Knowledge

3/9/2018 Newsletters

Office365 Espionage Scam: Are You Aware and Ready? 

Have you noticed that the most recent reports of email scams seem to be more personal/targeted attacks? Do you feel that scammers know you? That’s because they do know you.Office 365 gives malicious agents a way to spy on you. If you don’t believe us, just google it yourself and you will see reports of Office365 vulnerabilities, hacks and exposures. Just type “Office365 security vulnerabilities” and skip paid ads section. 
 
Do you use Office365? If the answer is yes, Digital Edge would like to raise awareness to you regarding a new upcoming way of being hacked and then being under surveillance through your email. The majority of people use Office365 without the thought of being hacked ever crossing their minds. Because of this, it is very easy to become victim to these attackers. And there have been very serious, very extreme cases of people and companies losing thousands of dollars to these attackers.

 

3/2/2018 Newsletters

SEC Adopts Statement and Interpretive Guidance on Public Company Cybersecurity Disclosures

Last Wednesday, February 21st, The U.S. Securities and Exchange Commission (SEC) unanimously approved a new guidance calling on public companies to be more forthcoming when disclosing cybersecurity risks, even before a breach or attack happens. The statement, which expands on previous guidance issued in 2011, also warns that corporate insiders must not trade shares when they have information about cybersecurity issues that isn’t public yet. The guidance provides the Commission’s views about public companies’ disclosure obligations under existing law with respect to matters involving cybersecurity risk and incidents.  It also addresses the importance of cybersecurity policies and procedures and the application of disclosure controls and procedures, insider trading prohibitions, and Regulation FD and selective disclosure prohibitions in the cybersecurity context. Learn more about this guidelines here

Digital Edge is an expert in ISO standards, and is certified by International Standard Organization on Information Security and Quality (ISO 27001). The Digital Edge Security and Compliance Team can assist your business to implement policies, standards and practices that not only meet the SEC guidance but exceed these recommendations by providing clients with cybersecurity policies and procedures based on International Standards Organization framework.

Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance.

2/12/2018 Newsletters

DFS - Certification of Compliance - Due 2/15/2018!

New York State Department of Financial Services recently updated its web page to indicate that any covered entities (i.e., agencies, insurance agents or insurance brokers) that already submitted their Certification of Compliance, needs to do so again after Monday, Jan. 1, 2018. 

According to the department, "The Certification of Compliance certifies that a Covered Entity complied with 23 NYCRR 500 for the entire calendar year. As such, the department only expects to receive a Certification of Compliance between January 1 and the February 15 deadline for the previous calendar year. Unless a Covered Entity is ceasing department-authorized operations before that year end, a Certification of Compliance before year end will not satisfy the requirement that a Covered Entity certify its compliance as of year-end."

The NYDFS Cyber Security Regulation (23NYCRR500) requires all New York-licensed insurance agencies, agents and brokers to file a certification of compliance, prior to Thursday, Feb. 15, 2018, and annually thereafter. The certification confirms that the licensed entity has complied with the regulation to the extent required, which includes conducting a risk assessment and developing cybersecurity programs and policies based upon that risk assessment. 

Digital Edge is an expert in ISO standards, is certified by International Standard Organization on Information Security and Quality (ISO 27001). There is a clear crosswalk between DFS law and ISO standards. Digital Edge will help to implement policies, standards and practices to cover all DFS requirements based on International Standards Organization framework.

Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance

For more information on this regulation and to ensure that your organization is following the critical compliance requirements, please read our most recent articles:

  1. DFS Compliance – Mandatory Cybersecurity Requirements
  2. To Do: Check List to Comply with DFS Cybersecurity Law
  3. Discover the NEW online DFS Cybersecurity Reporting Portal
  4. Exempt from DFS Cybersecurity Regulations – Now What?
1/26/2018 Newsletters

Is Your Cybersecurity Infrastructure in Compliance?

