.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: The NHS, the United Kingdom’s National Health Service.
The Take: Exposure of 14,000 employee records containing Personally Identifiable Information including: names, physical addresses, Date-of-Birth, NI numbers, gender, ethnicity, and salary.
The Vector: The unencrypted and unprotected file was accidentally sent to hundreds of in-firm managers, but also to twenty-four external email accounts. The file in question was a spreadsheet which had hidden tab containing the information.
This breach is a stark reminder of how critical data processes and protocols are when handling sensitive information. Furthermore, the information stolen in this attack could lead to highly targeted phishing campaigns against the victims. Regular training social engineering training, specifically around the human need to get tasks done quickly with a focus on “stop and think” methodology is a key component in cybersecurity.
Tech Crunch: Cybersecurity continues to be a major area for investment among businesses, and today a startup building solutions for smaller enterprises is announcing a funding round to meet that demand. CyberSmart — a U.K. startup that has built an all-in-one platform providing cybersecurity technology for small and medium businesses, and cyber insurance if things go wrong regardless — has closed a Series B of £12.75 million ($15.4 million).
Cision: Network Assured shared the results of a recent data study on cybersecurity, that looked at which U.S. states had suffered the most data breaches in 2022. The study looked at data breaches from all industries, to rank the states where businesses faced the highest risk of cyberattack to the lowest.
The Record: Venture capital investments in cybersecurity firms showed a significant dip in the second half of 2022, according to data collected by financial research firm Momentum Cyber.
Yahoo Finance: As US Department of Justice investigators and companies beef up their oversight of cybersecurity threats, the impact of ransomware attacks — hackers demand ransom payments from targets — has been blunted, according to a Wall Street Journal report.
CNBC: AT&T Inc the second-biggest U.S. wireless carrier, is exploring a sale of its cybersecurity division, potentially undoing an acquisition it completed five years ago, according to people familiar with the matter.
BNN Bloomberg: These and similar expressions have been used to describe the near month-long blackout on key global investor positioning reports that cover bets on everything from Treasuries to soybean futures — the casualty of a ransomware attack on financial firm ION Trading UK.
The Guardian: Darktrace has hired EY to conduct an independent review of its finances as it tries to defend itself against a hedge fund that alleges questionable marketing, sales and accounting practices at the cybersecurity company.
The Target: Slick, an Indian based social media platform.
The Take: Exposure of 153,000 records of Personally Identifiable Information including: full names, mobile numbers, dates of birth, and profile pictures, and some belong to minors.
The Vector: A misconfigured data server was left open and unsecured, meaning anyone with an internet connection and knowledge of the IP address could have viewed and downloaded the data. The domain name for the database was also at risk by being under an easy to guess subdomain of Slick’s main website.
Authentication controls are an important piece in an overall robust cybersecurity posture. Companies should be fully aware of how their data is secured and stored. Furthermore, this sensitive user data is perfect for constructing highly effecting spear-phishing campaigns. Regular monitoring of data storage process can help mitigate these kinds of breaches to protect a firm’s data.
Yahoo Finance: State-backed cyber attacks are on the rise–but they are not raising the level of alarm that they should in the corporate world. When working with companies, my team often encounters executives who say they have insurance, so everything will be alright.
Forbes: Despite the pandemic seeming to ease slightly, 2022 was another year plagued with unknowns and disruption. From global conflict and cybercrime to ongoing supply chain challenges, the only certainty appears to be uncertainty.
ZDNet: From relatively simple tasks, such as composing emails, to more complex jobs, including writing essays or compiling code, ChatGPT -- the AI-driven natural language processing tool from OpenAI -- has been generating huge interest since its launch.
US News: Scandinavian airline SAS said it was hit by a cyber attack Tuesday evening and urged customers to refrain from using its app but later said it had fixed the problem. News reports said the hack paralysed the carrier's website and leaked customer information from its app.
BNN Bloomberg: A cybersecurity incident stretched into its fifth day at Indigo Books & Music Inc., on Monday, illuminating the growing risk of cyberattacks on Canadian companies and consumers.
Bleeping Computer: Spain's National Police and the U.S. Secret Service have dismantled a Madrid-based international cybercrime ring comprised of nine members who stole over €5,000,000 from individuals and North American companies.
Bizz Buzz: Technology layoffs continue without any respite in sight as cybersecurity firms and hardware devices companies optimise workforce, joining global technology giants like Google and Amazon among others. Sources in the know said many cybersecurity firms have recently reduced their workforce as hyper-demand arising from the pandemic begins to wane.
Read more...
The Target: 8Twelve Financial Technologies, a Canadian-based mortgage solution company.
The Take: Exposure of 717, 814 records of Personally Identifiable Information including: names, phone numbers, email addresses, physical addresses, and more critically, detailed “lead” sales data on what kind of mortgage customers were hoping to secure.
