The target: Sark Technologies
The take: Personal information of over 43,000 customers including: names, addresses, phone numbers, email address, encrypted card numbers and cardholder data.
The attack vector: A vulnerability within an image upload function of Sark Technologies’s reservation and management software, SuperINN. This allowed attackers to insert malicious scripts to export customer data to their own pockets. In addition, the hackers also identified another pathway of attack through a vulnerability in a SQL injection, using this to further extract sensitive cardholder data.
The Government of Canada: the Government is announcing two initiatives to help advance Canada’s National Cyber Security Strategy: the release of a National Cyber Security Action Plan, and the re-launching of the Cyber Security Cooperation Program with $10.3 million available over five years to support initiatives in the area of cyber security in Canada.
The LA Times: It took a $650,000 salary for Matt Comyns to entice a seasoned cybersecurity expert to join one of America’s largest companies as chief information security officer in 2012. At the time, it was among the most lucrative offers out there.
MAS: The Monetary Authority of Singapore (MAS) today issued a set of legally binding requirements to raise the cyber security standards and strengthen cyber resilience of the financial sector. The Notice on Cyber Hygiene sets out the measures that financial institutions must take to mitigate the growing risk of cyber threats.
CNN: North Korea earned as much as $2 billion dollars through large-scale cyber attacks to help fund its weapons programs, a United Nations panel alleges in a new report.
CNBC: That brings the total amount of funds the start-up raised to $400 million since it was founded in 2012. Other backers include Lockheed Martin, CRV and Spark Capital. Cybereason did not disclose its valuation.
Computer Weekly: The UK cyber security services market is one of the most mature in the world. It has benefited from the development of a higher education system that generates significant numbers of cyber security professionals, a mature training market that allows people to cross-train, and well-structured career pathways to promote professional practices, underpinned by codes of conduct and ethics that are both meaningful and enforceable.
SEC: Mr. Cohen is the first Chief of the Cyber Unit, created in 2017. The unit focuses on violations involving digital assets and cryptocurrency, cyber-related trading violations such as hacking to obtain material nonpublic information, and cybersecurity disclosures and procedures at public companies and financial institutions. Previously, Mr. Cohen was Co-Chief of the Market Abuse Unit.
The target: Capital One Bank
The take: Highly sensitive information of 106 million customers including: 140,000 Social Security numbers, 1 million Social Insurance Numbers for Canadian credit card customers, bank account numbers, credit card application data including scores, balances, limits and payment history, and some of transaction data.
The attack vector: A misconfigured firewall in Capital One’s AWS infrastructure allowed the attacker to clone data housed in cloud storage instances. The attacker employed VPN and anonymized browsing to execute the attack surreptitiously – but was ultimately found out when they bragged about the heist in public Slack channels. Capital One was notified of the breach via an e-mail tip with directions to a public Github repository where the attacker had archived some of the exfiltrated data.
The Wall Street Journal: BlackRock Inc. is no longer in talks with Pamplona Capital Management to take over the private-equity firm’s stake in cybersecurity company Cofense Inc.