.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Bleeping Computer: Sports betting company DraftKings revealed last week that more than 67,000 customers had their personal information exposed following a credential attack in November.
The Target: Uber, a U.S based ride-service company.
The Take: Exposure of sensitive company information including: IT Asset reports, Windows domain login names and email addresses, and Active Directory information.
The Vector: The data was stolen through a breach in a third-party provider, Teqtivity, using compromised employee credentials. These were used to gain access to an AWS backup server.
This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data. The information stolen in this attack could lead to highly targeted phishing campaigns against Uber. Regular vendor assessments are a key component in cybersecurity.
ITPro: The US' Department of Justice (DoJ) has begun the seizure of 48 DDoS-for-hire services and brought criminal charges against six individuals involved.
Business Wire: Public sector organizations are more likely to struggle with leveraging data to detect and prevent threats than their private sector counterparts (63% to 49%), ultimately affecting their cybersecurity readiness. That’s according to a survey commissioned by Splunk Inc. (NASDAQ: SPLK), the data platform leader for security and observability.
Dark Reading: Around the world, employees have been experiencing extreme stress due to the ongoing pandemic, business disruption, and the faster pace of work.
Reuters: Cybersecurity start-up Snyk Ltd said it had raised $196.5 million in Series G funding, led by Qatar Investment Authority, which is at a lower valuation of $7.4 billion.
Bleeping Computer: Digipolis, the IT company responsible for managing Antwerp's IT systems, suffered a ransomware attack that disrupted the city's IT, email, and phone services.
Yahoo Finance: California’s finance department has been hit by a cybersecurity attack, and a notorious ransomware group is claiming responsibility.
Forbes: The story of cybersecurity is a constant progression of new ways to defeat new threats, from thought experiments to mainstream best practices. It started with the earliest antivirus software, which began as an experiment and progressed to being a necessity.
The Target: Vevor, a California-based online retailer.
The Take: 1.1 billion records across two databases of Personally Identifiable Information including: first and last name, partial credit card numbers, transaction IDs, order and refund information, home addresses, and email addresses. Internal Vevor account admin names and plaintext passwords were also exposed, as well as IP addresse, ports, and pathways.
The Vector: A misconfigured data server was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data.
This breach is critical reminder that authentication controls are an important piece in an overall robust cybersecurity posture and furthermore, that when admin credentials are exposed, dangerous pivot attacks may follow as attackers use these to move into a firm’s other platforms. Multi-factor authentication and password length and complexity rules are effective strategies to mitigate these kinds of breaches to protect a firm’s data.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Prague
3rd Floor, The Park
V Parku 8
Chodov, Praha, 148 00
Czech Republic
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy