November '21 Corvus Policyholder Update

Data encryption, zero-days, and briefings on recent incidents.

If you enjoyed an overwhelmingly filling meal last week, we hope you’ve recovered from the hearty side dishes, desserts, and outpourings of gratitude. For those who have awakened from their food comas, here are the latest security tips and vulnerability insights:

Corvus Benchmarking Survey

Based on your feedback, we’ve learned that many of our policyholders are unsure on where they land regarding the following topics:

  • Cybersecurity budget 
  • Services most often managed in-house vs. by an outside vendor
  • Staffing levels to support cybersecurity initiatives

That’s why we’re launching our Cybersecurity Benchmarking Survey. In return for your participation, we’ll send you a report detailing the results for benchmarking purposes, access to a video presentation from our Risk + Response experts on the survey outcomes. Plus, Corvus will make a donation to Girls Who Code for every completed survey!

LaurenWinchester-1Risk + Response Tips 

Security tips and service updates from VP of Risk + Response Lauren Winchester


Protecting sensitive information at your organization is a multi-layered approach, but a good place to start is encrypting your data. So, why does data encryption matter, and where can you take actionable steps?

  • Endpoint encryption refers to the hard drive itself. So this can be your desktops, laptops, and anything not secured by locked doors. Also known as full disk encryption (FDE). FDE encrypts at the hard drive level and makes the data unreadable if the device is stolen. While most modern Windows and Mac devices are encrypted by default, enterprises can make sure this is enforced and managed through a central system with encryption keys.
  • Your cellphones and tablets used to access company resources should also be encrypted, and most are by default. However, you can go above and beyond with Mobile Device Management. 
  • If a threat actor accesses your data through some sort of backdoor into your environment, hard drive level protection won’t secure your data on a software level. That’s where file level encryption can provide an extra layer of security, and you can start by adding password protection to sensitive documents.

For more on data encryption at your organization, you can read our full article here


CISO Corner

Noteworthy trends in cybersecurity from Chief Information Security Officer Jason Rebholz


It’s been hard to avoid talk of zero-day vulnerabilities, or “oh days” for the techy in us all — it’s unlikely anyone has forgotten the Microsoft Exchange exploit from earlier this year, as it was one of the most widespread of its kind in recent memory. And while many zero-day vulnerabilities don’t lead to that sort of widespread rampant activity, it’s important to remain vigilant to security vulnerabilities and the following recommended patches as soon as they’re released. A recent vulnerability was discovered by researchers regarding the Palo Alto Networks GlobalProtect VPN — you can read our full advisory here. While attacks are not yet seen in the wild, it’s only a matter of time before they start to surface.

To shed some light on zero-days, it’s important to understand how they are identified. Many security researchers conduct independent research and will responsibly disclose their findings to the impacted product vendors. Those vendors then create a fix, known as a patch, and release that to the public.

Where this can go wrong is when threat actors doing similar research find and begin using those zero-day vulnerabilities to gain access into organizations. This is often reserved for the more sophisticated threat actors, often nation state threats. In those situations, those zero-day vulnerabilities can go undetected for months or years until it is discovered. Sometimes, security researchers may publicly post the exploit code if they feel that product vendors are being negligent. This leaves businesses stuck as they wait for a patch.

With this in mind, it’s important for organizations to stay on top of patch management practices. This includes keeping everything up to date and confirming teams are notified when patches are released. Because security is all about layers, ensuring that you have other security controls like EDR and MFA in place, can help mitigate the impact of a zero-day on your organization.

Monthly Alerts


Threat Report

What to watch for this month. 


Our Corvus Scan is a powerful asset that enables us to identify which policyholders are at risk for new vulnerabilities. You’ve probably already heard from us about the following if your organization is at risk, but we’ve gathered the monthly round-up of alerts and updates below:

GoDaddy Data Breach Advisory (November ‘21)

On Monday, November 22, 2021, the web hosting company GoDaddy Inc. disclosed that email addresses of up to 1.2 million active and inactive Managed WordPress customers had been exposed in an unauthorized third-party access of its managed WordPress hosting environment. Although GoDaddy has reset compromised passwords, the loss of email addresses and old passwords could lead to targeted phishing campaigns. Read more about the GoDaddy data breach and what GoDaddy WordPress customers should be doing here.

Palo Alto Networks GlobalProtect VPN Vulnerability (November ‘21)

On November 10, 2021, Palo Alto Networks (PAN) issued a security advisory regarding a critical vulnerability, CVE-2021-3064, that affects their firewalls using the GlobalProtect Portal VPN. Threat actors can leverage the vulnerability to gain unauthorized access to the device. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Click here to learn more about the PAN security advisory and how to determine if your organization is vulnerable.

Robinhood and Increased Risk of Social Engineering to SaaS Companies (November ‘21)

On November 8, 2021, Robinhood notified customers of a security breach that resulted in the theft of data on millions of their customers. The threat actor attempted to extort Robinhood into paying a ransomware in return for a promise of not releasing the stolen data. Current threat intelligence indicates that the threat actors are targeting other SaaS companies using similar techniques. Learn more about the Robinhood breach and the social engineering tactics used here.