January 15, 2021
Mimecast® e-mail security company has reported a breach that affects 10% of users in which hackers may be able to access company email and other data as well as infiltrate company networks. Learn how to protect yourself from this breach.
January 14, 2021
Regulators have taken steps to probe companies’ levels of exposure to the SolarWinds hack. Learn what information and actions have been requested so far.
December 14, 2020
A major breach has compromised confidential data at several U.S. government agencies, including the Treasury Department and the Department of Commerce exposing information from the executive branch, the military, and intelligence services. It has likewise compromised leading telecommunications firms, technology firms, and international governments.
December 9, 2020
A critical vulnerability affecting Microsoft® Teams® has been reported involving attackers sending a specially crafted chat message to Teams users. Once viewed, the message captures the recipient’s sign-on information and enables remote code execution on the user’s machine.
November 20, 2020
The SEC's Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert on November 19 providing an overview of notable compliance violations found during examinations relating to the Compliance Rule (Rule 206(4)-7 under the Investment Advisers Act of 1940). Here's what you need to know.
October 9, 2020
The Financial Industry Regulatory Authority (FINRA) has issued an alert regarding the appearance of fake emails purporting to be from the authority requesting that recipients fill out a survey. Learn what to look out for and how to protect your firm.
October 2, 2020
On October 1, the U.S. Treasury’s FinCEN and OFAC issued advisories warning of the growing threat of ransomware to U.S. business and individuals, describing recent trends in that area of digital crime, and pointing to the needs for proper safeguards and reporting, especially in light of potential violations of sanctions rulings.
September 17, 2020
The SEC OCIE has issued an alert warning of an increase in the use of the “credential stuffing” tactic in attacks against SEC registrants, including broker-dealers, investment advisers, and investment companies. Credential stuffing can significantly increase financial, regulatory, legal, and reputational risk to firms and OCIE has made recommendations for protecting client accounts.
July 22, 2020
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert identifying a critical vulnerability affecting all versions of Microsoft® Windows Server® configured with the Domain Name System (DNS) role enabled. The vulnerability could potentially allow a remote attacker to gain control of affected systems.
July 20, 2020
The Court of Justice of the European Union (CJEU) has determined that the Privacy Shield agreement, a key data sharing agreement that allows signatory U.S. companies to transfer EU resident personal data to the U.S., is no longer valid. Learn what action you may need to take due to this change.