Industry News: ESG5

Know Your Breach: Sark Technologies

The target: Sark Technologies

The take: Personal information of over 43,000 customers including: names, addresses, phone numbers, email address, encrypted card numbers and cardholder data.

The attack vector: A vulnerability within an image upload function of Sark Technologies’s reservation and management software, SuperINN. This allowed attackers to insert malicious scripts to export customer data to their own pockets. In addition, the hackers also identified another pathway of attack through a vulnerability in a SQL injection, using this to further extract sensitive cardholder data.


The Government of Canada Advances Cyber Security Innovation and Cooperation


The Government of Canada: the Government is announcing two initiatives to help advance Canada’s National Cyber Security Strategy: the release of a National Cyber Security Action Plan, and the re-launching of the Cyber Security Cooperation Program with $10.3 million available over five years to support initiatives in the area of cyber security in Canada.


Cybersecurity Pros Name Their Price as Data Hacking Attacks Swell


The LA Times: It took a $650,000 salary for Matt Comyns to entice a seasoned cybersecurity expert to join one of America’s largest companies as chief information security officer in 2012. At the time, it was among the most lucrative offers out there.


MAS Issues New Rules to Strengthen Cyber Resilience of Financial Industry


MAS: The Monetary Authority of Singapore (MAS) today issued a set of legally binding requirements to raise the cyber security standards and strengthen cyber resilience of the financial sector. The Notice on Cyber Hygiene sets out the measures that financial institutions must take to mitigate the growing risk of cyber threats.


North Korean Cryptocurrency Heists Net Estimated $2 Billion: UN Report


CNN: North Korea earned as much as $2 billion dollars through large-scale cyber attacks to help fund its weapons programs, a United Nations panel alleges in a new report.

The findings emerged as Pyongyang fired what are believed to be two short-range ballistic missiles early Tuesday, the fourth missile launch in less than two weeks.

Security Start-up Cybereason Raises $200 Million from Japan’s SoftBank


CNBC: That brings the total amount of funds the start-up raised to $400 million since it was founded in 2012. Other backers include Lockheed Martin, CRV and Spark Capital. Cybereason did not disclose its valuation.


Would You Trust a Criminal with Your Cyber Security?


Computer Weekly: The UK cyber security services market is one of the most mature in the world. It has benefited from the development of a higher education system that generates significant numbers of cyber security professionals, a mature training market that allows people to cross-train, and well-structured career pathways to promote professional practices, underpinned by codes of conduct and ethics that are both meaningful and enforceable.


Robert A. Cohen, Cyber Unit Chief, to Leave SEC After 15 Years of Service


SEC: Mr. Cohen is the first Chief of the Cyber Unit, created in 2017. The unit focuses on violations involving digital assets and cryptocurrency, cyber-related trading violations such as hacking to obtain material nonpublic information, and cybersecurity disclosures and procedures at public companies and financial institutions. Previously, Mr. Cohen was Co-Chief of the Market Abuse Unit.


Know Your Breach: Capital One Bank

The target: Capital One Bank

The take: Highly sensitive information of 106 million customers including: 140,000 Social Security numbers, 1 million Social Insurance Numbers for Canadian credit card customers, bank account numbers, credit card application data including scores, balances, limits and payment history, and some of transaction data.

The attack vector: A misconfigured firewall in Capital One’s AWS infrastructure allowed the attacker to clone data housed in cloud storage instances. The attacker employed VPN and anonymized browsing to execute the attack surreptitiously – but was ultimately found out when they bragged about the heist in public Slack channels. Capital One was notified of the breach via an e-mail tip with directions to a public Github repository where the attacker had archived some of the exfiltrated data. 


BlackRock, Pamplona Talks Over Cybersecurity Firm Cofense Break Down


The Wall Street Journal: BlackRock Inc. is no longer in talks with Pamplona Capital Management to take over the private-equity firm’s stake in cybersecurity company Cofense Inc.


About Castle Hall Diligence

Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

Subscribe to Cyber Updates