.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Cornerstone Payment Systems
The Take: Exposure of 9 million transaction records which exposed Personally Identifiable Information including: email addresses, names, physical addresses, phone numbers, types of credit cards and donation details including destination and dollar amount.
The Vector: A misconfigured data server was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data.
This breach is critical reminder that authentication controls are an important piece in an overall robust cybersecurity posture. This data is perfect for constructing highly effecting spear-phishing campaigns. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.
Bleeping Computer: An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges.
BNN Bloomberg: The US’s first national cyber director, Chris Inglis, is planning to step down in the coming months, according to a person familiar with the matter.
Help Net Security: Kevin Weiss brings over 25 years of strategy and leadership experience in the technology space and joins Sectigo from Spireon, where he served as CEO for more than six years.
Axios: Heading into 2023, cybersecurity companies are starting to see the first signs of the economic downturn hitting their businesses. The big picture: More companies are starting to see their customers prioritize services like incident response over more costly, proactive IT investments like transitions to the cloud.
CBC: Toronto's Hospital for Sick Children says it has been hit with a ransomware attack affecting some of its phone lines, web pages and clinical systems.
CNBC: Imagine this situation: your CEO just resigned and as CFO, you’re the acting chief. After returning to the office from an exhausting overseas trip, your CIO informs you that malware was deployed within your customer databases.
Bleeping Computer: Sports betting company DraftKings revealed last week that more than 67,000 customers had their personal information exposed following a credential attack in November.
The Target: Uber, a U.S based ride-service company.
The Take: Exposure of sensitive company information including: IT Asset reports, Windows domain login names and email addresses, and Active Directory information.
The Vector: The data was stolen through a breach in a third-party provider, Teqtivity, using compromised employee credentials. These were used to gain access to an AWS backup server.
This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data. The information stolen in this attack could lead to highly targeted phishing campaigns against Uber. Regular vendor assessments are a key component in cybersecurity.
ITPro: The US' Department of Justice (DoJ) has begun the seizure of 48 DDoS-for-hire services and brought criminal charges against six individuals involved.
Business Wire: Public sector organizations are more likely to struggle with leveraging data to detect and prevent threats than their private sector counterparts (63% to 49%), ultimately affecting their cybersecurity readiness. That’s according to a survey commissioned by Splunk Inc. (NASDAQ: SPLK), the data platform leader for security and observability.
Dark Reading: Around the world, employees have been experiencing extreme stress due to the ongoing pandemic, business disruption, and the faster pace of work.
Reuters: Cybersecurity start-up Snyk Ltd said it had raised $196.5 million in Series G funding, led by Qatar Investment Authority, which is at a lower valuation of $7.4 billion.
Bleeping Computer: Digipolis, the IT company responsible for managing Antwerp's IT systems, suffered a ransomware attack that disrupted the city's IT, email, and phone services.
Yahoo Finance: California’s finance department has been hit by a cybersecurity attack, and a notorious ransomware group is claiming responsibility.
Forbes: The story of cybersecurity is a constant progression of new ways to defeat new threats, from thought experiments to mainstream best practices. It started with the earliest antivirus software, which began as an experiment and progressed to being a necessity.
The Target: Vevor, a California-based online retailer.
The Take: 1.1 billion records across two databases of Personally Identifiable Information including: first and last name, partial credit card numbers, transaction IDs, order and refund information, home addresses, and email addresses. Internal Vevor account admin names and plaintext passwords were also exposed, as well as IP addresse, ports, and pathways.
The Vector: A misconfigured data server was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data.
This breach is critical reminder that authentication controls are an important piece in an overall robust cybersecurity posture and furthermore, that when admin credentials are exposed, dangerous pivot attacks may follow as attackers use these to move into a firm’s other platforms. Multi-factor authentication and password length and complexity rules are effective strategies to mitigate these kinds of breaches to protect a firm’s data.
Express: Australia had 16 major cyber-attacks against Australian organisations, which were trying to be “cyber extortion attacks”, claimed CyberCX Cyber Intelligence Director Katherine Mansted. Recently, millions of Australians had their privacy breached in cyber attacks on Optus, Medibank and other companies.
CTech: The cybersecurity industry is not immune. This message has been internalized over the past week in the technology sector. It started with U.S. company CrowdStrike, which is considered one of the biggest players in the market. The company revealed good results in its financial reports for the third quarter, but the CEO admitted that customers are cutting expenses and postponing purchases.
Bleeping Computer: Cybercrime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks.
Wealth Professional: Data proliferation is reaching new heights as a result of new digital infrastructure and long-term work-from-home arrangements, while cyberattacks are also increasing in intensity. And as corporations and governments attempt to remain ahead of the curve, cybersecurity firms are taking centre stage.
Cision: Despite the fact that most Canadian real estate companies now build smart tech into their buildings to monitor, manage, and maintain many functions, such as heating, lighting, elevators, power meters and fire alarm systems, very few have invested to ensure these systems can't be hacked, finds new research from KPMG in Canada.
Yahoo Finance: CrowdStrike Co-Founder and CEO George Kurtz joins Yahoo Finance Live to discuss the company's latest quarterly results, the outlook for cybersecurity spending, and expectations for cyberattacks in 2023.
Forbes: Cybersecurity is important for SaaS companies, both to comply with industry standards and to protect their businesses. Companies that still use legacy systems to host a product, application or service on their premises run additional risks, which include cyber breaches, loss of confidential data and intellectual property, and potential damage to customer relationships caused by noncompliance.
The Target: ENC Security, Netherlands based data-encryption firm.
The Take: Exposure of security keys for various firm applications and software including: SMTP credentials for sales channels, Ayden, the firm’s single payment platform, email marketing Mailchimp APIs, licensing payment APIs, and public and private keys.
The Vector: A misconfigured data server was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data.
This breach is critical reminder that authentication controls are an important piece in an overall robust cybersecurity posture and furthermore, that such precautions must in place in all third-party vendors that have access to a firm’s data. Multi-factor authentication and password length and complexity rules are effective strategies to mitigate these kinds of breaches to protect a firm’s data.
Forbes: The cyber threat landscape has grown increasingly specialized and more challenging for organizations to defend against on their own.
The Guardian: Password manager LastPass has told customers that some of their information has been accessed in a cybersecurity breach, but says passwords remain safe.
Yahoo News: The UK’s cybersecurity laws will be updated to require outsourced IT providers to meet security standards as part of efforts to better protect supply chains, the Government has announced.
Bleeping Computer: As revealed in a report published earlier this month, the KmsdBot malware behind this botnet was discovered by members of the Akamai Security Intelligence Response Team (SIRT) after it infected one of their honeypots.
Reuters: A warning from Crowdstrike Holdings Inc (CRWD.O) that clients were cutting back on spending and delaying purchases due to an economic slowdown slammed cybersecurity stocks, inflicting fresh pain on the battered sector.
Forbes: The whole point of a merger or acquisition (M&A) is to combine the resources of two organizations to take advantage of economies of scale. It can be a strong recipe for corporate success, yet cybersecurity often takes a back seat in the quest to boost profits and trim costs.
Dark Reading: As the US economy has tightened, the venture capital and acquisition landscape has quickly shifted to become a buyers' market, with startups failing to command the high valuations that were common in past years.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy