Call Us Today! (866) 435-8364

Keep up with the latest news!

Press Releases, Latest News, Updates

Phantom Extortion Phishing Targeting Financial Services Firms!

2023-03-22T18:51:03-04:00March 22nd, 2023|Alternative Asset Management, Breaches, Cyber, Exploit, Fraud, Hedge Fund, Identity Theft, Investment Adviser, Phishing, Private Equity, Private Funds, RIA, Table Top, Vulnerability|

Recently a few of our clients were recipients of phishing email leveraging scare tactics, also known as the Phantom Extortion Scam. This scam involves cyber criminals sending fake emails or messages to individuals or businesses, claiming that there has been a security breach or incident involving sensitive client or organization data. The cyber criminals then

Is this the end of LastPass?

2023-01-05T11:35:48-05:00January 5th, 2023|Breaches, Cyber, Hackers, Identity Theft, Password, Phishing, PII, Privacy, Vulnerability|

LastPass, a popular password management service, has revealed that malicious actors have gained access to unencrypted customer data, including web URLs, email addresses, company names, billing addresses, telephone numbers, and IP addresses of LastPass customers, as well as encrypted copies of customer password vaults. This information was compromised using previously stolen data from a breach in

NYDFS Proposed Enhancements – Second Amendment to 23 NYCRR 500

2022-08-02T12:26:48-04:00August 1st, 2022|BCP, Cyber, Hackers, NYDFS, Penetration Test, Regulatory, Vulnerability|

 On July 29, 2022, the New York Department of Financial Services (NYDFS) provided several potential enhancements to the existing Part 500 Cybersecurity Rules. The Draft Amendments can be divided into six categories: Assessments, Technical Requirements, Governance, Obligations for Larger Companies, Notifications, and Penalties.  Assessments  The Draft Amendments expand the current definition of Risk Assessment to

The SEC proposes new Cybersecurity rules

2022-02-09T17:48:34-05:00February 9th, 2022|Cyber, Hedge Fund, Investment Adviser, OCIE, Private Equity, Private Funds, Regulatory, RIA, Rules, SEC, Services, Vulnerability Disclosure|

Earlier today the Securities and Exchange Commission voted to propose rules related to cybersecurity risk management for registered investment advisers, and registered investment companies and business development companies (funds), as well as amendments to certain rules that govern investment adviser and fund disclosures. The SEC Chair Gary Genlser stated that the proposed rules and amendments

NYDFS’s first time charging a company for not adhering to their Cybersecurity Regulation Part 500 of Title 23

2022-08-02T12:30:30-04:00January 7th, 2022|Cyber, Hackers, NYDFS, Rules, SEC|

The New York Department of Financial Services ("NYDFS") has charged First American Insurance company with multiple section code violations pertaining to cyber security policies. This is NYDFS's first time charging a company for not adhering to their Cybersecurity Regulation Part 500 of Title 23. The charges held against First American are as follows: Deficient cybersecurity

Safeguards Rule will be updated to better protect consumer financial information from cyber attacks and security breaches

2022-01-07T18:10:50-05:00January 7th, 2022|Breaches, FTC, Hackers, NYDFS, Private Funds, Rules|

In October 2021, the Federal Trade Commission (FTC) stated that it would expand its Safeguards Rule in order to better protect consumer financial information from cyber attacks and security breaches. The revised Rule requirements will take effect on December 9, 2022. This is a significant development for private funds that were previously exempt from the

FINRA Keeps Its Business Continuity Rule Intact

2022-01-07T18:25:58-05:00December 30th, 2021|BCP, Cyber, FINRA|

FINRA Rule 4370 requires firms of all sizes to be prepared for business disruptions by maintaining a business continuity plan. After conducting a "Pandemic Review" of the rule, which included extensive feedback from internal and external stakeholders, FINRA decided to keep the rule as is. A majority of the feedback received indicated that Rule 4370

Apache Log4j 2 Vulnerability

2021-12-13T08:08:37-05:00December 13th, 2021|Apache, Exploit, Hackers, Hedge Fund, Investment Adviser, Reverse Shell, Vulnerability|

You probably heard the news this weekend about the new critical remote code execution vulnerability affecting Apache log4j 2. A remote code execution vulnerability is an attack that can be launched from anywhere in the world, as long as an affected system is available remotely. Why is important? The vulnerability affects millions of devices, including

Next Generation Ransomware Attacks

2021-10-09T06:09:49-04:00October 9th, 2021|Alternative Asset Management, BEC, Business Email Compromise, Cloud, Cyber, Exploit, Hackers, Hedge Fund, Identity Theft, Investment Adviser, Malware, Microsoft, Microsoft Windows 10, Password, Phishing, PII, Privacy, Private Equity, Ransomware Attack, RIA, Vulnerability|

Ransomware, the word alone evokes fear into many companies. How did this form of crime actually start? In 1989, Dr. Joseph L. Popp created the first ransomware called the "AIDS Trojan." This trojan virus encrypted files on a computer after rebooting a number of times. Fast forward to 2006, Archiveus, a computer virus that affected

Critical Apple vulnerability exploited to eavesdrop!

2021-09-14T18:12:31-04:00September 14th, 2021|Apple, Cyber, Exploit, Hackers, Identity Theft, PII, Privacy, Technology, Vulnerability|

Apple has released an emergency security update to address vulnerabilities in iOS and iPadOS for a zero-click zero day exploit that allows the installation of malware on a device. An attacker could exploit these vulnerabilities to take control of an affected device if they are unpatched. "Attacks like the ones described are highly sophisticated, cost

Go to Top