CYBERSECURITY RISK ALERT: WhatsApp Vulnerability

Yesterday, various governmental agencies and news outlets were made aware of a security vulnerability affecting the WhatsApp messaging platform. The vulnerability may have enabled malicious actor(s) to inject spyware on user devices which potentially exposed user information on mobile devices. WhatsApp has encouraged users to update the application immediately to avoid potential exposure and compromise of data.…

Read More

CYBERSECURITY RISK ALERT: Broadcom Wi-Fi

CYBERSECURITY RISK ALERT – DRAWBRIDGE PARTNERS For individuals using Broadcom Wi-Fi, on April 17, 2019, the CERT Coordination Center (“CERT/CC”) published information identifying various vulnerabilities stemming from the Broadcom ‘w1’ driver and open source ‘brcmfmac’ driver for Broadcom Wi-Fi chipsets. Ultimately, these vulnerabilities could allow an unauthenticated attacker to execute arbitrary code on a vulnerable…

Read More

CYBERSECURITY RISK ALERT: SEC Regulation S-P Risk Alert

Today, April 16, 2019, the SEC’s Office of Compliance Inspections and Examinations (OCIE) published a risk alert regarding compliance issues related to Regulation S-P. The focal points identified by the OCIE were the failure to provide customers with privacy and opt-out notices, as well as the failure to adopt written policies and procedures that address…

Read More

CYBERSECURITY RISK ALERT: CISCO WEBEX VULNERABILITY

Cisco has identified a vulnerability in its Webex Meetings Desktop App and Webex Productivity Tools. By invoking the update service command with a crafted argument, an authenticated, local attacker could run arbitrary commands with SYSTEM level user privileges. The vulnerability may also be exploited remotely in Active Directory deployments by leveraging operating system remote management…

Read More

CYBERSECURITY RISK ALERT: Cisco Webex Alert

Cisco Webex Cybersecurity Alert: Cisco has identified a vulnerability in its Webex Meetings Desktop App and Webex Productivity Tools. By invoking the update service command with a crafted argument, an authenticated, local attacker could run arbitrary commands with SYSTEM level user privileges. The vulnerability may also be exploited remotely in Active Directory deployments by leveraging…

Read More

CYBERSECURITY RISK ALERT: Vulnerability

Microsoft has recently identified a vulnerability (CVE-2019-0676) within Internet Explorer (IE). When IE improperly handles objects in memory, it is possible for an attacker to test for the presence of files on disk. Attackers can exploit this vulnerability by sending the user a link leading to a malicious website and coercing them to follow the…

Read More

Cybersecurity News Alert – Microsoft

Microsoft Internet Explorer Alert: On Wednesday, December 19th, Microsoft released a critical security update for Internet Explorer after receiving a report about a new vulnerability being used in targeted attacks. The browser’s vulnerability could allow an attacker to gain the same user rights as the current user. If that user has administrative rights, the attacker…

Read More

CYBERSECURITY NEWS ALERT: December 2018

Cybersecurity News Alert December 2018: On December 20th, the Financial Industry Regulatory Authority (FINRA) released a report detailing the effective cybersecurity practices and common risks observed during recent examinations. The report focused on the following key areas: Branch Controls Phishing Attacks Insider Threats Penetration Testing Mobile Device Security Branch Controls: Maintaining rigorous cybersecurity controls is…

Read More