.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The target: Orbitz, a subsidiary of online travel agency Expedia Inc.
The take: Payment card information and personal data such as billing addresses, phone numbers, and emails.
The attack vector: About 880,000 payment cards had been hit by a security breach. The attacker may have accessed personal information that was submitted for certain purchases made during an entire year.
Fortune: It’s no secret that private equity has been on a cybersecurity kick as of late—and for good reason. With online attacks and digital fraud only becoming more prevalent, global spending on technology to protect sensitive data and information is expected to reach an unprecedented $124 billion this year, according to research firm Gartner...
Forbes: The arrest of Wikileaks founder Julian Assange marks the first step toward bringing to court one of the most prominent cyber crimes in American history. With cyber-threat actors making a living off of hacked information, it should come as no surprise that U.S. government intelligence agencies are shifting focus and resources to address the issue, which includes $15 billion set aside from the President’s budget for cybersecurity-related activities...
Reuters: Russia’s lower house of parliament approved on Tuesday the third reading of a draft law that aims to increase Moscow’s sovereignty over its Internet segment and defend against foreign meddling, Interfax agency reported. The bill must now be approved by parliament’s upper house and the presidency before passing into law. The bill’s authors said earlier that the measures are needed to defend the country after the United States adopted what they described as aggressive new cyber security policies last year...
ZDNet: Pregnancy club Bounty UK Limited has been fined £400,000 for illegally sharing and selling information belonging to 14 million individuals without their explicit consent. The fine was imposed by the UK's data protection watchdog, the Information Commissioner's Office (ICO). Personal data relating to pregnancy, new mothers, mothers-to-be, and the birth dates & sex of children were shared. The ICO said the data was collected from those who were "potentially vulnerable."...
Nypost: City Hall’s bumbling tech czar previously held a similar job in Atlanta — which was crippled by a cyberattack shortly after he left for the Big Apple. Samir Saini, who’s enmeshed in a scandal over an entirely preventable crash of the city’s in-house wireless network, was Atlanta’s chief information officer when Mayor Bill de Blasio named him head of the Department of Information Technology and Telecommunications in January 2018...
ZDNet: A hacker who spoke with ZDNet in February about wanting to put up for sale the data of over one billion users is getting dangerously close to his goal after releasing another 65.5 million records last week and reaching a grand total of 932 million records overall. The hacker's name is Gnosticplayers, and he's responsible for the hacks of 44 companies, including last week's revelations...
eWeek: BlackBerry is a very different company today than it was a decade ago, as the one-time mobile giant is now firmly positioning itself to be a global player in the cyber-security market. Among the new assets in the BlackBerry security portfolio is Cylance, which BlackBerry acquired in a $1.4 billion deal announced in November 2018. Cylance is, however, only one of many cyber-security technologies within BlackBerry. In a video interview with eWEEK, BlackBerry CTO Charles Eagan explains what his company is now doing in cyber-security as it transitions away from its mobile device past...
The target: Timehop, an application which aggregates old posts and photos from user’s social media feeds.
The take: Personal information including some combinations of name, e-mail address and phone number, to a total of 21 million records.
The attack vector: An account with administrative access to Timehop’s cloud computing environment was not protected with two-factor authentication – the attacker accessed the account, created a separate administrator credential for their own use in December of 2017. The attacker maintained access and performed reconnaissance for eight months until they proceeded to exfiltrate user data in July of 2018.
Security Week: JPMorgan Chase spends Roughly $600 Million Annually on its Security Efforts, and Employs Around 3,000 People Involved With Cybersecurity. In his annual letter to shareholders, Jamie Dimon, chairman and CEO of JPMorgan Chase discusses the position and role of the bank in America and the American economy. Against a background of strong performance ($32.5 billion in net income on revenue of $111.5 billion in the last year...
Reuters: Yahoo has struck a revised $117.5 million settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history. The proposed class-action settlement made public on Tuesday was designed to address criticisms of U.S. District Judge Lucy Koh in San Jose, California. She rejected an earlier version of the accord on Jan. 28, and her approval is still required...
IT World Canada: Despite widespread publicity, finger-pointing and the laying of criminal indictments, some countries continue trying to interfere online with democratic processes around the world. As a result Canada’s electronic spy agency believes it is now “very likely” Canadians voters will encounter some form of foreign cyber interference during the run-up to October’s federal election, most likely through disinformation — commonly called fake news...
TheSun: Cyber-crime Facebook groups where members buy and sell the credit card numbers of fraud victims and share other online crime tips have been uncovered by a report. A total of 74 groups have been found so far and they contain around 385,000 members...
CTV: After an investigation, City of Ottawa Auditor General, Ken Hughes, says City Treasurer, Marian Simulik, sent nearly $98,000US to fraudsters posing as City Manager Steve Kanellakos. It happened in July 2018. Hughes says that’s when Simulik received an email that looked like it was from Kanellakos asking the treasurer to send money to a company for work done...
CSO: More than 150 Hongkongers have been bilked out of HK$2.7 million (US$340,000) in WhatsApp scams this year, with creative fraudsters devising new ways to use the popular messaging service. Police on Monday said that the amount of defrauded money was up 50 per cent from last year, even as the number of WhatsApp victims fell by more than 40 per cent...
The target: Delta Air Lines, a major American airline.
The take: Hackers may have accessed names, addresses, credit card numbers, CVV numbers and expiration dates for “several hundred thousand” customers during approximately two months.
