.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
CNN: China’s cyberspace regulator fined Didi Global just over 8 billion yuan ($1.2 billion) for violating cybersecurity and data laws, putting an end to a yearlong investigation into the ride-hailing giant.
Portfolio Adviser: Hackers have infiltrated a London-based fund administrator and custodian’s IT system, potentially putting customers’ personal data at risk. Mainspring notified clients earlier this week it had suffered a data breach, following a targeted ransomware attack on the morning of 12 July.
IT News: Australia’s competition watchdog has partnered with the corporate regulator to trial automated takedowns of websites hosting phishing and other scams.
Private Equity Wire: Atlantic Street Capital (ASC), a private equity firm that invests in lower middle market companies, has acquired assets from CyberGuard Compliance, a licensed CPA firm with exclusive specialisation in IT compliance and cybersecurity audit and assessment services, and Elite Consulting Solutions, a provider of IT compliance and cybersecurity consulting and remediation services, collectively known as “CyberGuard”.
Coin Telegraph: The United States Federal Bureau of Investigation (FBI) has issued a public warning about fraudulent cryptocurrency applications, which have swindled U.S. investors out of an estimated $42.7 million so far.
CNN: The Biden administration is pushing to fill hundreds of thousands of cybersecurity jobs in the United States as part of a bid to close a talent shortage US officials describe as both a national security challenge and an economic opportunity.
The Target: Axie Infinity, a Decentralized Finance company that runs a “play to earn” game video game.
The Take: $625 million worth of crypto currency.
The Vector: The hackers used social engineering and phishing to craft a highly targeted fake job offer email and embedded a malicious program instead a PDF attachment. The Axie Infinity employee believed this was legitimate and opened the PDF attachment, and during the fake recruiting process, also gave away critical personal information which was then used to gain access to the firm’s systems to steal the funds.
This breach highlights the ongoing and ever-present need for employee training to protect a firm against social engineering attacks. By using the exposed credentials, the attackers were able to act with all the same permissions as the affected employee and pivot into other systems. The human component of cybersecurity is a very real and important piece of the overall picture of cybersecurity posture.
Bank of Canada: Financial markets face the constant threat of cyber attacks. We develop a principal-agent model of cyber-attacking with fee-paying clients who delegate security decisions to financial platforms. We derive testable implications about clients’ vulnerability to cyber attacks and about the fees charged. We characterize which cyber attacks actors choose.
The Hill: The analysis states that a security engineer from the Alibaba Cloud Security team in China first reported the vulnerability to the Apache Software Foundation, a nonprofit organization that provides support for Log4j, the software.
Bleeping Computer: Uniswap, a popular decentralized cryptocurrency exchange, lost close to $8 million worth of Ethereum in a sophisticated phishing attack. While the protocol hasn't been compromised by exploiting a vulnerability as initially suspected, the cyberattack has impacted many investors in digital assets.
