Industry News: ESG5

The Target: Uber, the U.S based app ride service.

The Take: Exposure of company internal systems and employee information.

The Vector: A threat actor obtained access to an employee’s user account by convincing them they were part of Uber’s IT team. With the compromised credentials, the attacker accessed all the internal systems the credentials had permissions to view.

This breach is a stark reminder of the very real threat of social engineering attacks which exploit our innate desire to do tasks quickly without stopping to consider the nature of the request. Training, stop-and-think methodology, and a measured approach to requests of any kind, especially where credentials and access are concerned, can help mitigate the risk.

Read more...

2022-09-15

Harvard Law School Forum on Corporate Governance: This policy brief discusses cybersecurity from the corporate governance standpoint and illustrates how Nasdaq can implement cybersecurity into its ESG Reporting Guide, which is used by many public and private companies globally.

Read more...

2022-09-15

Private Equity Wire: The investment will provide working capital to enable Fidelis’ continued success in developing cyber solutions that help security teams from top commercial, enterprise, and government agencies worldwide find and stop threats faster and more effectively. 

Read more...

2022-09-15

U.S. News: U.S. President Joe Biden directed the committee that reviews foreign investment for national security risks to sharpen its focus on threats to sensitive data, cyber security and areas such as microelectronics and artificial intelligence.

Read more...

2022-09-15

ABC News: The European Union's executive arm proposed new legislation that would force manufacturers to ensure that devices connected to the internet meet cybersecurity standards, making the 27-nation bloc less vulnerable to attacks.

Read more...

2022-09-14

Cision: Picus Security, the pioneer of Breach and Attack Simulation (BAS) technology, released cyber incident data obtained from the UK's Financial Conduct Authority (FCA). Through a Freedom of Information (FOI) request, Picus can reveal a steep rise in Distributed Denial-of-Service (DDoS) attacks reported to the regulator.

Read more...

2022-09-13

Business Wire: Kroll, the leading independent provider of global risk and financial advisory solutions, announced its report Cyber Risk and CFOs: Over-Confidence is Costly which found chief financial officers (CFOs) to be woefully in the dark regarding cyber security, despite confidence in their company’s ability to respond to an incident.

Read more...

2022-09-13

Cision: Agio, a leading cybersecurity and managed IT provider for financial services firms, published its inaugural 2022 Hedge Fund Managed IT Trends Report.

Read more...

The Target: DoorDash, a popular food delivery company.

The Take: Exposure of Personally Identifiable Information belong to customers and employees including: names, customer delivery addresses, phone numbers, and some partial credit card information.

The Vector: The attackers breached a third-party company that DoorDash works with through a phishing attack. By using the compromised credentials, they were able to move in the vendor’s network freely and then access some of DoorDash’s own internal tools.

This breach is a stark reminder of the effective of social engineering attacks and how critical authentication controls are in an overall robust cybersecurity posture. Enforcing multi-factor authentication, reasonably paced password resets, and regular social engineering and phishing awareness training are all effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.

Read more...

2022-09-08

Info Security: In a statement to the London Stock Exchange (LSE), Darktrace said "discussions with Thoma Bravo have terminated,” putting an end to the £6bn ($6.9m) deal that could have been one of the most significant M&A of 2022.

Read more...