Threat Update | Logjam Vulnerability

What is Logjam? Logjam is a browser and website encryption vulnerability that allows attackers to view encrypted content by downgrading security connections. How does this vulnerability work? When websites and mail servers attempt to communicate security with end users many of them do what is known as a Diffie-Hellman key exchange in an attempt to establish an encrypted connection. The... Read More
May 20, 2015

Insights on eMerge Americas 2015

eMerge Americas is an annual global idea exchange held in Miami, Florida with a focus on how technology and innovation are disrupting industries. The conference connects small, mid cap and emerging firms with global industry leaders and investors through interactive sessions, keynote and networking events. Matt Anthony, Herjavec Group’s SVP of Consulting & Remediation Services had the privilege of attending... Read More
May 14, 2015

Threat Update | VENOM Vulnerability

May 13, 2015 CrowdStrike has disclosed a vulnerability that impacts a large number of virtual machine (VM) products. CrowdStrike named this vulnerability, tracked as CVE-2015-3456, VENOM, which stands for Virtualized Environment Neglected Operations Manipulation. CrowdStrike Intelligence is not aware of any in-the-wild exploitation of this vulnerability. The specific issue is a buffer overflow vulnerability exposed due to a race-condition in... Read More
May 13, 2015

PCI DSS 3.1 Highlights

The Payment Card Industry (PCI) Data Security Standard (DSS) is a worldwide standard, published and maintained by the PCI Security Standards Council (SSC), endorsed by all major credit card brands and intended to protect cardholder data wherever it is processed, stored or transmitted. On February 13, 2015. the PCI SSC Council released a statement announcing impending revisions to the Payment Card Industry Data Security Standard (PCI DSS) as... Read More
April 24, 2015

Customized Intelligence-Based Information Security

Information security is a fast moving train, but where is it headed? The vast selection of technologies can be mind-boggling, and often the skills required to make sense of their proper use are dispersed among multiple technical groups and, at times, completely missing from an organization's skills-matrix. With this in mind, it is a wonder that intelligence modeling capabilities are... Read More
April 16, 2015

Threat Update | Simda Botnet

April 15, 2015 US-Cert has reported the compromise of more than 770,000 computers running Microsoft Windows worldwide through the Simda botnet. The details below have been released to provide further information along with prevention recommendations. Simda malware may re-route user’s Internet traffic to websites under criminal control or can be used to install malware. The malicious actors control the network of... Read More
April 15, 2015

Next Generation FireWalls

Firewall technology has become a key part of each and every company’s security defence strategy. As the pace of technological change continues to move quickly, firewall technology has become much more sophisticated. The latest trend in firewall naming conventions is “NextGen Firewall” (NGFw). The most important features of a NGFw are:     to be able to create username based policy... Read More
March 25, 2015

Vulnerability Analyst

Las Vegas, NV A Vulnerability Analyst is a trusted technical advisor to Herjavec Group customers providing valuable guidance and execution around operations and optimization of their IT security infrastructure. The Vulnerability Analyst works closely with the customer to provide proactive support assistance to prevent security issues from occurring. The Vulnerability Analyst plays a pivotal role in ensuring that Herjavec Group... Read More
March 17, 2015

Are you ready for an Information Security Incident?

Prevailing wisdom has become that information security breaches are inevitable. We have all seen the headlines and watched as major targeted attacks played out in government and in the media but as business leaders and security practitioners—what can we do to protect our organizations? The founder of the Boy Scouts, Robert Baden-Powell, said everything we really need to know when... Read More
March 12, 2015

Threat Update | SuperFish

  Lenovo products shipped between September 2014 and February 2015 have come with preloaded software known as “SuperFish”. It is very common for Manufacturers and OEMs to preload applications onto the Operating System; however, what makes SuperFish “unique” is that it is designed to intercept all HTTP and HTTPS communication. SuperFish is designed to provide analytics to better enhance the... Read More
February 25, 2015