ACA Aponix and ACA Technology Solutions, divisions of ACA Compliance Group ("ACA"), announced today the official release of ACA’s Vendor Management Platform, a centralized solution designed to streamline the vendor due diligence process and reduce the burden, risks, and costs associated with managing the vendor life cycle.
A security researcher discovered keylogging code in software pre-installed on certain HP devices, including EliteBook, ProBook, Pavilion, and others. The keylogger was originally installed as a debugging tool to check for errors in the Synaptics Touchpad software. The keylogger is disabled by default, however anyone with physical access to the device could activate the keylogger. HP has issued a software patch to remove the keylogger.
The European Union’s General Data Protection Regulation (“GDPR”) aims to strengthen and unify data protection requirements across all EU member states. GDPR’s core principles are designed to protect the personal information of European citizens, allowing them greater rights over how their data is processed, stored and used by organisations.
As we approach the end of 2017 and reflect on the past year, it’s hard to ignore the recent surge in cybercrime and the financial, operational, and reputational losses that breaches have caused portfolio companies and M&A targets. Some notable examples include the $350 million (7%) deal adjustment on the Yahoo acquisition as well as the Whole Foods breach announcement that followed their acquisition by Amazon.
North Korean Trojan Malware (Volgmer)
The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) released a joint technical alert on Monday, November 14 regarding malicious cyber activity by the North Korean government referred to as HIDDEN COBRA. The alert identified IP addresses and other indicators of compromise connected to a backdoor Trojan malware variant commonly known as Volgmer. The DHS and FBI suspect that spear phishing is the primary delivery mechanism for Volgmer infections.
Join us May 9-11, 2018 in Amelia Island for ACA's Spring 2018 Compliance Conference. Registration will open in January.
The New York State Department of Financial Services’ (“DFS”) New York State Law 23 NYCRR 500 Cybersecurity Requirements for Financial Services Companies (“23 NYCRR 500”) went into effect on March 1, 2017. 23 NYCRR 500 requires that firms meeting the regulation’s definition of “Covered Entity” have certain cybersecurity measures in place by the stipulated compliance dates. Among other requirements, firms will be required to self-certify their compliance with 23 NYCRR 500. The two-year transitional period ends on March 1, 2019.
A new strain of ransomware, nicknamed "Bad Rabbit," has been detected in several countries, including Russia, Ukraine, Turkey, Germany, and others.
In the wake of the recent Equifax breach that potentially affected the personal data of more than 143 million Americans, Equifax is pointing the finger at one of its third-party vendors as the cause.
This advisory contains information about the SEC-themed phishing campaign targeting EDGAR filers and a critical Wi-Fi encryption vulnerability.