Issue: MongoDB, a popular NoSQL database system, has recently announced a sever vulnerability that allows for “memory reads” to occur. A memory read allows for a malicious actor to openly see what is currently active in the computer memory. This is a significant risk, especially for those in financial services.
Resolution: If you use an installed or managed version of MongoDB, you should immediately apply the recent update. If you do not have a list of underlying technology used by your vendors, now would be a good time to check if any of your vendors use MongoDB and ensure they have applied the update.
MongoDB is one of the largest and fastest growing “modern web database” platforms on the market today.
Risk 2: Low
Issue: The most recent release-update to Windows 11 Professional (24H2, 25H2) how supports hardware acceleration for BitLocker, Microsoft’s encryption platform for Windows-based devices. This acceleration will only function on very specific hardware devices, but are tracking at a speed of 70% less-processing. That is a massive performance boost for encryption-related hardware that is typically known for being slower in performance. This new process leverages the memory-optimized storage for their cryptographic algorithms as opposed to legacy software-based systems.
Resolution: This is not a vulnerability so no required action.
However, I wanted to list it here since it has a huge performance boost and users should be aware that buying enterprise hardware and software has extreme advantages over retail hardware.
Looking for new equipment? Please check with Financial Guardians to determine if the hardware you are considering qualifies.
Risk 3: High
Issue: Google Chrome has, again, announced another round of highly sensitive extensions being installed that syphons off user data and credentials. While the extensions (connected with names that begin with Phantom) appear to operate correctly, they are stealing data and sharing it to third-parties.
Resolution: Users should double-check their Chrome extensions and ensure that all extensions are known, form reputable sources, and installed from the Google Chrome Store directly.
Additionally, extension malware is a growing trend in Chrome. Users may want to review alternative browser options, such as Brave, to ensure ongoing security.
Announced Data Breaches
France
Baker University (2024 data breach now actively being sold)
University of Phoenix
Financial Guardians is a proud member of InCite, the recently launched online community exclusively for tax professionals, bookkeepers, and accountants. InCite members receive a 30% discount.
Financial Guardians has partnered with the California Society of Tax Consultants to provide a 30% access discount as well as many other offers. More info can be found at www.cstcsociety.org
