  
|
Posted By Technology Committee,
Monday, October 6, 2025
|
Dear Colleagues, On October 14, 2025, Microsoft will officially end all support for Windows 10. After this date, Windows 10 machines will no longer receive security updates or patches, leaving them dangerously exposed to hackers and other cyber threats. This change is not optional and it will impact many of us directly. While some computers can be upgraded to Windows 11, a large number of office machines will not meet the requirements. That means many devices will need to be replaced entirely to remain secure and compliant. Continuing to operate on unsupported systems is a serious risk, both to your own data and to your clients’ information. The title industry is a prime target for cyberattacks, and leaving Windows 10 machines in service after October 14 invites unnecessary vulnerability. Please take time now to: - Identify all computers in your office still running Windows 10.
- Confirm whether they can be upgraded to Windows 11.
- Make replacement plans immediately for any systems that cannot.
This is a significant change with a firm deadline. Acting today will help ensure your business operations remain secure and uninterrupted. Thank you for your attention to this urgent matter. Best regards, Andrew Zankel, NTP - Technology Committee Chair Dan Celikoyar – Technology Committee Vice-Chair
Tags:
cybersecurity
Technology Committee
Permalink
| Comments (0)
|
|
|
Posted By Robert Treuber,
Monday, December 16, 2024
|
Re-posted from SECURITY BUZZ by Genady Vishnevetsky, Chief Info Security Officer Stewart Title Guaranty Company
There's a new phishing campaign that's using a clever trick - corrupted Word documents. This technique allows malicious content to pass through to the user without detection by any email security tools.
The attacker intentionally (slightly) corrupts the attached
Word document so that antivirus and security scanners can't scan it.
Because the file has a .docx extension, when the unsuspicious victim
opens it, Microsoft Word detects the corruption and asks the user if
they want to repair it. If the user confirms, Word will repair and open
the file.
Inside the recovered file is a QR code that leads to a
credential harvesting page that steals both the user's credential and
the MFA.
The timing of this attack is impeccable. Security firm Any.Run,
which discovered it, found that the email appeared to come from Human
Resources and focused on end-of-the-year benefits and bonus payouts.
Takeaways:
- Hackers frequently time and theme their attacks to seasonal,
disaster or business events - always stay alert during business
seasonality (i.e., end-of-month, quarter, year activities, benefits,
payouts, income-tax events)
- Attackers continuously attempt to find ways to stay under the radar of security technologies - always proceed with caution
- Every attachment from an unknown source should be considered malicious until proven otherwise
- Any new behavior (recovery of corrupted attachment) should be a red flag
- QR codes have alarmingly become mainstream for cybercrooks due
to the inability to analyze the destination with the naked eye.
Scrutinize all QR codes and avoid using them in emails and attachments
if possible.
- Do not enter any credentials on the site you landed on from
the email or attachments unless it came from a trusted and verified
source
Tags:
cybercrime
cybersecurity
Permalink
| Comments (0)
|
|
|
Posted By Genady Vishnevetsky - Chief Info Security Officer Stewart Title Guaranty Company,
Thursday, December 12, 2024
|
The following was originally posted to the ALTA Open Forum Security Buzz. Cybercriminals are exploiting a system designed for emergencies to steal your personal information. The FBI has issued a warning about a concerning trend: the increasing use of fraudulent emergency data requests (EDRs) by cybercriminals. EDRs are legitimate tools that law
enforcement uses to obtain information from online service providers in
urgent situations where there isn't enough time to secure a warrant or
subpoena. These requests are usually approved as long as they originate
from a valid law enforcement email address. Unfortunately, cybercriminals are
exploiting this process by utilizing hacked police and government email
accounts to send fake EDRs. This makes it challenging for companies to
verify the authenticity of the requests, placing them in a difficult
situation. If a company refuses to comply
with what appears to be a legitimate request, it could have serious
consequences if there is a real emergency. Conversely, if they comply,
it may result in the exposure of sensitive customer information to
criminals. Examples of This Scheme in Action: - Cybercriminals are selling access
to hacked .gov email addresses, including US credentials, which they
claim can be used for EDRs
- One individual, known as
"Pwnstar," is selling fake EDR services, claiming to have access to
government emails from over 25 countries
- Another tactic involves the use of forged court-approved subpoenas sent through compromised email accounts
- Cybercriminals are even using Kodex, a platform designed to verify law enforcement requests, to make their fake requests appear more legitimate
Verizon's transparency report
indicates a high compliance rate with EDRs, with records being provided
in approximately 90% of cases. This highlights the effectiveness of this
tactic. Financial institutions and cryptocurrency platforms are
particularly concerned about fake EDRs being used to freeze or seize
funds. Takeaways: - Our data is at risk:
All this means our personal information is more vulnerable than ever.
