Blog

Cyber CEO: Data Privacy Day – How to Enhance Your Data Privacy

Cyber CEO: Data Privacy Day – How to Enhance Your Data Privacy

January 28th is Data Privacy Day, an international effort to empower individuals and support businesses in the endeavor to respect privacy, safeguard data, and enable trust. This year, the National Cybersecurity Alliance has extended the data privacy campaign to be a week-long initiative. Data Privacy Week aims to create awareness about online privacy, educate citizens on how to manage and secure... Read More
January 28, 2022
Threat Advisory: CVE-2021-4034: ‘PwnKit’

Threat Advisory: CVE-2021-4034: ‘PwnKit’

Overview On Tuesday, January 25th, researchers from Qualys disclosed the discovery of a local privilege escalation vulnerability in Linux’s pkexec tool - CVE-2021-4034, which they have dubbed PwnKit. Pkexec is part of the PolKit package and is commonly used within systemd-based Linux distributions[1].  Qualys have confirmed the default installations of Ubuntu, Debian, Fedora, and CentOS contain this vulnerability, but all... Read More
January 27, 2022
Threat Advisory: Geopolitical Update – Russia Ukrainian Tensions

Threat Advisory: Geopolitical Update – Russia Ukrainian Tensions

Overview On Friday, January 14, the Ukrainian government experienced multiple cyberattacks that resulted in the defacement of 70 government-owned websites[1]. The defacement replaced all original content with messages in Russian, Polish, and Ukrainian with the aim to create and spread dissent between different ethnic groups[2]. According to cybersecurity researcher Gary Warner of DarkTower Threat intelligence, the message specifically targets native... Read More
January 20, 2022
Threat Advisory: CVE-2021-22045: VMware Heap-Overflow

Threat Advisory: CVE-2021-22045: VMware Heap-Overflow

Overview On January 4th, VMware released security advisory VMSA-2022-0001/CVE-2021-22045 addressing a heap-based overflow vulnerability in several VMware-based technologies[1]. VMware states, "a malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine” [1]. Successful exploitation of CVE-2021-22045... Read More
January 6, 2022
Shark Tank Star Joins Forces with Cybersecurity Visionary to Form New Industry Powerhouse

Shark Tank Star Joins Forces with Cybersecurity Visionary to Form New Industry Powerhouse

Kansas City / Toronto / London (December 30, 2021) — Award-winning cybersecurity solutions providers Fishtech Group (“Fishtech”) and Herjavec Group (“Herjavec”) are pleased to announce their merger, backed by funds advised by Apax Partners LLP (the “Apax Funds”). The two innovative companies will operate as a single entity under a new brand to be announced in early 2022. The Apax... Read More
December 30, 2021
Cyber CEO: A Look Back at Cybersecurity in 2021

Cyber CEO: A Look Back at Cybersecurity in 2021

Every year as December winds down and the New Year approaches, I reflect and look back at the year I'm leaving behind. Needless to say, in 2021 cybersecurity was front and center for individuals, enterprises, and governments alike. Data breaches and cybersecurity threats were at an all-time high this past year. This forced security leaders and enterprise executives to assess... Read More
December 15, 2021
Threat Advisory: Detection & Hardening Guide for CVE-2021-4428 Log4Shell

Threat Advisory: Detection & Hardening Guide for CVE-2021-4428 Log4Shell

Overview On December 10th, 2021, Herjavec Group’s Threat and Vulnerability Management team released a threat notification to our customers detailing LunaSec’s discovery of CVE-2021-44228, a critical vulnerability in the Apache logging library (log4j). The team has done a thorough review of Herjavec Group systems, including statements from our principal data processors and sub-processors, and have concluded that there is no... Read More
December 13, 2021
State-Sponsored Cyber Activity Report 2021

State-Sponsored Cyber Activity Report 2021

The cybercrime landscape has continued to evolve rapidly and the threats we now face are sophisticated, global, and in many cases, backed by nation-states. With this comes an increase in risk to critical infrastructure. As we've seen this past year from some of the largest cyberattacks in our history, breaches on critical infrastructure result in disruption and downtime that trickles... Read More
December 2, 2021
Cyber CEO: 7 Tips to Stay Cyber Safe While Online Holiday Shopping

Cyber CEO: 7 Tips to Stay Cyber Safe While Online Holiday Shopping

As many people start cautiously re-entering the world, I think it's safe to say that many of the changes the COVID-19 Pandemic caused will remain. We all knew e-commerce was becoming one of the major players in the way people shop and access goods and services, but no one could have imagined the explosion of online shopping that resulted from... Read More
November 23, 2021
Cyber Playbook: How to Build a Strong Vulnerability Management Program

Cyber Playbook: How to Build a Strong Vulnerability Management Program

Contributed by Robert Herjavec, CEO & Founder A strong Vulnerability Management program is essential to a comprehensive and proactive cybersecurity program. It allows organizations to identify potential security gaps including access points that threat actors can leverage to gain entry into corporate networks and then prioritize these vulnerabilities for remediation. However, building a robust vulnerability management program can be complex... Read More
November 18, 2021