The Target: Toyota, a Japanese car manufacturer
The Take: Two cloud databases exposed Personally Identifiable Information including: physical address, name, phone number, email address, customer ID, vehicle registration number, and vehicle identification numbers.
The Vector: Several misconfigured cloud databases were left open and unsecured with no password, meaning anyone with an internet connection could have downloaded the data.
Securing access to databases through rigorous password hygiene is an essential component of security, and cloud databases are no exception. Furthermore, the data stolen in this attack can be used for crafting highly effective automotive-based phishing attacks. Regular security compliance reviews can help prevent these breaches.
Business Wire: Galvanick, the cybersecurity solution for protecting industrial infrastructure against cyber attacks, announced its $10 million seed round.
Yahoo Finance: EC-Council, the global leader in cybersecurity education and training, released its Certified Chief Information Security Officer Hall of Fame Report, honouring the top 50 Certified CISOs globally.
Dark Reading: Despite a more cautious approach to financing, investors continue to scour the country for the next generation of cybersecurity startups that can aid enterprises in the never-ending quest to safeguard critical IT systems.
Investment Executive: The recent data breach that affected customers of Toronto-based InvestorCOM Inc. has reminded large financial services firms of the importance of cybersecurity preparation.
PR Newswire: Governments worldwide are becoming increasingly digital, leading to more prevalent and more diverse cyberattacks.
Mondaq: Recent enforcement actions highlight the increased regulatory scrutiny that private funds may face with respect to internal cybersecurity protocols and responses to cyber-crimes and cyber incidents under new and updated cybersecurity laws.
The Guardian: About 90 organizations have reported breaches of personal information held by Capita after the outsourcing group suffered a cyber-attack, Britain’s data watchdog has said.
The Target: SuperVPN, a popular free VPN service provider.
The Take: Exposed database containing of 360,308,817 million records of wide-ranging sensitive information including: email addresses, original IP addresses, geolocation data, UUID numbers, operating systems, internet connection types, and VPN application versions.
The Vector: A misconfigured database was left open and unsecured with no password, meaning anyone with an internet connection could have downloaded the data.
This breach is a perfect example of a preventable cyber incident. Securing access to databases through rigorous password hygiene is an essential component of security. Furthermore, the data stolen in this attack can be used for crafting highly effective phishing attacks. Companies should take every measure necessary to secure customer data.
Blockchain News: Leading cryptocurrency exchange Binance has assisted US law enforcement in seizing $4.4 million and freezing accounts associated with North Korean organized crime.