It's a stark reminder that cybercriminals are constantly finding new
ways to exploit systems, even those designed for emergencies.
- Financial institutions are particularly vulnerable:
Banks and cryptocurrency platforms are prime targets for this kind of
scam because fake EDRs can be used to steal money directly from customer
accounts. It's a wake-up call for these institutions to step up their
security measures.
Both law enforcement agencies and
companies need to be more vigilant. Law enforcement needs better
cybersecurity to protect their systems, and companies need more robust
verification processes to weed out these fake requests. This isn't going
away anytime soon, so staying ahead of these criminals is an ongoing
challenge.
Tags:
cybercrime
cybersecurity
EDR
Permalink
| Comments (0)
|
|
|
Posted By Robert Treuber,
Tuesday, November 14, 2023
|
The
New York State Department of Financial Services (DFS) alerts all
regulated entities to take immediate action to investigate and, if
applicable, to mitigate the following cybersecurity
threat.
On
November 7, 2023, the U.S. Department of Homeland Security’s
Cybersecurity and Infrastructure Security Agency (CISA) released
guidance for addressing a critical vulnerability
designated as CVE-2023-4966 which impacts multiple versions of Citrix
NetScaler ADC and Gateway products. The vulnerability, also known as
Citrix Bleed, could allow a cyber actor to take control of an affected
system.
Threat
actors are actively exploiting this vulnerability. According to
Citrix’s website, there are reports of session hijacking and targeted
attacks. Citrix strongly urges all
affected users to immediately install recommended builds and to
terminate and clear all active and persistent sessions. Please refer to
the
Citrix Security Blog for details and the necessary commands.
An
additional vulnerability has been found in customer-managed instances
of Citrix NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway
(formerly Citrix Gateway) CVE-2023-4967.
Exploitation of these vulnerabilities can result in deployment of ransomware, data theft, and business disruption.
DFS
advises all regulated entities to assess promptly the risk to their
organization, customers, consumers, and third-party service providers
based upon the evolving information
and to take action to mitigate risk. As you assess risk, we recommend
reviewing the
CISA Alert and the
Citrix Security Bulletin and
Security Blog.
Regulated
entities are reminded to report Cybersecurity Incidents that meet the
criteria of 23 NYCRR Section 500.17(a) as promptly as possible and
within 72 hours at the latest
via the secure
DFS Portal. As of December 1,
2023, regulated entities who decide to make cyber extortion payments
must report such payments to DFS within 24 hours and within 30 days
provide a description of the rationale for, and diligence
undertaken in connection with, making such payment. For more
information, visit DFS’s Cybersecurity
Resource Center.
If others in your
organization should receive this cybersecurity information, please
forward this email. Additional interested parties may also
opt-in to receive "Cybersecurity Updates" from DFS.
Tags:
cybersecurity
DFS
Permalink
| Comments (0)
|
|
|
Posted By Robert Treuber,
Wednesday, November 8, 2023
|
Download the regulation HERE Check this Newsblog and the Calendar for announcements on cybersecurity training and compliance education, currently under development.
Tags:
compliance
cybersecurity
DFS
Permalink
| Comments (0)
|
|
|
Posted By Robert Treuber,
Tuesday, January 10, 2023
|
Customer Update – January 9, 2023
Dear Valued Customer:
Last night and today our team of
specialists have continued to carefully bring our systems out of
“protection mode.” I support our very conservative approach of copying
all data and images prior to completing their examination
and validation. While this approach requires space and time, it is the
safest way to operate.
As I have mentioned previously, we are working with cyber specialists
every step of the way and are taking no risks with your data. The team
is working in shifts, 24 x 7, to bring your offices back on-line as soon
as possible. Nothing is more important.
The work this week will consist of: integrating additional space,
copying what we have, working to restore full functionality while
analyzing and validating all slices of data.
Regardless of our conservative approach, we recognize the critical
situation we are all in and work with the utmost sense of urgency.
Thank you for your understanding. I will keep you updated throughout the week.
Deborah Ball, CEO Cott Systems, Inc. | 2800 Corporate Exchange Dr., Ste.300 | Columbus, OH 43231
o)
800-588-2688 M-F 7am-6pm Eastern | f)
866-540-1072
|
|
Tags:
Cott Systems
County Clerk
cybersecurity
Permalink
| Comments (0)
|
|
|
Posted By John Sauers - Frontier Abstracrt & Research,
Tuesday, January 3, 2023
|
Customer Update – January 2, 2023
Dear Valued Customer,
During
the past 24 hours, we have confirmed that all databases are complete
and in good order. We continue to run maintenance checks to verify all
back-up systems are working as intended. As of this moment, we have 93%
of the infrastructure fixed and running and we are working with Citrix
to check connectivity.
