Blog

To Cyber-Insure, or not to Cyber-Insure…that is the Question

Steven Cohen, VP Herjavec Group Last week BitPay filed a lawsuit against insurer MBIC to recover amounts denied under a commercial crime policy. It has been reported that in December 2014, hackers were able to pull off a social engineering attack against a BitPay executive, resulting in 3 separate transfers of 5,000 bitcoins (valued at $1,850,000). This incident is particularly... Read More
September 25, 2015

Threat Advisory | FireEye HX 2.1 Vulnerability Update

FireEye has confirmed a vulnerability affecting its HX product version 2.1 (a legacy version, but still in use by some customers). The current release of FireEye’s HX product offering is version 2.6. FireEye has acknowledged that this vulnerability cannot be executed remotely, nor can it be exploited by an unauthenticated user.It is recommended that customers utilizing the HX product version... Read More
September 8, 2015

How to Manage Ransomware

Matt Anthony VP, Incident Response Many organizations are victims of an emerging and surging category of malware.  Generically called ransomware, it is also known by the names Cryptolocker or Cryptowall.  Ransomware evolves and changes, but the result is the same.  You start your computer and get a message like:  “Your files are encrypted” along with an invitation to pay a ransom,... Read More

Legislative Intervention into Security Preparedness

Steven Cohen, VP Herjavec Group  Last week a US appeals court confirmed that the Federal Trade Commission (FTC) can proceed with its suit against the Wyndham hotel chain. Wyndham was accused of failing to secure customer information and prevent multiple breaches between 2008-2009. The breaches reportedly resulted in 619,000 credit card accounts being compromised and over $10million in losses. Following... Read More
August 31, 2015

Threat Advisory | UDP-Based Amplification Attacks

Original release date by US Cert: January 17, 2014 | Last revised: August 19, 2015 A Distributed Reflective Denial of Service (DRDoS) attack is a form of Distributed Denial of Service (DDoS) that relies on the use of publicly accessible UDP servers, as well as bandwidth amplification factors, to overwhelm a victim system with UDP traffic. UDP, by design, is... Read More
August 20, 2015

Cybersecurity Awareness Training: Simple Solutions to Complex Problems

Cybersecurity is certainly topical given the number of compromises being reported in the press. As cybersecurity professionals, it can be perplexing to see organizations that focus their efforts on investments in the technology space, while often ignoring and undervaluing the investment in their own people. Many firms offer security awareness training in the form of a quick PowerPoint presentation followed... Read More
August 19, 2015

MetTel Partners with Herjavec Group for Enhanced Security Solutions

NEW YORK, Aug. 19, 2015 - MetTel, a leading communications solutions provider for enterprise businesses, today announced a strategic partnership with Herjavec Group, a global managed security services provider led by dynamic IT entrepreneur Robert Herjavec. As part of the agreement, MetTel will now benefit from Herjavec Group's 24/7/365 security coverage, complementing MetTel's current Security Operations Center (SOC) and supporting... Read More

Why AV is Dead, and what to do about it.

Scott McDonald, Herjavec Group In the proverbial cat-and-mouse game of cybersecurity neither the attacker nor defender can maintain their advantage for very long.  The lifecycle of new technologies in IT is very short. But in cybersecurity that time is condensed into nanoscopic increments of obsolescence allowing new lethal threats to overtake yesterday’s sophisticated cyber defenses. Let’s take a look ‘under... Read More
August 4, 2015

Herjavec Group & Sumo Logic Compliance and Cloud Management Event

Join Herjavec Group and Sumo Logic for an evening focused on Continuous Compliance and Management in the Cloud. For many businesses, compliance, management and data protection in the cloud have been a major challenge due to the shared responsibility model and automation of public cloud infrastructure. Ensuring consistent security controls across hybrid environments requires new methodologies for security and auditing... Read More
July 28, 2015

Threat Advisory | Microsoft Font Driver Vulnerability

Microsoft Windows has reported a critical vulnerability that could allow remote execution if a user opens documents or visits untrusted webpages that contain embedded OpenType fonts. A security update has been made available and will correct how the Windows Adobe Type Manager Library handles OpenType fonts. For more information about this update, see Microsoft Knowledge Base Article 3079904. Most clients... Read More
July 21, 2015