Blog

SEC Announces Cybersecurity Policy Enforcement #CyberAware

SEC Announces Cybersecurity Policy Enforcement #CyberAware

President Obama has designated October as National Cybersecurity Awareness Month. This week, we will be shining a spotlight on cybersecurity examinations for businesses and business owners. Herjavec Group is sharing a summary of the SEC’s latest release where the commission highlighted the six target areas for its future cybersecurity examinations. All businesses should be #CyberAware In late September, the Securities and... Read More
October 6, 2015

Threat Advisory | VMware Security Updates

VMware has released security updates to address vulnerabilities in vCenter and ESXi. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.  Users and administrators are encouraged to review VMware Security Advisory VMSA-2015-0007 and apply the necessary updates.   Herjavec Group circulates US – Cert advisories as this notification warrants attention and may have... Read More
October 2, 2015

To Cyber-Insure, or not to Cyber-Insure…that is the Question

Steven Cohen, VP Herjavec Group Last week BitPay filed a lawsuit against insurer MBIC to recover amounts denied under a commercial crime policy. It has been reported that in December 2014, hackers were able to pull off a social engineering attack against a BitPay executive, resulting in 3 separate transfers of 5,000 bitcoins (valued at $1,850,000). This incident is particularly... Read More
September 25, 2015

Threat Advisory | FireEye HX 2.1 Vulnerability Update

FireEye has confirmed a vulnerability affecting its HX product version 2.1 (a legacy version, but still in use by some customers). The current release of FireEye’s HX product offering is version 2.6. FireEye has acknowledged that this vulnerability cannot be executed remotely, nor can it be exploited by an unauthenticated user.It is recommended that customers utilizing the HX product version... Read More
September 8, 2015

How to Manage Ransomware

Matt Anthony VP, Incident Response Many organizations are victims of an emerging and surging category of malware.  Generically called ransomware, it is also known by the names Cryptolocker or Cryptowall.  Ransomware evolves and changes, but the result is the same.  You start your computer and get a message like:  “Your files are encrypted” along with an invitation to pay a ransom,... Read More

Legislative Intervention into Security Preparedness

Steven Cohen, VP Herjavec Group  Last week a US appeals court confirmed that the Federal Trade Commission (FTC) can proceed with its suit against the Wyndham hotel chain. Wyndham was accused of failing to secure customer information and prevent multiple breaches between 2008-2009. The breaches reportedly resulted in 619,000 credit card accounts being compromised and over $10million in losses. Following... Read More
August 31, 2015

Threat Advisory | UDP-Based Amplification Attacks

Original release date by US Cert: January 17, 2014 | Last revised: August 19, 2015 A Distributed Reflective Denial of Service (DRDoS) attack is a form of Distributed Denial of Service (DDoS) that relies on the use of publicly accessible UDP servers, as well as bandwidth amplification factors, to overwhelm a victim system with UDP traffic. UDP, by design, is... Read More
August 20, 2015

Cybersecurity Awareness Training: Simple Solutions to Complex Problems

Cybersecurity is certainly topical given the number of compromises being reported in the press. As cybersecurity professionals, it can be perplexing to see organizations that focus their efforts on investments in the technology space, while often ignoring and undervaluing the investment in their own people. Many firms offer security awareness training in the form of a quick PowerPoint presentation followed... Read More
August 19, 2015

MetTel Partners with Herjavec Group for Enhanced Security Solutions

NEW YORK, Aug. 19, 2015 - MetTel, a leading communications solutions provider for enterprise businesses, today announced a strategic partnership with Herjavec Group, a global managed security services provider led by dynamic IT entrepreneur Robert Herjavec. As part of the agreement, MetTel will now benefit from Herjavec Group's 24/7/365 security coverage, complementing MetTel's current Security Operations Center (SOC) and supporting... Read More

Why AV is Dead, and what to do about it.

Scott McDonald, Herjavec Group In the proverbial cat-and-mouse game of cybersecurity neither the attacker nor defender can maintain their advantage for very long.  The lifecycle of new technologies in IT is very short. But in cybersecurity that time is condensed into nanoscopic increments of obsolescence allowing new lethal threats to overtake yesterday’s sophisticated cyber defenses. Let’s take a look ‘under... Read More
August 4, 2015