Blog

Shark Tank’s Robert Herjavec: On How To Tell If You Are Cyber Secure

Last Monday – the 15th – password storage maker LastPass was hacked, exposing the email addresses and encrypted master passwords of its users. Last Tuesday – the 16th – in Congressional testimony, House Oversight Chairman, Jason Chaffetz, said that federal cybersecurity “stinks” in response to the governmental breach that happened earlier this month, exposing the personal information of millions of current, former,... Read More
June 22, 2015

Evolution of the Next Generation SOC

The need for security programs to shift from tactical to strategic in focus has never been stronger. Rising threats have forced organizations to recognize the importance of a rapid response center, dedicated to network and security incidents. In the past, the separation between NOC and SOC seemed logical – NOCs were mature while SOCs were the “new kids on the... Read More
June 2, 2015

Threat Update | Leap Second June 30, 2015

The term “Leap Second” was coined to reflect that the last minute of June 30th will be one second longer than a standard minute, meaning that June 30, 2015 23:59:60 will be a valid and correct time. This time could cause potential issues across various IT infrastructures. It has been speculated that the Leap Second could cause a server hang... Read More
June 1, 2015

Threat Update | Logjam Vulnerability

What is Logjam? Logjam is a browser and website encryption vulnerability that allows attackers to view encrypted content by downgrading security connections. How does this vulnerability work? When websites and mail servers attempt to communicate security with end users many of them do what is known as a Diffie-Hellman key exchange in an attempt to establish an encrypted connection. The... Read More
May 20, 2015

Insights on eMerge Americas 2015

eMerge Americas is an annual global idea exchange held in Miami, Florida with a focus on how technology and innovation are disrupting industries. The conference connects small, mid cap and emerging firms with global industry leaders and investors through interactive sessions, keynote and networking events. Matt Anthony, Herjavec Group’s SVP of Consulting & Remediation Services had the privilege of attending... Read More
May 14, 2015

Threat Update | VENOM Vulnerability

May 13, 2015 CrowdStrike has disclosed a vulnerability that impacts a large number of virtual machine (VM) products. CrowdStrike named this vulnerability, tracked as CVE-2015-3456, VENOM, which stands for Virtualized Environment Neglected Operations Manipulation. CrowdStrike Intelligence is not aware of any in-the-wild exploitation of this vulnerability. The specific issue is a buffer overflow vulnerability exposed due to a race-condition in... Read More
May 13, 2015

PCI DSS 3.1 Highlights

The Payment Card Industry (PCI) Data Security Standard (DSS) is a worldwide standard, published and maintained by the PCI Security Standards Council (SSC), endorsed by all major credit card brands and intended to protect cardholder data wherever it is processed, stored or transmitted. On February 13, 2015. the PCI SSC Council released a statement announcing impending revisions to the Payment Card Industry Data Security Standard (PCI DSS) as... Read More
April 24, 2015

Customized Intelligence-Based Information Security

Information security is a fast moving train, but where is it headed? The vast selection of technologies can be mind-boggling, and often the skills required to make sense of their proper use are dispersed among multiple technical groups and, at times, completely missing from an organization's skills-matrix. With this in mind, it is a wonder that intelligence modeling capabilities are... Read More
April 16, 2015

Threat Update | Simda Botnet

April 15, 2015 US-Cert has reported the compromise of more than 770,000 computers running Microsoft Windows worldwide through the Simda botnet. The details below have been released to provide further information along with prevention recommendations. Simda malware may re-route user’s Internet traffic to websites under criminal control or can be used to install malware. The malicious actors control the network of... Read More
April 15, 2015

Next Generation FireWalls

Firewall technology has become a key part of each and every company’s security defence strategy. As the pace of technological change continues to move quickly, firewall technology has become much more sophisticated. The latest trend in firewall naming conventions is “NextGen Firewall” (NGFw). The most important features of a NGFw are:     to be able to create username based policy... Read More
March 25, 2015