The attack vector: [24]7.ai, Delta's online chat services provider, suffered a malware attack and failed to notify its client of the breach until a few months following the intrusion.
Tech Digest: Technology which enables HSBC customers to access bank accounts using their voice as a password has prevented over £300 million falling into the hands of fraudsters since it launched in the UK, claims the bank. More than 1.6 million HSBC customers across the UK now use VoiceID, which launched in 2016. HSBC said attempted frauds have been growing, with general increased activity by fraudsters thought to be as a result of a significant number of third-party data breaches as well as phishing emails and scam text messages in recent years...
New York Times: Microsoft took control of 99 websites that it said Iranian hackers had used to try to steal sensitive information from targets in the United States, according to court documents unsealed Wednesday. By taking over the sites, Microsoft can stop future cyberattacks and monitor how previously infected computers were compromised, the company said...
ZD Net: Japanese car maker Toyota announced its second data breach today, making it the second cyber-security incident the company acknowledged in the past five weeks. While the first incident took place at its Australian subsidiary, today's breach was announced by the company's main offices in Japan...
Reuters: U.S.-Israeli cybersecurity firm Aqua Security said on Wednesday it raised $62 million in a funding round led by Insight Partners, bringing the company’s total venture funding to more than $100 million. Aqua’s existing investors - Lightspeed Venture Partners, Microsoft’s venture fund M12, TLV Partners and Israeli billionaire Shlomo Kramer - also participated in the round...
Silicon: The risk of data security incidents is increasing as pension funds insufficiently factor cybersecurity into their risk assessments, Dutch pensions supervisor De Nederlandsche Bank (DNB) has warned. In its annual security monitor, the regulator said that financial institutions, including pension funds, insufficiently evaluated their risk management in this area, or failed to anticipate developments in data security...
IPE: The risk of data security incidents is increasing as pension funds insufficiently factor cybersecurity into their risk assessments, Dutch pensions supervisor De Nederlandsche Bank (DNB) has warned. In its annual security monitor, the regulator said that financial institutions, including pension funds, insufficiently evaluated their risk management in this area, or failed to anticipate developments in data security...
CSO: Carbon Black, a leader in cloud-delivered, next generation endpoint security, today released the results of its first Australian Threat Report. According to the survey research, attacks are increasing in volume and sophistication, causing regular security breaches affecting 89% of organisations surveyed. The report analyses survey results from different industries, organisation sizes and IT team sizes to build a picture of the modern attack and cyber defence landscape in Australia...
The target: Verification.io, who offer ‘e-mail validation’ services to advertisers.
The take: Over two billion records were exposed, consisting of e-mail addresses, often with associated names, social media accounts, phone numbers, dates of birth, ZIP codes – as well as credit score information, mortgage amounts, interest rates, and other data. Also exposed were names, revenues, and other business-specific data for a number of companies.
The attack vector: A database server was discovered by security researchers to be exposed to the public web, completely unencrypted and without any form of password protection or access control in place.
Reuters: Hackers were able to deliver malware to the more one million-plus Asus computer owners last year by hijacking the company’s software update system, security researchers said on Monday. Moscow-based cyber security provider Kaspersky Lab said the attack took place between June and November last year and was used to deliver a software update with a “backdoor” that would give hackers access to infected machines...
StraitsTimes: E-mail log-in information of employees in several government agencies and educational institutions, as well as details of over 19,000 compromised payment cards from banks here, has been put up for sale online by hackers. Russian cyber-security company Group-IB revealed on Tuesday that it discovered the user log-ins and passwords from several government organisations on the Dark Web over the past two years. The compromised payment card information, which it said was valued at more than US$640,000 (S$863,000), was found last year...
BBC: A cyber-attack on a Norwegian aluminium company has cost it at least 300 million Norwegian kroner (£25.6m). Hydro, which employs 35,000 people in 40 countries, was hit by malware last week. The company said it was slowly bringing affected systems back online but the "preliminary" cost of the incident had been about 300-350 million kroner. Most of those losses had been in its Extruded Solutions division, which makes aluminium facades, Hydro said...
Zdnet: Imagine you're a teenager, applying for credit to buy your first car or maybe a loan to go to university. You don't remember taking out a credit card when you were six years old, but the bank is adamant, and now you have a poor credit rating and in their eyes, you're persona non grata. That future suddenly isn't so bright. How could this be? Cyber criminals are hacking into sensitive networks to steal the identities of children and are selling it on in underground market places...
TheGuardian: The detailed personal information of more than 60,000 Australians was exposed in a massive cyber-attack on Facebook last year, giving hackers the ability to access their movements, hometown, search history, email and phone number. Internal documents reveal the attack on Facebook in September last year affected an estimated 111,813 Australians, among roughly 29 million worldwide...
Cointelegraph: Ukraine’s Cyber Police have arrested a man who allegedly placed crypto mining malware scripts on his own websites, local law enforcement reported on March 26. The cyber crime unit of the national police of Ukraine arrested a 32-year-old man from the Bukovina region who allegedly placed cryptojacking software on a number of educational websites that he created and administered. The unspecified websites and internet resources had 1.5 million monthly visitors, the police reported...
Chichester: Members of the regulation, audit & accounts committee were told on Monday that, in order to assess weak points within the council’s cyber defence, a variety of emails were sent to 886 staff. The messages, which were sent by a third party, included offers for cheap pizza and free iPhones. Another told them they needed to change their bank details, while another claimed to be from the council itself and told them they needed to reset their work passwords...
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy