Information technology plays a central role in your business, so it’s important that your firm have a platform for managing its IT and cybersecurity risks. In part two of our Introduction to Risk Management webcast series, ACA Aponix's Raj Bakhru and Pascal Busnel will demonstrate the upcoming ACA Aponix module within ComplianceAlpha, ACA’s new compliance program management platform.
Microsoft® recently acknowledged and patched a vulnerability in Microsoft Word and WordPad, CVE-2017-0199, that allows attackers to execute malicious Visual Basic script with PowerShell commands when users open an RTF with an embedded exploit. When the script is executed, it can download and deploy a malicious payload and display decoy documents to the user.
Information technology plays a central role in your business, so it’s important to understand potential risks, especially as they relate to third-party relationships. In this webcast, ACA Aponix's Marc Lotti and Michelle Kong will discuss ways your firm can identify, assess, and manage the cyber and information security risks of working with third-party vendors.
The United States Computer Emergency Readiness Team (“US-CERT”) announced last week that HTTPS interception may weaken Transport Layer Security (TLS), a widely used cryptographic protocol that encrypts communication between the client and the server. This issue may cause browsers to not validate HTTPS connections, therefore increasing the probability of a man-in-the-middle (“MiTM”) attack via malware that uses HTTPS connections to malicious servers. MiTM attacks may cause sensitive information to be stolen.
Cisco reports that over 300 of its products, including many popular switches using Cisco IOS, are affected by a critical security flaw that allows attackers to potentially execute privileged code remotely on affected devices. The vulnerability was discovered by Cisco researchers via the WikiLeaks Vault 7 CIA data dump. Cisco stated that they are working on software updates to fix the issue and that there are no known workarounds for the vulnerability at this time
A spear phishing campaign that targets individuals involved in regulatory filings with the U.S. Securities and Exchange Commission ("SEC") was identified in late February 2017. The spear phishing emails have a spoofed sender of "EDGAR <email@example.com>" with an attachment named "Important_Changes_to_Form10_K.doc." The attachment contains a malware-infected VBS script that installs a PowerShell backdoor that can be used to steal sensitive information from the infected machine.
We’re excited to announce that ACA Aponix, the cybersecurity and risk division of ACA Compliance Group, was named the Best Global Cyber-security Services Provider by the 2017 Hedgeweek Global Awards. The annual Hedgeweek Global Awards recognize the excellence of service providers and are determined by votes cast by subscribers.
Please join us on February 23, 2017, at 11:00 a.m. EST, as Marc Lotti, Partner at ACA Aponix, and Chad Neale, Managing Director at ACA Aponix, presents a webcast on Portfolio Company Information Technology and Cybersecurity Due Diligence.