Threat Intelligence, Phishing Testing, and Monitoring

March 29, 2021

Apple has issued urgent updates for its iPhone, iPad, and iWatch devices. According to Apple, these updates patch a discovered “cross site scripting” vulnerability that allows bad actors to inject malicious code into web pages. The code could be enabled when users access these pages using browsers on Apple devices. This vulnerability may already have been exploited.

March 19, 2021

Multiple firms have reported receiving emails from an organization posing as the International Fund Manager Regulator (IFMR). There is no legitimate international global regulatory authority for fund managers. This email is a phishing attempt.

March 05, 2021

The Financial Industry Regulatory Authority (FINRA) has issued an alert warning of reported phishing attempts using fake FINRA credentials. Per the notice, an ongoing email phishing campaign has been reported, in which the fake FINRA domain name of supports @finra-online.com is being used.

March 04, 2021

The NFA issued a notice to members warning of reported phishing attempts using fake NFA credentials. The phishing campaign includes emails using a fake domain that mimics the NFA’s domain name.

March 03, 2021

Microsoft has reported that it has suffered four “zero-day” attacks targeting its on-premises email and calendaring Exchange Server products. The reported vulnerabilities apply to on-premises versions of Microsoft Exchange Server. Learn what steps to take to protect your firm.

February 23, 2021

There is just one week to go until Regulatory Horizon 2021 | Navigating Evolving Risks, our free-to-attend European based conference for financial services firms is running from 2-4 March. We outline five reasons why this event is worth adding to your calendar.