.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: General Electric (GE) is an American multinational company with divisions in power, renewable energy, and aerospace industries.
The Take: According to the threat actor, "data includes a lot of DARPA-related military information, files, SQL files, documents etc." As proof of the breach, the threat actor shared screenshots of what they claim is stolen GE data, including a database from GE Aviations that appears to contain information on military projects.
The Vector: The data was exposed through a server that was misconfigured so that it was accessible online.
This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
Forbes: The hyper-connected nature of our world, the growing use of cloud applications and the fact that data now resides anywhere are all contributing factors to the ubiquity of cyberattacks.
CNBC: The news sent shares down as much as 7% in pre-market trading, although the stock recovered after Okta posted earnings that beat estimates. The company had originally been expected to report earnings after the bell, but moved its report up to the morning shortly after it disclosed the expanded breach in a blog post filed with the SEC.
Forbes: On one hand, 63% of cybersecurity professionals complain that working conditions have become more difficult over the last two years owing to a heavy surge in cyberattacks, mounting data privacy concerns, overwhelming workloads, budget restrictions, staffing shortages and a complex regulatory environment.
US News: CrowdStrike Holdings on Tuesday forecast fourth-quarter revenue above Wall Street estimates, driven by resilient demand for its cybersecurity offerings in the wake of rising online threats.
Bleeping Computer: In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries.
CXOtoday: Cybersecurity is an integral part of Industry 4.0. In the current era of fast technological advancements and innovations, cybersecurity is the key to continued success and business longevity.
Yahoo Finance: Artificial intelligence and automation are reshaping the digital defense landscape. Companies are engaged in a relentless race to outpace cyber threats, with the effectiveness of their cybersecurity systems playing a pivotal role in determining market success moving forward.
The Target: AutoZone is the leading retailer and distributor of automotive spare parts and accessories in the U.S., operating 7,140 shops in the country and also in Brazil, Mexico, and Puerto Rico.
The Take: The data leaked by the cybercriminals is roughly 1.1GB in size, containing employee names, email addresses, parts supply details, tax information, payroll documents, Oracle database files, data about stores, production and sales information, and more. No customer data appears in the leaked files.
The Vector: AutoZone became aware that an unauthorized third party exploited a vulnerability associated with MOVEit and exfiltrated certain data from an AutoZone system that supports the MOVEit application. More specifically, on or about August 15, 2023, AutoZone determined that the exploitation of the vulnerability in the MOVEit application had resulted in the exfiltration of certain data.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
TechCrunch: Fidelity National Financial, or FNF, a Fortune 500 company that provides title insurance and settlement services for the mortgage and real estate industries, announced that it was the victim of a “cybersecurity incident that impacted certain FNF systems.”
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy