Accume Partners
  • Home
  • Services
    • Risk & Regulatory Advisory
      • Internal Audit
      • Regulatory Compliance
      • Enterprise Risk Management
      • Advisory
    • Technology Risk, IT Audit & Cybersecurity
      • IT Internal Audit
      • Cybersecurity & Privacy
      • Technology Risk
  • Industries
    • Banking, Capital Markets, & Fintech
    • Asset Management, Hedge Funds, & Private Equity
    • Insurance
    • Non-Financial Services
    • Foreign Banks
  • Insights
    • Newsletters
      • AccumeView: Executive Cybersecurity Pulse
      • Compliance Monthly Newsletter
    • White Papers
    • Collateral
    • Case Studies
    • Events
    • Webinars
  • About Us
    • Meet Our Executive Leadership Team
    • Values and Principles
    • Our Mission
    • Our Locations
    • Announcements
  • Careers
  • Contact Us
Accume Partners
careers
Accume Partners Newsletters

AccumeView: Executive Cybersecurity Pulse

May 16, 2019

May 2019 AccumeView: Executive Cybersecurity Pulse Newsletter

Perspective: State of the Marketplace
Dropbox has uncovered a staggering 264 vulnerabilities that were discovered during a bug-hunting event. Fortunately this event was sponsored by them specifically for the purpose of finding and remediating security vulnerabilities. The number of vulnerabilities should make anyone in charge of a vendor-management program pay attention – what other web services are being used by your company, and how secure are they really?
In a related story, half of cyber-attacks involve the supply chain. This kind of supply chain attack can happen in several different ways. Most common is a network-based attack which sometimes occurs via a compromised managed security services provider (MSSP). However, watering hole attacks on partner sites are also popular. A relatively new tactic highlighted by Carbon Black is the “reverse BEC” in which attackers compromise the mail server of an organization and use this to spread fileless malware attacks to trusted partners.
Download
Apr 9, 2019

April 2019 AccumeView: Executive Cybersecurity Pulse Newsletter

Computer hardware manufacturer ASUS was the victim of a sophisticated attack that left backdoor malware embedded in their update software. The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses, reached out to a command-and-control server the attackers operated, and installed additional malware on those machines. Supply-chain attacks are starting to grow in number and complexity – make sure that you have a plan to address them.
A recent survey of the 22,000 new vulnerabilities that were discovered in 2018 indicates that 1/3 have public exploits and 50% can be exploited remotely. Ensure that you have total visibility into all of your endpoints and that they are patched and up to date.

Download
Mar 11, 2019

March AccumeView: Executive Cybersecurity Pulse Newsletter

California is proposing an update to their data breach notification law. When California State Bill 1386 went into effect in 2003, it was country’s first data breach notification legislation. California’s data breach notification rules continue to be among the strongest in the U.S. New changes proposed will include notification if passport numbers were exposed as well as government-issued identification numbers and biometric data. The bill would update California state’s definition of personal information as constituting “an individual’s first name or first initial and last name” in combination with any of the following, when either the name or these data elements have not been encrypted.

Download
Feb 7, 2019

February AccumeView: Executive Cybersecurity Pulse Newsletter

Perspective: Time for a Better Mouse Trap

If your institution uses Microsoft Exchange 2013 or newer, be aware that there is a new vulnerability that requires attention.   Hackers have been able to leverage an NTLM authentication function to perform relay attacks using the Exchange Web Services (EWS) interface.   A successful attack could gain domain user administrator privileges.  There is NO PATCH, but Microsoft does have some work-arounds.

Download
Jan 17, 2019

January AccumeView: Executive Cybersecurity Pulse Newsletter

Automation is constantly evolving, and recent advancements in attack tools and methods are demonstrating that malicious automation can be expected to have significant ramifications. Researchers have proven that automated tools can successfully predict a user’s new password based on analyzing older stolen passwords, which makes the probability of a data breach infinitely higher. A recent test had a malicious bot infiltrate a network, scan all systems and exfiltrate all of the available data within 15 seconds. There is a good chance that 2019 will be the year that these types of attacks become real. Make sure that your protections are in place.

Download
Dec 18, 2018

December Accumeview: Executive Cybersecurity Pulse Newsletter

At least eight Eastern European banks were hacked using rogue devices planted inside the network.  These devices included cheap laptops, homemade network appliances and usb “Bash Bunnies” to intercept data and provide remote access.  Most institutions are not capable of detecting rogue devices and specialized tools such as the bash bunnies, which are usb devices are designed to emulate trusted USB devices so that they can bypass USB port restrictions that many companies use.  Once installed, they discretely exfiltrate documents, Install backdoors and perform a variety of exploits.

Download
Oct 15, 2018

October AccumeView: Executive Cybersecurity Pulse Newsletter

What is Threat Intelligence?

Threat Intelligence is a commonly misunderstood security term. In general terms, it is information gathered from internal and external sources that is used to inform the organization about risks to their information systems and business operations. Information is gathered from external sources such as new articles, vendor and security organization alerts and reports from your SEIM. Information gathered from these sources are analyzed for content and possible risks, determining what actions, if any need to be taken by the institution and its users.

Download
Sep 6, 2018

September AccumeView: Executive Cybersecurity Pulse

India’s Cosmos Bank was hit with a coordinated attack using cloned ATM cards and an attack against the SWIFT system.  Of note, the attack involved money mules in 28 different countries and 15,000 transactions over a seven-hour window of opportunity.   The SWIFT transaction involved moving $1.93m to an account at a bank in Hong Kong.  While analysis is still underway, a group linked to North Korea is the current suspect.

Download
Jul 1, 2018

July AccumeView: Executive Cybersecurity Pulse Newsletter

On June 28, 2018, California enacted the California Consumer Privacy Act of 2018 (CCPA), which provides what is arguably the most restrictive privacy law in the U.S. and would likely have some effect on most businesses across the country. The CCPA, which shares many common requirements as the new European Union General Data Protection Regulation (GDPR), will take effect on January 1, 2020. The time to prepare is now. Accume is developing a white paper on this topic, and developing solutions based on what we have learned through GDPR project implementations.

Download
Jun 1, 2018

June AccumeView: Executive Cybersecurity Pulse Newsletter

In April, the Federal Financial Institutions Examination Council (FFIEC) published a joint statement on the potential role of cyber insurance in financial institutions’ risk management programs. It is important to note that the FFIEC pointed out that the statement does not contain any new regulatory expectations and, therefore, there is no requirement to purchase cyber insurance.

Download

Posts navigation

< 1 2 3 >
Subscribe

To AccumeView: Executive Cybersecurity Pulse
MONTHLY NEWSLETTER

Filter News
Archives
  • 2021
  • 2020
  • 2019
  • 2018
Get Our Magazine
All About Accume Partners

    Sign up to stay in touch!

    AccumeView: Executive Cybersecurity Pulse is intended to keep you informed of regulatory changes in advance of their effective date so your institution can have the necessary policies, procedures, and processes in place to be compliant at the time of enactment.
    By submitting this form, you are consenting to receive marketing emails from: Accume Partners, 12 East 49th Street - 15th Floor, New York, NY 10017 United States, http://accumepartners.com. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact.

    LET’S GRAB COFFEE

    info@accumepartners.com
    646-753-5524

    contact us

    Quick Links

    • Home
    • Newsletters
    • Sitemap
    • About Us
    • Events
    • Terms & Conditions
    • Services
    • Contact Us
    • Privacy Policy
    • Industries
    • Careers

    Connect with us

    646-753-5524

    We’re social!

    • LinkedIn
    © 2020 Accume Partners. All rights reserved.