to infiltrate the networks of financial institutions to access sensitive information and/or to deploy ransomware. As a reminder, ransomware actors typically demand monetary payment for the return of data. We can spend time regurgitating what was

Palo Alto Networks Vulnerability – CVE-2020-2021

On June 29, 2020 Palo Alto Networks published a notice about a critical vulnerability affecting their devices. https://security.paloaltonetworks.com/CVE-2020-2021. The vulnerability, which is listed as an issue affecting the way SAML (Security Assertion Markup Language) authentication happens, can be exploited by remote attackers to gain access to the device. Dissecting this vulnerability, Palo Alto states that

Three UK-based Private Equity firms lose 1.3 million dollars to cyber criminals

  The team at Check Point identified that cyber criminals - dubbed the Florentine Banker - targeted three Private Equity firms and stole over $1.3 million dollars, with only about half the money recovered. The cyber criminals launched an email spear-phishing campaign targeting executives, and other high-profile employees in an attempt to gain access to

Are you considering fleeing Zoom? Don’t be so quick to do so.

Zoom has been under the spotlight over the past few weeks due to privacy and security issues. They were served with a class-action lawsuit over its data sharing practices, and come under scrutiny from the New York Attorney General’s Office. Headlines like this may make you want to “Zoom” for the hills, but hit the

Have you considered the work from home risks?

Have you made the decision to allow employees to work from home or are you still contemplating the idea? If work from home is or will be the preferred method for the unforeseeable future, there are some things you should do to maintain your compliance and security posture. Here are some risks you should be

CDPwn – Cisco patches 5 critical vulnerabilities that affect millions of devices.

Five critical vulnerabilities found in various implementations of the Cisco Discovery Protocol (CDP) could allow attackers on a local network to take over enterprise devices, as discovered by IoT security company Armis. (It is important to note that attacks can not be performed remotely and requires attackers to have access to internal networks.) CDP is

2020-12-31T18:43:41-05:00February 6th, 2020|Cisco, Cyber, Vulnerability|
Go to Top