More about Javier Young
Javier is a principal within the Cybersecurity Services Group at CLA. Prior to joining CLA, Javier spent ten years supporting the Department of Defense as well as a financial services company in the fields of insider threat, incident response, analytics, and systems engineering.
Blog Posts by Javier Young:
-
Federal Goals for Cybersecurity in Healthcare
The Department of Health and Human Services (HHS) has released their 2024-2030 strategic plan which includes increasing security around Electronic Health Information (EHI).
-
Remote Code Execution on Ivanti Products Found in the Wild
In early January, Ivanti acknowledged two critical zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in their Connect Secure and Policy Secure Gateways. These vulnerabilities open the door for remote unauthenticated code execution across all supported versions. Volexity’s investigation, which we’ve linked below, reveals active exploitation in the wild.
-
Abusing Unconstrained Delegation via Service Principal Name hijacking
. When conducting penetration tests, abusing delegation is one of my favorite attacks to conduct. Not only is it usually a quick and easy way to elevate privileges, but I often find that many clients do not fully understand the risks associated with delegation and perhaps more importantly, they don’t know how to detect it.
-
IT and Cybersecurity Challenges Facing the Construction Industry
In 2021, Nordlocker, an encryption software firm, analyzed 1,200 companies to discover which industries were affected by ransomware attacks the most. The construction sector was revealed to be targeted the most out of the 35 industries analyzed.
-
Recent Ransomware Surge:
In an era defined by digital connectivity, the increase of ransomware attacks has cast a glaring spotlight on the relentless and ever-evolving nature of cyber threats. As these attacks continue to target entities across industries, comprehending the underlying reasons for their surge is paramount as is their potential to disrupt operations and extract ransoms underscores the critical need for fortified cybersecurity measures.
-
2023’s Artificial Intelligence Proliferation
Early into 2023, there have already been a slew of new technical and regulatory developments within the artificial intelligence field. Most notably, OpenAI, an American artificial intelligence laboratory, made a splash with its chatbot Chat Generative Pre-Trained Transformer, better known as ChatGPT, in which users can enter a prompt and the model will generate a response. OpenAI shows no signs of slowing down AI development with its plans to train a model to complete entry level coding work
-
Meta Pixel Privacy Concerns
Large privacy concerns are looming over Meta Pixel, regarding how it has accessed highly sensitive information. Meta Pixel is a Javascript website tool that can measure advertising effectiveness by capturing how customers interact with business’ website. Specifically, it tracks how people react to Facebook advertisements, as well as interactions between customers/prospective customers and the business’ website.
-
2022 Cybersecurity Awareness Month at CLA!
Welcome to the 2022 Cybersecurity Awareness Month – “See Yourself in Cyber!”
-
Lloyd’s to Exclude Nation State Attacks from Cyber Insurance Coverage
Earlier this month, Lloyd’s of London announced in a market bulletin that they will cease their nation state attack insurance coverage beginning in April 2023. While there is a growing demand for cyber liability insurance as cyber-attacks grow in frequency, severity, and sophistication, Lloyd’s identifies cyber related insurance as an evolving risk for their business.
-
NIST’s Current Challenges to AI Risk Assessments
While artificial intelligence (AI) and machine learning (ML) are integrating day to day life, from digital assistants to image, video, and language processing, there is still no formal and finalized risk assessment process for the technology – but NIST is in the process of changing that.