The Target: Neho, a Swiss-based online real estate agency.
The Take: Exposure of sensitive login credentials to Neho’s systems, potentially allowing attackers full access to databases, source-code, configuration profiles and more.
The Vector: A misconfiguration on Neho’s website exposed login credentials to their systems to the public, allowing anyone with internet access who obtained these credentials to login as an authenticated Neho user.
This breach is a critical reminder of how important access control is for overall cybersecurity. If an attacker obtains access to vetted credentials, they can pivot their movements into possibly every system belonging to the firm, making the attack an order of magnitude more deadly. Safe and secure storage of login credentials is essential to protecting a firm and their customers.
Forbes: As automation increases, so does the extent of systematic cyber risk. Cybersecurity measures are thus prudent since it is only by looking through the lens of the hacker can one avail a progressive insight as to the best means of securing and protecting data.
SecurityWeek: A decentralized cryptocurrency wallet service with roughly five million users, Atomic is available on all major operating systems, including Windows, macOS, Linux, Android, and iOS.
Plan Adviser: Commenters replying to the Securities and Exchange Commission’s three cybersecurity proposals requested additional flexibility and two years to comply with anything the regulator adopts, based on responses submitted through the deadline.
PR Newswire: Demand for cybersecurity talent continues to outpace supply, according to the latest data from CyberSeek, the joint initiative of the National Institute of Standards and Technology's (NIST) NICE program, Lightcast and CompTIA.
CSO: Microsoft revealed on May 24 that the Chinese threat group Volt Typhoon attempted to gain access to communications systems in the United States, including Navy infrastructure on Guam.
Dark Reading: Researchers investigating a supply chain attack disclosed by 3CX in March found it had an unusual and alarming origin: another company's supply chain attack.
Yahoo Finance: Rubrik Inc, a U.S. cybersecurity software startup backed by Microsoft Corp and valued at $4 billion in a fundraising round two years ago, has hired banks for an initial public offering, four people familiar with the matter said.
The Target: Toyota, a Japanese car manufacturer
The Take: Two cloud databases exposed Personally Identifiable Information including: physical address, name, phone number, email address, customer ID, vehicle registration number, and vehicle identification numbers.
The Vector: Several misconfigured cloud databases were left open and unsecured with no password, meaning anyone with an internet connection could have downloaded the data.
Securing access to databases through rigorous password hygiene is an essential component of security, and cloud databases are no exception. Furthermore, the data stolen in this attack can be used for crafting highly effective automotive-based phishing attacks. Regular security compliance reviews can help prevent these breaches.
Business Wire: Galvanick, the cybersecurity solution for protecting industrial infrastructure against cyber attacks, announced its $10 million seed round.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy