Cybersecurity and Risk Insights and Alerts

Cyber risks and threats continue to evolve and firms are under pressure to meet SEC and FCA expectations for operational resilience as well as their own internal and client expectations for cybersecurity and privacy. Stay current on the latest cybersecurity, privacy, and risk threat and regulatory alerts and build your cybersecurity and privacy knowledge with insights from our cybersecurity and technology risk experts. 

ACA Aponix Cybersecurity Checklist

Download and review the following cybersecurity safeguards and evaluate your firm’s cybersecurity program.

Insights and Alerts

abstract blue shapes connected by dots of light

U.S. Department of Labor Offers Cybersecurity Guidance for Retirement Plan Administration

On April 14, the U.S.DOL issued a news release with guidance on cybersecurity for retirement plan administration aimed at plan sponsors, fiduciaries, record-keepers and participants of plans regulated by ERISA, the federal law that sets the minimum standards for retirement and health plans in private industry. Get the details on this guidance as well as our recommendations.

Cyber Alert
  • Cybersecurity
abstract blue shapes connected by dots of light

Microsoft® Patches Critical Vulnerabilities; Zoom Vulnerability Discovered

Learn about the new software patches Microsoft released on April 14, 2021 to address 19 critical vulnerabilities as well as a new Zoom vulnerability discovered at the Pwn2Own white hat hacker event.

Cyber Alert
  • Cybersecurity
cyber code

The Microsoft® Exchange® Server Breach: What’s Next and What To Do

​​​​​​​When Microsoft announced patches for the four “zero-days” that were revealed on March 2, 2021, the full extent of the vulnerability was not known. Security experts continue to notify victims, coordinate remediation, and suggest remaining vigilant for “stage 2” of this attack, i.e., further exploitation of the backdoors left on the already-compromised servers.

Article
  • Cybersecurity

Urgent Update for Apple iOS

Apple has issued urgent updates for its iPhone, iPad, and iWatch devices. According to Apple, these updates patch a discovered “cross site scripting” vulnerability that allows bad actors to inject malicious code into web pages. The code could be enabled when users access these pages using browsers on Apple devices. This vulnerability may already have been exploited.

Cyber Alert
  • Cybersecurity
abstract blue shapes connected by dots of light

Fake Regulatory Emails Received from "IFMR"

Multiple firms have reported receiving emails from an organization posing as the International Fund Manager Regulator (IFMR). There is no legitimate international global regulatory authority for fund managers. This email is a phishing attempt.

Cyber Alert
  • Cybersecurity
  • Phishing
ACA Threat Intelligence Alert Blog Image

FINRA Warns of Fake Emails

The Financial Industry Regulatory Authority (FINRA) has issued an alert warning of reported phishing attempts using fake FINRA credentials. Per the notice, an ongoing email phishing campaign has been reported, in which the fake FINRA domain name of supports @finra-online.com is being used.

Cyber Alert
  • Cybersecurity