Security News

Threat Advisory | FireEye HX 2.1 Vulnerability Update

FireEye has confirmed a vulnerability affecting its HX product version 2.1 (a legacy version, but still in use by some customers). The current release of FireEye’s HX product offering is version 2.6. FireEye has acknowledged that this vulnerability cannot be executed remotely, nor can it be exploited by an unauthenticated user.It is recommended that customers utilizing the HX product version... Read More
September 8, 2015

How to Manage Ransomware

Matt Anthony VP, Incident Response Many organizations are victims of an emerging and surging category of malware.  Generically called ransomware, it is also known by the names Cryptolocker or Cryptowall.  Ransomware evolves and changes, but the result is the same.  You start your computer and get a message like:  “Your files are encrypted” along with an invitation to pay a ransom,... Read More

Threat Advisory | UDP-Based Amplification Attacks

Original release date by US Cert: January 17, 2014 | Last revised: August 19, 2015 A Distributed Reflective Denial of Service (DRDoS) attack is a form of Distributed Denial of Service (DDoS) that relies on the use of publicly accessible UDP servers, as well as bandwidth amplification factors, to overwhelm a victim system with UDP traffic. UDP, by design, is... Read More
August 20, 2015

Cybersecurity Awareness Training: Simple Solutions to Complex Problems

Cybersecurity is certainly topical given the number of compromises being reported in the press. As cybersecurity professionals, it can be perplexing to see organizations that focus their efforts on investments in the technology space, while often ignoring and undervaluing the investment in their own people. Many firms offer security awareness training in the form of a quick PowerPoint presentation followed... Read More
August 19, 2015

MetTel Partners with Herjavec Group for Enhanced Security Solutions

NEW YORK, Aug. 19, 2015 - MetTel, a leading communications solutions provider for enterprise businesses, today announced a strategic partnership with Herjavec Group, a global managed security services provider led by dynamic IT entrepreneur Robert Herjavec. As part of the agreement, MetTel will now benefit from Herjavec Group's 24/7/365 security coverage, complementing MetTel's current Security Operations Center (SOC) and supporting... Read More

Why AV is Dead, and what to do about it.

Scott McDonald, Herjavec Group In the proverbial cat-and-mouse game of cybersecurity neither the attacker nor defender can maintain their advantage for very long.  The lifecycle of new technologies in IT is very short. But in cybersecurity that time is condensed into nanoscopic increments of obsolescence allowing new lethal threats to overtake yesterday’s sophisticated cyber defenses. Let’s take a look ‘under... Read More
August 4, 2015

Herjavec Group & Sumo Logic Compliance and Cloud Management Event

Join Herjavec Group and Sumo Logic for an evening focused on Continuous Compliance and Management in the Cloud. For many businesses, compliance, management and data protection in the cloud have been a major challenge due to the shared responsibility model and automation of public cloud infrastructure. Ensuring consistent security controls across hybrid environments requires new methodologies for security and auditing... Read More
July 28, 2015

Threat Advisory | Microsoft Font Driver Vulnerability

Microsoft Windows has reported a critical vulnerability that could allow remote execution if a user opens documents or visits untrusted webpages that contain embedded OpenType fonts. A security update has been made available and will correct how the Windows Adobe Type Manager Library handles OpenType fonts. For more information about this update, see Microsoft Knowledge Base Article 3079904. Most clients... Read More
July 21, 2015

Threat Advisory | Critical OpenSSL Patch Coming Today

Herjavec Group is currently monitoring the developments around an expected high severity vulnerability. It is believed the Open SSL project team will release a critical patch that could require a lengthy upgrade process. We are in the process of patching all managed client devices as updates are released by impacted vendors. This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and... Read More
July 9, 2015

Threat Advisory | Palo Alto Networks Emergency Path Update

Palo Alto Networks has released an emergency content update to add additional coverage for a recent 0-day vulnerability impacting Adobe Flash (CVE-2015-5119). This exploit can lead to arbitrary remote code execution by the attacker upon successful delivery and exploitation via a specially crafted Adobe Flash swf file, typically via a malicious website. Please review the note below and ensure the... Read More