April '21 Corvus Policyholder Update

vCISO, Microsoft Exchange, MFA tips & more

[DIAGRAM] Meet your Corvus (virtual) CISO

New feature: Meet your (virtual) CISO



A new offering is available within your Corvus dashboard — it’s a quick and easy way to see a prioritized list of cybersecurity risks your organization should consider acting on. vCISO captures information from the IT security scan you already receive quarterly, and adds in recommendations based on your answers to an assessment of your organization’s security controls. 

  • vCISO Assessment takes only five minutes; the rest of the recommendations are pre-loaded from our automated IT scan
  • Recommendations are displayed in priority order based on impact to overall risk; you can mark them complete as you address them 
  • Each recommendation includes specific details on what we found and links to information developed by the Corvus Risk & Response team 

vCISO is available in your dashboard now - all you need to do is log in and take a look! 

Or, click here to read the full vCISO breakdown.

[DIAGRAM] vCISO Dashboard

LaurenWinchesterRisk & Response Tips 

Security tips and service updates from VP of Smart Breach Response Lauren Winchester


This month's tip is....implement MFA! Multi-factor authentication (MFA) is a vital tool for mitigating cyber risk. It’s typically the first thing we suggest to policyholders we consult with if it’s not in place already.

Even if you’re unfamiliar with the term "MFA" you’ve likely already experienced it if you’ve had to enter a one-time token sent to you in order to access a secure website, like an online banking portal. As opposed to just entering a password (a single-factor), multi-factor authentication requires one or more additional verification factors.

Why? Attackers have come up with numerous methods to steal the humble password, no matter how strong we make them. Just a single extra step — which could include app-based verification, a pin, or facial recognition — adds a significant layer of protection against unauthorized access. 

  • Where should MFA be implemented? Almost everywhere someone can access your IT system! Any remote access points (which includes employee email accounts) as well as privileged accounts with admin access.  
  • Avoid SMS authentication. Not all forms of MFA are created equal, and text messages are more easily worked around by attackers, compared with other options.

See our article for more tips on implementing MFA

CISO Corner

Trends in cybersecurity 

This month we’re tracking the fallout from the second set of vulnerabilities around Microsoft Exchange Server software in as many months. (See more below in our Threat Report). Thankfully, we have not seen evidence of exploits linked directly to this second set of vulnerabilities among our base of policyholders. If you’ve not yet patched, do so as soon as possible. This latest batch of patches from Microsoft included critical updates for Microsoft operating systems as well, so don’t ignore it just because you aren’t an Exchange user!

[DIAGRAM] Corvus Monthly Alerts

Threat Report

What to watch for this month. The Corvus Scan helps us identify policyholders that are potentially at risk of these vulnerabilities. We have sent alerts to those policyholders. The following are updates to and/or reiterations of the alerts we've sent recently. 


Microsoft Exchange (March '21 zero-day vulnerability) 

  • Applies to users of Microsoft Exchange software for on-premises environments
  • We encourage continuing to monitor for indicators of compromise, as it’s possible cyber criminals injected shells (small scripts that create a backdoor for a hacker to execute any command they wish) before and after patches were announced
  • Apply any new patches as they are announced, as Microsoft continues to uncover issues with this software (see April vulnerabilities) 

Microsoft Exchange (April '21 vulnerabilities)

  • Applies to users of Microsoft Exchange software for on-premises environments
  • No attack activity has been reported since patches were released on Tuesday, April 13th 
  • Despite not seeing active attacks, it's still critical to patch as soon as possible

Ivanti Pulse Connect Secure (April '21 vulnerability)

  • Applies to users of certain Ivanti Pulse Connect Secure, a set of products for VPN remote access
  • U.S. CISA issued and alert and emergency directive following reports of exploits by at least one threat actor 
  • Ivanti provides an "integrity tool" we recommend using to determine if there has been a compromise, but a patch has not yet been released