shutterstock_490960141-1

Industry News: ESG5

    Know Your Breach: Neho

    The Target: Neho, a Swiss-based online real estate agency.

    The Take: Exposure of sensitive login credentials to Neho’s systems, potentially allowing attackers full access to databases, source-code, configuration profiles and more.

    The Vector: A misconfiguration on Neho’s website exposed login credentials to their systems to the public, allowing anyone with internet access who obtained these credentials to login as an authenticated Neho user.

    This breach is a critical reminder of how important access control is for overall cybersecurity. If an attacker obtains access to vetted credentials, they can pivot their movements into possibly every system belonging to the firm, making the attack an order of magnitude more deadly. Safe and secure storage of login credentials is essential to protecting a firm and their customers.

    Read more...

    The Multidimensional Relationship Between AI And Cybersecurity And Its Impact On Fintech

    2023-06-08

    Forbes: As automation increases, so does the extent of systematic cyber risk. Cybersecurity measures are thus prudent since it is only by looking through the lens of the hacker can one avail a progressive insight as to the best means of securing and protecting data.

    Read more...

    North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft

    2023-06-08

    SecurityWeek: A decentralized cryptocurrency wallet service with roughly five million users, Atomic is available on all major operating systems, including Windows, macOS, Linux, Android, and iOS.

    Read more...

    SEC Cyber Proposals Receive Mixed Feedback From Industry

    2023-06-07

    Plan Adviser: Commenters replying to the Securities and Exchange Commission’s three cybersecurity proposals requested additional flexibility and two years to comply with anything the regulator adopts, based on responses submitted through the deadline.

    Read more...

    Shortfall of Skilled Cybersecurity Workers in the US Reaches an Estimated 466,000, CyberSeek Data Reveals

    2023-06-06

    PR Newswire: Demand for cybersecurity talent continues to outpace supply, according to the latest data from CyberSeek, the joint initiative of the National Institute of Standards and Technology's (NIST) NICE program, Lightcast and CompTIA.

    Read more...

    Federal Cyber Incidents Reveal Challenges of Implementing US National Cybersecurity Strategy

    2023-06-05

    CSO: Microsoft revealed on May 24 that the Chinese threat group Volt Typhoon attempted to gain access to communications systems in the United States, including Navy infrastructure on Guam. 

    Read more...

    After 'Inception' Attack, New Due Diligence Requirements Are Needed

    2023-06-05

    Dark Reading: Researchers investigating a supply chain attack disclosed by 3CX in March found it had an unusual and alarming origin: another company's supply chain attack.

    Read more...

    Microsoft-Backed Rubrik Hires Banks For IPO

    2023-06-05

    Yahoo Finance: Rubrik Inc, a U.S. cybersecurity software startup backed by Microsoft Corp and valued at $4 billion in a fundraising round two years ago, has hired banks for an initial public offering, four people familiar with the matter said.

    Read more...

    Know Your Breach: Toyota

    The Target: Toyota, a Japanese car manufacturer

    The Take: Two cloud databases exposed Personally Identifiable Information including: physical address, name, phone number, email address, customer ID, vehicle registration number, and vehicle identification numbers.

    The Vector: Several misconfigured cloud databases were left open and unsecured with no password, meaning anyone with an internet connection could have downloaded the data.

    Securing access to databases through rigorous password hygiene is an essential component of security, and cloud databases are no exception. Furthermore, the data stolen in this attack can be used for crafting highly effective automotive-based phishing attacks. Regular security compliance reviews can help prevent these breaches.

    Read more...

    Galvanick Announces $10 Million in Seed Funding for Its Industrial Cybersecurity Platform

    2023-06-01

    Business Wire: Galvanick, the cybersecurity solution for protecting industrial infrastructure against cyber attacks, announced its $10 million seed round. 

    Read more...

    About Castle Hall Diligence

    Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

    Subscribe to Cyber Updates