.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Salesforce, Inc., an American cloud-based software company headquartered in San Francisco, California
The Take: The goal of the phishing kit employed in this campaign was to steal Facebook account credentials, even featuring two-factor authentication bypassing mechanisms.
The Vector: The attackers chained a flaw dubbed "PhishForce," to bypass Salesforce's sender verification safeguards and quirks in Facebook's web games platform to mass-send phishing emails.
As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.
US News: One of the world’s biggest law firms said it is separating from the Chinese firm that was part of its global network for eight years, citing changes in cybersecurity and other rules that have rattled foreign companies.
CNBC: Hackers will have the chance to compete for millions of dollars in prizes by using artificial intelligence to protect critical U.S. infrastructure from cybersecurity risks, the Biden administration announced.
TechCrunch: U.S. cybersecurity giant Rapid7 has announced plans to lay off 18% of its workforce, affecting more than 400 global employees.
Yahoo Finance: Private equity investors have piled $4.7 billion into European cybersecurity companies so far this year, putting deal value on course to outperform 2022, when the total reached $7.6 billion.
Dark Reading: With the emergence of generative models, and large language models (LLMs) in particular, and the meteoric rise in the popularity of ChatGPT, there once again are calls for more security regulation.
Yahoo Finance: Amid the crypto industry's myriad obstacles, hacks still rank at the top of the list. Despite the bear market, last year saw a historic spike, with nearly $4 billion stolen by cybercriminals, according to the analytics firm Chainalysis.
Forbes: We live in an age in which technology promises to shape the future. The near-constant flow of innovation makes it challenging for many business leaders to keep up.
The Target: American retail chain Hot Topic.
The Take: A threat actor obtained the valid account credentials for Hot Topic Rewards accounts from an unknown third party.
The Vector: The series of breaches that occurred between Feb. 7 and June 21 was the result of automated credential stuffing attacks against the company’s website and mobile application.
This breach is a reminder of how authentication controls are an important part of an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.
Security Week: The five key risk areas are misconfigurations, external-facing vulnerabilities, weaponized vulnerabilities, malware inside a cloud environment, and remediation lag (that is, delays in patching).
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy