.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Slick, an Indian based social media platform.
The Take: Exposure of 153,000 records of Personally Identifiable Information including: full names, mobile numbers, dates of birth, and profile pictures, and some belong to minors.
The Vector: A misconfigured data server was left open and unsecured, meaning anyone with an internet connection and knowledge of the IP address could have viewed and downloaded the data. The domain name for the database was also at risk by being under an easy to guess subdomain of Slick’s main website.
Authentication controls are an important piece in an overall robust cybersecurity posture. Companies should be fully aware of how their data is secured and stored. Furthermore, this sensitive user data is perfect for constructing highly effecting spear-phishing campaigns. Regular monitoring of data storage process can help mitigate these kinds of breaches to protect a firm’s data.
Yahoo Finance: State-backed cyber attacks are on the rise–but they are not raising the level of alarm that they should in the corporate world. When working with companies, my team often encounters executives who say they have insurance, so everything will be alright.
Forbes: Despite the pandemic seeming to ease slightly, 2022 was another year plagued with unknowns and disruption. From global conflict and cybercrime to ongoing supply chain challenges, the only certainty appears to be uncertainty.
ZDNet: From relatively simple tasks, such as composing emails, to more complex jobs, including writing essays or compiling code, ChatGPT -- the AI-driven natural language processing tool from OpenAI -- has been generating huge interest since its launch.
US News: Scandinavian airline SAS said it was hit by a cyber attack Tuesday evening and urged customers to refrain from using its app but later said it had fixed the problem. News reports said the hack paralysed the carrier's website and leaked customer information from its app.
BNN Bloomberg: A cybersecurity incident stretched into its fifth day at Indigo Books & Music Inc., on Monday, illuminating the growing risk of cyberattacks on Canadian companies and consumers.
Bleeping Computer: Spain's National Police and the U.S. Secret Service have dismantled a Madrid-based international cybercrime ring comprised of nine members who stole over €5,000,000 from individuals and North American companies.
Bizz Buzz: Technology layoffs continue without any respite in sight as cybersecurity firms and hardware devices companies optimise workforce, joining global technology giants like Google and Amazon among others. Sources in the know said many cybersecurity firms have recently reduced their workforce as hyper-demand arising from the pandemic begins to wane.
Read more...
The Target: 8Twelve Financial Technologies, a Canadian-based mortgage solution company.
The Take: Exposure of 717, 814 records of Personally Identifiable Information including: names, phone numbers, email addresses, physical addresses, and more critically, detailed “lead” sales data on what kind of mortgage customers were hoping to secure.
The Vector: A misconfigured data server was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data.
This breach is critical reminder that authentication controls are an important piece in an overall robust cybersecurity posture. This data is perfect for constructing highly effecting spear-phishing campaigns. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.
PR Web: Messaging Architects, an eMazzanti Technologies Company and legal technology expert, examines law firm compliance challenges in a new article. The informative article first asserts that attorneys must understand how and when numerous regulations apply to law firms.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Prague
V Parku 8, 148 00 Praha 11,
Czech Republic
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy