Threat Advisory | Palo Alto Networks Emergency Path Update

Palo Alto Networks has released an emergency content update to add additional coverage for a recent 0-day vulnerability impacting Adobe Flash (CVE-2015-5119). This exploit can lead to arbitrary remote code execution by the attacker upon successful delivery and exploitation via a specially crafted Adobe Flash swf file, typically via a malicious website. Please review the note below and ensure the... Read More
July 9, 2015

Protecting the Endpoint

As security leaders we recognize that endpoint protection is critical. Over 70% of attacks occur on the endpoint and we recognize that human error still accounts for the majority of desktop breaches. The cybersecurity industry has experienced a surge in the number of endpoint protection offerings available. Offerings exist for on prem or remote endpoint protection in terms of prevention,... Read More
July 6, 2015

Herjavec Group #23 on the Cybersecurity 500 List

Herjavec Group is thrilled to announce that we have been ranked #23 on the Cybersecurity 500 list. This ranking profiles cybersecurity firms globally, creating awareness and recognition for the most innovative cybersecurity companies.  Selection criteria is based on a number of criteria including sector, problem solved, customer base, CISO feedback, company growth, and notable implementations. Herjavec Group has been praised... Read More
June 24, 2015

Coalfire Systems and Herjavec Group Validations Reaffirm Critical Cyber Security Capabilities for Financial Services Community

The Payment Card Industry (PCI) Data Security Standard (DSS) is a worldwide standard, published and maintained by the PCI Security Standards Council (SSC), endorsed by all major credit card brands and intended to protect cardholder data wherever it is processed, stored or transmitted. Nothing is more important than keeping your customer's payment card data secure. In a recent engagement, Herjavec Group, a PCI... Read More

Shark Tank’s Robert Herjavec: On How To Tell If You Are Cyber Secure

Last Monday – the 15th – password storage maker LastPass was hacked, exposing the email addresses and encrypted master passwords of its users. Last Tuesday – the 16th – in Congressional testimony, House Oversight Chairman, Jason Chaffetz, said that federal cybersecurity “stinks” in response to the governmental breach that happened earlier this month, exposing the personal information of millions of current, former,... Read More
June 22, 2015

Evolution of the Next Generation SOC

The need for security programs to shift from tactical to strategic in focus has never been stronger. Rising threats have forced organizations to recognize the importance of a rapid response center, dedicated to network and security incidents. In the past, the separation between NOC and SOC seemed logical – NOCs were mature while SOCs were the “new kids on the... Read More
June 2, 2015

Threat Update | Leap Second June 30, 2015

The term “Leap Second” was coined to reflect that the last minute of June 30th will be one second longer than a standard minute, meaning that June 30, 2015 23:59:60 will be a valid and correct time. This time could cause potential issues across various IT infrastructures. It has been speculated that the Leap Second could cause a server hang... Read More
June 1, 2015

Threat Update | Logjam Vulnerability

What is Logjam? Logjam is a browser and website encryption vulnerability that allows attackers to view encrypted content by downgrading security connections. How does this vulnerability work? When websites and mail servers attempt to communicate security with end users many of them do what is known as a Diffie-Hellman key exchange in an attempt to establish an encrypted connection. The... Read More
May 20, 2015

Insights on eMerge Americas 2015

eMerge Americas is an annual global idea exchange held in Miami, Florida with a focus on how technology and innovation are disrupting industries. The conference connects small, mid cap and emerging firms with global industry leaders and investors through interactive sessions, keynote and networking events. Matt Anthony, Herjavec Group’s SVP of Consulting & Remediation Services had the privilege of attending... Read More
May 14, 2015

Threat Update | VENOM Vulnerability

May 13, 2015 CrowdStrike has disclosed a vulnerability that impacts a large number of virtual machine (VM) products. CrowdStrike named this vulnerability, tracked as CVE-2015-3456, VENOM, which stands for Virtualized Environment Neglected Operations Manipulation. CrowdStrike Intelligence is not aware of any in-the-wild exploitation of this vulnerability. The specific issue is a buffer overflow vulnerability exposed due to a race-condition in... Read More
May 13, 2015