I
was hopeful that our applications would be back online for you Tuesday.
I am sorry but that will not yet be possible. We are still testing
basic functionality and will move to more detailed testing later this
evening to make sure the programs are working as intended.
I
am so encouraged that no data was lost or damaged. Our teams are
working as fast as possible to verify the applications are working
properly. While I still do not have an absolute timeline, I am hoping
Wednesday they will have made enough progress to put you back in
business.
Please accept my apologies and appreciation for your understanding.
Deborah Ball, CEO Cott Systems, Inc. | 2800 Corporate Exchange Dr., Ste.300 | Columbus, OH 43231
o)800-588-2688 M-F 7am-6pm Eastern | f)866-540-1072
Tags:
County Clerk
cybersecurity
Land Records
Permalink
| Comments (0)
|
|
|
Posted By Robert Treuber,
Monday, January 2, 2023
|
|
Permalink
| Comments (0)
|
|
|
Posted By Robert Treuber,
Wednesday, December 28, 2022
|
[Note - Cott systems provides land recordation services in 17 states, including several NY counties] To all valued Cott customers, As you know, on Monday, December 26, Cott Systems identified some unusual activity on our servers. In an abundance of caution, we disconnected all of our servers to isolate that activity within our environment. We then immediately engaged cyber specialists to investigate the event and they began a forensic analysis. It has been determined that Cott Systems is the victim of an organized cyber-attack. We have notified the FBI. Both the FBI and Homeland Security have indicated that they are aware of, and have been investigating, this particular group of criminals who operate worldwide. We will be sharing information as we proceed. We are working 24 x 7 with the forensic specialists to review all affected systems. While this is being completed, they are also working with us to identify ways to securely rebuild processes and restore functionality. There are many steps involved in the recovery from this cyber-attack. At this time, we are not able to give you a date when we will be fully operational or when connectivity and all of your services will be restored. You will be kept informed by a daily update. Finally, we are working on methods for you to be able to continue to at least manually process transactions. These will be provided in additional communications once we work out the details. Cott Systems exists to serve you. We acknowledge that time is of the essence and this is an emergency situation. Please accept our sincere apologies for the impact that this cyber-attack is having on your office. Thank you, |
|
| | Customer Support| Cott Systems
Cott Systems, Inc.|2800 Corporate Exchange Dr., Ste.300|Columbus, OH 43231
o) 800-588-2688 M-F 7am-6pm Eastern|f) 866-540-1072|e) support@cottsystems.com | | |
Tags:
county clerk
cyber
cybersecurity
Permalink
| Comments (0)
|
|
|
Posted By Robert Treuber,
Friday, September 30, 2022
|
ISSUED BY SUFFOLK COUNTY CLERK PASCALE
From: SCCO Alerts
Sent: Thursday, September 29, 2022 4:56 PM
Subject: UPDATE
Over the last several days we have been working hard to bring back the applications used to perform title searches. Our IT staff, along with the County IT staff,
have worked around the clock to get us to the point where can open our office for searching Monday at 8:00 a.m.
We will have roughly 120 terminals available throughout the Clerk’s Office for searches to be conducted. At this
point we believe all of the programs you are accustom to using will be available. There are still some issues we are working out through testing which we hope to resolve over time. There are currently two printers available and we are working
towards bring additional ones online.
What to expect.
Please expect the system to be slower than you may be accustom to. We know this to be an issue and are working in the background to alleviate the issue over time.
While we believe there will we sufficient work stations available, in
the event there is not, we ask that you be respectful and allow others access when you know the terminal will not be used for a period of time. We understand the demands being placed on you and the amount of work that has accumulate over the last
two weeks. It is important we all work together.
The building will be open near normal business hours to start as we assess our computer equipment capacity and provide necessary maintenance. It is our goal to increase business hours once
we confirm the computer environment can handle the increased volume of use.
Your cards will be required to print and you may add funds to them by filling out the attached form and leaving it with the Public Access counter staff. We will
add the funds to your cards throughout the day starting Friday so they will be available for use Monday morning. Payments need to be made by check and we can add funds to only one card per check (in the short term). This form will also be available
at the counter by the printers.
As for recordings and other related filings, our staff will be working towards getting our systems up to once again provide those services. I do not have any timeframe that can be provided but please be
assured we are working as hard and fast as possible to get those functions up and running soon. We will provide further details as we progress.
We appreciate your patience as we work through this difficult and unprecedented situation.
We are sure by working collectively and with respect for one another we will get through this period and return to “normal” in due course.
Attached Files:
Tags:
cybersecurity
suffolk county
Permalink
| Comments (0)
|
Print Page
Blog Home
All Blogs
RSS