The Target: SuperVPN, a popular free VPN service provider.
The Take: Exposed database containing of 360,308,817 million records of wide-ranging sensitive information including: email addresses, original IP addresses, geolocation data, UUID numbers, operating systems, internet connection types, and VPN application versions.
The Vector: A misconfigured database was left open and unsecured with no password, meaning anyone with an internet connection could have downloaded the data.
This breach is a perfect example of a preventable cyber incident. Securing access to databases through rigorous password hygiene is an essential component of security. Furthermore, the data stolen in this attack can be used for crafting highly effective phishing attacks. Companies should take every measure necessary to secure customer data.
Blockchain News: Leading cryptocurrency exchange Binance has assisted US law enforcement in seizing $4.4 million and freezing accounts associated with North Korean organized crime.
Business Wire: Organizations of all sizes are increasingly falling victim to ransomware attacks and inadequately protecting against this rising cyberthreat.
Dark Reading: Risk aggregation is not a new phenomenon. The insurance industry, for example, has long examined how shared assets and similarities between organizations in their books bundle potential risk.
Yahoo Finance: Palo Alto Networks Inc. raised its annual forecasts for revenue and adjusted profit as enterprise customers shift to one-stop shops for their cybersecurity needs in a bid to reduce costs.
Forbes: With ever-evolving attack strategies and a growing list of countries and states adding regulations, companies have no choice but to be more proactive about cybersecurity.
City AM: A London-based artificial intelligence firm has announced a $250m cash injection led by the Qatari sovereign wealth fund as investors rush to capitalise on a boom in AI technology.
US News: Top U.S. cybersecurity companies are expected to report another quarter of strong growth as high-profile hacks and a shift in client preference for bigger players with better integrated offerings help support their businesses in a turbulent economy.
The Target: Leverage EDU, a software University Admission platform.
The Take: Exposure of over 240,000 records of Personally Identifiable Information including: names, email addresses, passport scans, applications, bank statements and loan information.
The Vector: A misconfigured database was left open and unsecured with no password, meaning anyone with an internet connection could have viewed and downloaded the trove of data.
This shows how important authentication controls are and that they are purposefully and smartly deployed with security in mind. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.
Funds Tech: Despite the fact that the majority of financial firms have banned the use of social media platforms such as WhatsApp and WeChat, compliance officers are not convinced this will be effective in managing the risk of off-channel communications.
Funds Tech: Recently published research has revealed that asset managers’ cybersecurity preparedness has become a key concern for institutional investors during the fundraising process.
PR Newswire: LexisNexis® Risk Solutions today released the results of its annual Cybercrime Report, an analysis of data from 79.8 billion transactions processed through its LexisNexis® Digital Identity Network® throughout 2022.
Yahoo Finance: The rise in cyberattacks is bad news for business—but it has been good news for Huntress, a company that helps small and medium-sized businesses protect themselves against cyberattacks, and just raised its biggest round ever.
Institutional Asset Manager: In a recent Crestbridge Alternative Managers’ Mood Index (CAMMI) survey, results highlighted the growing concern of investors in cybersecurity during the fundraising due diligence process in the fund management industry.
Business Daily: An Equity Bank customer has sued the lender for breach of data privacy after his confidential banking information was allegedly shared with a third party.
The Target: NextGen Healthcare, a U.S based maker of electronic records software and management services.
The Take: Exposure of 1 Million records of Personally Identifiable Information including: names, addresses, dates of birth, and social security numbers.
The Vector: An employee’s credentials were compromised through a credential stuffing attack. These breaches rely on employees reusing passwords between platforms, which allowed the attackers to login to NextGen systems.
This breach is a stark reminder of how important authentication controls and password hygiene are in an overall robust cybersecurity posture. Regular social engineering, phishing awareness training, and in this case, tightly enforced password and identity management, are effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.
The Guardian: The outsourcing firm and government contractor Capita has revealed it will take a hit of up to £20m from a recent cyber-attack in which some customer, supplier and staff data was accessed by hackers.
XM: Australia's TechnologyOne Ltd TNE.AX said it had detected an unauthorised third-party access to its back-office systems, becoming the latest target in a series of cyber attacks that has bogged companies in the country since last year.
Investment Executive: With economic activity increasingly taking place online, cyberattacks are an ever-present threat. That’s why cybersecurity companies — often referred to as the utilities segment of the digital world — continue to grow rapidly even in a sluggish economy.
Yahoo Finance: Agio, a leading managed IT and cybersecurity provider for financial services firms, published its annual 2023 Hedge Fund Managed IT Trends Report.
Forbes: Cybersecurity is not one thing but a layering of security tools and processes to protect your data. The two most common layers people think of are the firewall and antivirus solutions.
Verdict: Analysis of the key themes driving private equity deal activity reveals that cybersecurity accounted for 18 technology deals announced in Q1 2023, worth a total value of $2.1 billion.
ZDNet: Generative artificial intelligence is transforming cybersecurity, aiding both attackers and defenders. Cybercriminals are harnessing AI to launch sophisticated and novel attacks at large scale.
The Target: Brightline, a pediatric mental and behavioural health provider.
The Take: Exposure of Personally Identifiable Information including: full names, physical addresses, dates of birth, member identification numbers, date of health plan coverage and employer names.
The Vector: A zero-day exploit was used to breach a third-party vendor, Fortra, of Brightline’s, targeting their file transfer software which let the attackers gain access to sets of files throughout the third-party vendor’s systems.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
BeinCrypto: Over the past few years, the SEC has tightened its regulatory oversight of cryptocurrency private funds. Admittedly, the SEC is responsible for regulating securities and investments in the United States.
Crunchbase: It is difficult nowadays to talk to investors in any tech sector without AI coming up in the conversation — and that is certainly true in cybersecurity.
The Guardian: The City regulator has contacted Capita’s corporate clients urging them to ascertain whether their customers’ data has been compromised after a cyber-attack on the outsourcer in March.
Forbes: Despite business leaders' growing awareness of cybercrime—and the rapid adaptations offered by new cybersecurity architectures—criminals continue to successfully exploit weaknesses created by these evolving business infrastructures.
ZDNet: Singapore and the U.S. have conducted drills to assess how well banks operating in their respective markets respond to cybersecurity threats.
Bleeping Computer: The FBI and Ukrainian police have seized nine cryptocurrency exchange websites that facilitated money laundering for scammers and cybercriminals, including ransomware actors.
Dark Reading: The FBI is requesting more than $63 million in new funding to fight cyber threats in 2024. On April 27, FBI Director Christopher Wray presented before the House Committee on Appropriations Subcommittee on Commerce, Justice, Science.