The Vector: A misconfigured data server was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data.
This breach is critical reminder that authentication controls are an important piece in an overall robust cybersecurity posture. This data is perfect for constructing highly effecting spear-phishing campaigns. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.
PR Web: Messaging Architects, an eMazzanti Technologies Company and legal technology expert, examines law firm compliance challenges in a new article. The informative article first asserts that attorneys must understand how and when numerous regulations apply to law firms.
Forbes: Cyberattacks are very costly. The world’s leading cybersecurity economy researcher Cybersecurity Ventures expects global cybercrime costs to grow by 15% per year, reaching 10.5 trillion dollars annually by 2025.
VentureBeat: Cybersecurity’s most proven innovation catalyst continues to be the many challenges of securing cloud infrastructure. The cloud has won the enterprise, dominating large enterprises’ tech stacks. The average enterprise uses 1,427 cloud services, and the average enterprise employee uses up to 36 cloud services, including platforms for collaboration and file-sharing.
Mint: Italy's National Cybersecurity Agency (ACN) issued warning to organisations to take action to protect their systems after thousands of computer servers around the world have been targeted by a ransomware hacking attack. ACN director general Roberto Baldoni said that the hacking attack sought to exploit a software vulnerability, adding it was on a massive scale.
US News: MKS Instruments Inc said on Monday it was investigating a ransomware attack that occurred last week and affected the semiconductor equipment maker's production-related systems. The company said it was in the early stages of investigating the attack that it identified on Feb. 3, adding that costs related to the incident have not been determined.
BNN Bloomberg: UK engineering company Vesuvius Plc said it’s managing a cyber-security incident involving unauthorized access to its systems. The molten metal flow control firm has shut down affected systems and initiated steps to assess the scale of the attack, it said in a statement.
Yahoo Finance: Hackers are targeting a two-year-old VMware server software vulnerability in a ransomware campaign aimed at extorting thousands of companies around the world, Italy’s National Cybersecurity Agency warned.
The Target: Trustanduse.com, a digital platform for consumers to rate products, services, stores, and professionals.
The Take: Exposure of 439,000 records of Personally Identifiable Information including: usernames, first and last names, Facebook IDs, phone numbers, and hashed account passwords.
The Vector: A misconfigured data server was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data.
This breach is critical reminder that authentication controls are an important piece in an overall robust cybersecurity posture. This data is perfect for constructing highly effecting spear-phishing campaigns. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.
CRN: Cyren is cutting “substantially all” of its staff with layoffs of 121 employees as the cybersecurity vendor says it is exploring an asset sale or liquidation, the company said. The publicly traded company said in a news release that “existing cash and projected cash flows from operations will not be sufficient to meet the company‘s working capital needs in the near term.” The company’s stock price fell 44 percent, to 42 cents a share.
Business Wire: KnowBe4, Inc. (“KnowBe4”), the provider of the world’s largest security awareness training and simulated phishing platform, announced the completion of its acquisition by Vista Equity Partners (“Vista”), a leading global investment firm focused exclusively on enterprise software, data and technology-enabled businesses, for $24.90 per share in cash.
CTV: A dozen Canadian ministers quietly met in Vancouver last week to brainstorm better online protections for the private information of citizens. The Digital Trust and Cybersecurity symposium on Jan. 25 was attended by representatives from every province and territory, save Alberta, and took place roughly six months after the inaugural meeting in Quebec.
Dark Reading: We've recently seen substantial layoffs across the tech sector, to the tune of around 140,000 redundancies made by big names such as Amazon, Salesforce, Microsoft, and Tesla. As the recession bites, falling stock prices and further contraction in the market, together with merger and acquisition activity, are expected to force businesses to reduce head count further still.
CNN: US and European law enforcement’s disruption last week of a $100-million ransomware gang is the clearest public example yet of a new high-stakes strategy from the Biden administration to prioritize protecting victims of cybercrime – even if it means tipping off suspects and potentially make it harder to arrest them.
Bleeping Computer: Cybercrime groups are increasingly running their operations as a business, promoting jobs on the dark web that offer developers and hackers competitive monthly salaries, paid time off, and paid sick leaves. In a new report by Kaspersky, which analyzed 200,000 job ads posted on 155 dark websites between March 2020 and June 2022, hacking groups and APT groups seek to hire mainly software developers (61% of all ads), offering very competitive packages to entice them.
Forbes: Now is the time for cybersecurity policies to become as ubiquitous and accepted as workplace safety policies. Cybersecurity today is where physical safety was 40 years ago—there are few regulations or standards, and those that exist often feel arbitrarily imposed. Cybersafety is not an expected or regulated part of corporate culture.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy