Blog

Threat Advisory | Oracle Critical Patch Update

Oracle has released its Critical Patch Update for October 2015 to address 154 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Herjavec Group encourages users and administrators to review the Oracle October 2015 Critical Patch Update and apply the necessary updates. Herjavec Group circulates US –... Read More
October 21, 2015
How Cybersecurity Aware Are You? #CyberAware

How Cybersecurity Aware Are You? #CyberAware

Did you know that 95% of all security incidents involve human error?1 Successful security attacks are often the result of  insiders within an organization unwittingly providing attackers with access to sensitive information. Best of breed security technologies cannot help protect your organization unless employees understand their roles and responsibilities in safeguarding sensitive data and protecting company resources. Cybersecurity is no longer an issue for employers and business owners, recent hacks... Read More
October 19, 2015
Payment Card Industry (PCI) Awareness Week #CyberAware

Payment Card Industry (PCI) Awareness Week #CyberAware

President Obama has designated October National Cybersecurity Awareness Month. This week, we will be shining a spotlight on the payment card industry (PCI). Every time your customers make a purchase, they are trusting that you will not only deliver your product or service, but that you will keep their personal information safe. The threat of credit card fraud and information theft across... Read More
October 13, 2015
SEC Announces Cybersecurity Policy Enforcement #CyberAware

SEC Announces Cybersecurity Policy Enforcement #CyberAware

President Obama has designated October as National Cybersecurity Awareness Month. This week, we will be shining a spotlight on cybersecurity examinations for businesses and business owners. Herjavec Group is sharing a summary of the SEC’s latest release where the commission highlighted the six target areas for its future cybersecurity examinations. All businesses should be #CyberAware In late September, the Securities and... Read More
October 6, 2015

Threat Advisory | VMware Security Updates

VMware has released security updates to address vulnerabilities in vCenter and ESXi. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.  Users and administrators are encouraged to review VMware Security Advisory VMSA-2015-0007 and apply the necessary updates.   Herjavec Group circulates US – Cert advisories as this notification warrants attention and may have... Read More
October 2, 2015

To Cyber-Insure, or not to Cyber-Insure…that is the Question

Steven Cohen, VP Herjavec Group Last week BitPay filed a lawsuit against insurer MBIC to recover amounts denied under a commercial crime policy. It has been reported that in December 2014, hackers were able to pull off a social engineering attack against a BitPay executive, resulting in 3 separate transfers of 5,000 bitcoins (valued at $1,850,000). This incident is particularly... Read More
September 25, 2015

Threat Advisory | FireEye HX 2.1 Vulnerability Update

FireEye has confirmed a vulnerability affecting its HX product version 2.1 (a legacy version, but still in use by some customers). The current release of FireEye’s HX product offering is version 2.6. FireEye has acknowledged that this vulnerability cannot be executed remotely, nor can it be exploited by an unauthenticated user.It is recommended that customers utilizing the HX product version... Read More
September 8, 2015

How to Manage Ransomware

Matt Anthony VP, Incident Response Many organizations are victims of an emerging and surging category of malware.  Generically called ransomware, it is also known by the names Cryptolocker or Cryptowall.  Ransomware evolves and changes, but the result is the same.  You start your computer and get a message like:  “Your files are encrypted” along with an invitation to pay a ransom,... Read More

Legislative Intervention into Security Preparedness

Steven Cohen, VP Herjavec Group  Last week a US appeals court confirmed that the Federal Trade Commission (FTC) can proceed with its suit against the Wyndham hotel chain. Wyndham was accused of failing to secure customer information and prevent multiple breaches between 2008-2009. The breaches reportedly resulted in 619,000 credit card accounts being compromised and over $10million in losses. Following... Read More
August 31, 2015

Threat Advisory | UDP-Based Amplification Attacks

Original release date by US Cert: January 17, 2014 | Last revised: August 19, 2015 A Distributed Reflective Denial of Service (DRDoS) attack is a form of Distributed Denial of Service (DDoS) that relies on the use of publicly accessible UDP servers, as well as bandwidth amplification factors, to overwhelm a victim system with UDP traffic. UDP, by design, is... Read More
August 20, 2015