The United States Computer Emergency Readiness Team (“US-CERT”) announced last week that HTTPS interception may weaken Transport Layer Security (TLS), a widely used cryptographic protocol that encrypts communication between the client and the server. This issue may cause browsers to not validate HTTPS connections, therefore increasing the probability of a man-in-the-middle (“MiTM”) attack via malware that uses HTTPS connections to malicious servers. MiTM attacks may cause sensitive information to be stolen.
Cisco reports that over 300 of its products, including many popular switches using Cisco IOS, are affected by a critical security flaw that allows attackers to potentially execute privileged code remotely on affected devices. The vulnerability was discovered by Cisco researchers via the WikiLeaks Vault 7 CIA data dump. Cisco stated that they are working on software updates to fix the issue and that there are no known workarounds for the vulnerability at this time
A spear phishing campaign that targets individuals involved in regulatory filings with the U.S. Securities and Exchange Commission ("SEC") was identified in late February 2017. The spear phishing emails have a spoofed sender of "EDGAR <firstname.lastname@example.org>" with an attachment named "Important_Changes_to_Form10_K.doc." The attachment contains a malware-infected VBS script that installs a PowerShell backdoor that can be used to steal sensitive information from the infected machine.
We’re excited to announce that ACA Aponix, the cybersecurity and risk division of ACA Compliance Group, was named the Best Global Cyber-security Services Provider by the 2017 Hedgeweek Global Awards. The annual Hedgeweek Global Awards recognize the excellence of service providers and are determined by votes cast by subscribers.
Please join us on February 23, 2017, at 11:00 a.m. EST, as Marc Lotti, Partner at ACA Aponix, and Chad Neale, Managing Director at ACA Aponix, presents a webcast on Portfolio Company Information Technology and Cybersecurity Due Diligence.
A new critical security flaw has been discovered in iOS 8 and later, including 10.2 beta 3, that allows anyone with a target's mobile phone number to bypass the iPhone passcode or Touch ID if Siri is enabled on the phone, gaining access to personal information, including photos and contacts. Further details and exact methodology can be found here.
ACA Aponix urges our clients and friends to be on high alert for possible cyber-attacks around or on U.S. Election Day, November 8, 2016. In particular, individuals who may become the target of such attacks include those who have known and public connections to:
The election candidates, or
Namesake entities related to the candidates (whether business-related or charitable).
Types of cyber-attacks related to the election that could occur include:
The massive cyber-attack on October 21 that took down many popular websites across parts of the U.S. and Europe served as a wake-up call to the dangers of Internet of Things (IoT) devices and the potential fragility of the internet's infrastructure.