cyber alert

Cybersecurity Alert: North Korean Trojan Malware and Microsoft DDE Security Advisory

North Korean Trojan Malware (Volgmer)

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) released a joint technical alert on Monday, November 14 regarding malicious cyber activity by the North Korean government referred to as HIDDEN COBRA. The alert identified IP addresses and other indicators of compromise connected to a backdoor Trojan malware variant commonly known as Volgmer. The DHS and FBI suspect that spear phishing is the primary delivery mechanism for Volgmer infections.

Cybersecurity Alert: Equifax Data Breach Affects 143 Million Customers

Threat Summary

On September 7, 2017, Equifax announced that personally identifiable information for 143 million customers may have been compromised in a breach that occurred between May and July of 2017. The data includes names, social security numbers, birth dates, addresses, and driver's license numbers. Equifax set up a website so customers can determine whether their data was impacted. The company is also offering free identify theft protection and credit file monitoring services.

Cybersecurity Alert: “BlueBorne” Attack Vector and Several Critical Bluetooth Vulnerabilities Affect Over 8.2 Billion Devices

Threat Summary

Researchers discovered a new attack vector, “BlueBorne,” along with eight zero-day Bluetooth vulnerabilities, four of which are critical, that could allow an attacker to remotely control Bluetooth-enabled devices and install malware that can rapidly jump from one device to another on the same network.

Mobile device manufacturers were notified of the Bluetooth vulnerabilities in April of this year, so the vulnerabilities have been patched in the majority of new phones. However, devices with older software may be at risk.

UK Government’s New Data Protection Laws Will Enforce Larger Fines

The British government confirmed their intention on August 7 to introduce a new Data Protection Bill which is set to transfer the European Union’s General Data Protection Regulation (GDPR) into UK Law. Digital Minister, Matt Hancock, who is leading the changes has said that the bill will provide the UK with ‘one of the most robust, yet dynamic, sets of data laws in the world’.

SEC’s OCIE Releases Key Observations from 2015-2016 Cybersecurity Examinations

The U.S. Securities and Exchange Commission's (SEC) Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert on August 7 containing a summary of its observations from their phase 2 cybersecurity examinations conducted in 2015 and 2016. OCIE examined 75 firms, including broker-dealers, investment advisers, and funds registered with the SEC.