In March of 2017, the New York State Department of Financial Services’ (DFS) issued its “Part 500” - Mandatory Cybersecurity Requirements for financial services entities. Thus, requiring banks, insurers, and other financial institutions to establish and maintain a “risk-based, holistic, and robust security program” that is ultimately designed to protect consumers’ private data. Partial exemptions are provided for covered entities based on their staffing level, annual revenue, or total assets

The initial deadline for submitting an annual Certification of Compliance on February 15, 2018 is rapidly approaching, and all organizations are required to comply with DFS Part 500 Section 9, Risk Assessment by March 1, 2018

Digital Edge is an expert in ISO standards, is certified by International Standard Organization on Information Security and Quality (ISO 27001). There is a clear crosswalk between DFS law and ISO standards. Digital Edge will help to implement policies, standards and practices to cover all DFS requirements based on International Standards Organization framework.
 
Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance

For more information on this regulation and to ensure that your organization is following the critical compliance requirements, please read our most recent articles:

  1. DFS Compliance – Mandatory Cybersecurity Requirements
  2. To Do: Check List to Comply with DFS Cybersecurity Law
  3. Discover the NEW online DFS Cybersecurity Reporting Portal
  4. Exempt from DFS Cybersecurity Regulations – Now What?
1/4/2018 Newsletters

New Vulnerabilities - Meltdown and Spectre. What You Need to Know

The Digital Edge Security Team is aware of a set of security vulnerabilities—known as Meltdown and Spectre—that affect modern CPUs and virtual memory access. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.

We analyzed our clients configurations and our own DE Cloud Infrastructure, and as of now, do not see any active exploitation of this vulnerability. 

There has been much contradictory information. The Digital Edge Security Team explains the vulnerability in simple terms and provides suggestions on how to handle the situation here.

11/30/2017 Newsletters

Digital Edge’s Managed Security – response to HIDDEN COBRA- North Korean Remote Administration Tool: FALLCHILL

The Digital Edge Security Team warns that HIDDEN COBRA actors have been using FALLCHILL malware to target IT infrastructures. DHS and FBI specified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by the North Korean government—commonly known as FALLCHILL. The U.S. Government refers to malicious cyber activity by North Korea as HIDDEN COBRA. 

HIDDEN COBRA uses dual proxy technique allowing to change vector of the attack and keep the source of the attack hidden.
 
These types of activities can have severe impacts such as data loss and disruption of operation. The Digital Edge Security Team has updated its own core infrastructure to protect our clients from possible impacts of HIDDEN COBRA and advise other IT organization to use the same practice. 

Click here for more details.

11/29/2017 Newsletters

DFS Suggested IPs to Block HIDDEN COBRA

DFS Suggested IPs to Block HIDDEN COBRA

11/29/2017 Newsletters

DFS Suggested MD5 To Block HIDDEN COBRA

DFS Suggested MD5 To Block HIDDEN COBRA

11/12/2017 Newsletters

Imperative Concern: Your Wi-Fi Connection is Vulnerable

Wi-Fi vulnerability has been of recent speculation; indicating that a hacker can exploit Wi-Fi networks. Digital Edge wants to raise awareness by sharing an article written by our friend Henry Jiang (CISO, CISSP) that covers this topic extensively. In addition, you will find the results of our conversation with a security expert who witnessed a “Proof of a Concept” of the Wi-Fi exploitation using modern white hacking approach - THE RESULT IS SHOCKING. 

Please get the full article here

11/3/2017 Newsletters

Digital Edge’s Contribution to the Verizon Security Breach Report 2017

Have you ever been or almost been hacked? The answer is most likely yes. Everyone knows of those sketchy emails that try to get you to do something but in reality just cause viruses on your computer. Exploiting someone’s computer has become such a big 21st century issue and it continues to grow.

Digital Edge served as a contributor to Verizon’s Security Breach Reports this year. Hacking is becoming an ever-growing issue so Verizon comes up with statistics of breaches that occurred throughout the year to keep people informed. Digital Edge aided Verizon in providing our own reports of client’s attacks. We analyzed the type of attack, the success rate and ultimately the amount of attacks our clients experienced. (Note: Client Confidentiality Was Not Compromised). There were interesting trends found when analyzing the reports, such as the main targets and the way industries are being exploited. To see these trends, read the full article!

LET'S TALK: 800-714-5143