July 9, 2021
Microsoft issued an urgent security warning and security updates this week to address a security flaw known as "PrintNightmare," which affects the Windows Print Spooler service. "Microsoft warned that hackers that exploit the vulnerability could install programs, view and delete data, or even create new user accounts with full user rights," CNN reports. "That gives hackers enough command and control of your PC to do some serious damage," according to the report. Microsoft has issued patches for Windows 10 and Windows 7, and said it expects to soon follow with updates for Windows Server 2016, Windows 10 version 1607, and Windows Server 2012.
China's government has opened a new battlefront with the country's technology giants, looking to target their collection and use of data. CNBC reports that the Cyberspace Administration of China (CAC) has opened a cybersecurity probe into online recruitment platform Boss Zhipin and into subsidiaries of Full Truck Alliance, which connects shippers and truckers. The CAC also has moved against ride-hailing service Didi, opening a cybersecurity probe and ordering app stores in China to remove the service, according to CNBC. The CAC's actions illustrate the government's new priorities in areas such as privacy and data collection.
A U.S. Securities and Exchange Commission (SEC) advisory committee recommended that the commission study third-party environmental, social, and governance (ESG) frameworks and consider establishing its own ESG standards-setting body, Agenda (paywall) reports. The asset management advisory committee (AMAC) said an ESG standards-setting body within the SEC could operate like the Financial Accounting Standards Board, with the SEC enforcing ESG standards similar to the way it enforces U.S. Generally Accepted Accounting Principles. A brief (PDF) released by the AMAC's ESG subcommittee said it was "premature to broadly recommend specific mandated disclosure of material ESG matters through SEC rulemaking or required adoption of third-party standards." However, the brief also said that the AMAC believes there is a "pressing need for the SEC to effect a process for enhancing the quality, consistency, and comparability of ESG disclosures." In the meantime, the AMAC recommended that the SEC require publicly listed companies to disclose ESG information using established third-party frameworks or explain why they have chosen not to.
High levels of political instability and unrest in Haiti reached new heights on Wednesday with the assassination of President Jovenel Moïse, The Washington Post reports (paywall). Before the assassination, Haiti had experienced gang violence that has resulted in at least 278 deaths and the displacement of thousands of people from the capital, Port-au-Prince. "The unprecedented level of violence and subsequent displacements is creating a host of secondary issues, such as the disruption of community-level social functioning, family separation, increased financial burdens on host families, forced school closures, loss of livelihoods, and a general fear among the affected populations," said the U.N. Office for the Coordination of Humanitarian Affairs in a recent report. Other issues resulting from the violence include the increased risk of COVID-19, and increased difficulty providing medical care. Thus far, two "variants of concern" — the alpha and gamma variants — have been detected within Haiti, which remains the only country in the Western Hemisphere that has yet to administer vaccines. Following Moïse's assassination, experts worry that gang wars will only intensify.
July 7, 2021
As many as 1,500 businesses were hit with file-encrypting malware as a result of a ransomware attack over the July 4th weekend, Techcrunch reports. The Russia-linked hacker group responsible for the attack targeted Kaseya, a Miami-based company that provides software to managed service providers. In turn, the service providers use the software to remotely manage the IT networks and devices of up to one million mostly small businesses around the world, CBS News reports. While the ransomware gang initially demanded $70 million to release compromised systems, the group has reduced its demands to $50 million. Some analysts are suggesting that the cybercriminals, believed to be the group known as REVil, are victims of their own success — overwhelmed by the sheer number of victims. "It could just be that … they're in over their head there," Jack Cable, a cybersecurity consultant at Krebs Stamos Group told the Daily Beast. "It seems like this didn't go exactly as planned."
Charlie Wright, chief risk officer at financial technology company Jack Henry & Associates, was elected chair of The IIA's Global Board on Wednesday during The Institute's Annual Business Meeting. The full 17-member 2021-2022 Global Board also was elected during the meeting. With a theme of "future ready," Wright will focus on how internal audit can prepare for opportunities and challenges posed by advances in technology. "The future is coming at internal auditors at lightning speeds," said Wright, a long-time chief audit executive and IIA volunteer. "As the pace of change continues to accelerate, internal auditors need to prepare themselves to be adaptive and resilient — to be future ready." Also on Wednesday, The IIA issued its 2020 Annual Report.
Global regulators have published a blueprint to give a "sense of direction" to proliferating initiatives for tackling climate-related financial risks before they fragment markets, Reuters reports (paywall). The Financial Stability Board, which coordinates financial rules for the G20 group of nations, said its "roadmap" seeks to coordinate approaches to disclosures by companies and plug gaps in the data needed to spot financial stability "vulnerabilities" and develop tools to address them. The roadmap attempts to align rules still in the planning stage between now and 2023 to avoid more divergences between various measures for the same activity.
An advisory subcommittee of the U.S. Securities and Exchange Commission (SEC) has recommended a rule change that would require mutual fund boards to disclose information on the gender and racial diversity of their directors. According to a Reuters (paywall) report, this recommendation goes beyond what originally had been outlined earlier this year and reflects a growing focus on a perceived lack of diversity in the financial industry. In an interview, subcommittee chair Gilbert Garcia said there is "virtually no representation of women and minorities in boards" in the U.S. mutual fund industry — an industry valued at $29.3 trillion. Other recommendations made to the commission in this session include calls for demographic details on fund firm workforces, new SEC guidance on how asset managers are chosen, and a study of how political contribution rules could influence asset allocation at the expense of smaller firms owned by women and minorities.
The U.S. Centers for Disease Control and Prevention estimates that the delta variant of COVID-19 accounted for 51.7% of all new cases of COVID-19 across the country as of July 3, ABC News reports. The highly contagious variant was initially identified in India in October and has since been reported in at least 98 countries around the globe, according to the World Health Organization. The variant has been detected in all 50 states and was responsible for 80.7% of new cases in one of the 10 regions into which the U.S. Department of Health and Human Services divides the country — the region comprising Iowa, Kansas, Missouri and Nebraska. Preliminary data indicates the variant may increase the risk of hospitalization and is particularly dangerous to those who are unvaccinated or partially vaccinated against COVID-19. Current evidence suggests that the full dosage of a COVID-19 vaccine is highly effective in preventing hospitalizations and serious illness. However, health officials continue to evaluate and adjust the public health response amid concerns about the variant's continued evolution and mutation, according to the report.