.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: StoreHub, a Malaysian point-of-sale software vendor.
The Take: Exposure of 1 million customers accounts with 1.7 billion records of Personally Identifiable Information including: full names, phone numbers, physical addresses, email address, device types, order information, partially masked credit card numbers, and access tokens.
The Vector: A completely unsecured AWS Elasticsearch database server with no authentication, or data encryption, was left open and accessible to anyone with an internet connection.
This breach highlights the critical importance of employing robust practices of credential management, user authentication and validation. The personal information, along with the event logs and sensitive company information, can lead to highly effective phishing attacks. Furthermore, the use of encryption on user data can help secure sensitive information in the event of a breach and its use is widely considered a key pillar of a robust cybersecurity posture.
Help Net Security: The APWG’s Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks—the worst quarter for phishing observed to date. This quarter was the first time the three-month total has exceeded one million. There were 384,291 attacks in March 2022, which was a record monthly total.
ZDNet: Most companies that get hit by a cyberattack are likely to fall victim again – sometimes repeatedly – as many struggle to improve their cybersecurity strategy, even after incidents.
ITPro: Governments have published numerous advisories warning businesses of the increased risk of spillover cyber attacks from the ongoing cyber war. Being aggressive with security can help keep out adversaries that are currently scanning businesses for weak points that have network access, Cisco’s experts said at Cisco Live 2022.
PYMNTS: Microsoft announced its plans to acquire cyberthreat analysis and research company Miburo in a Tuesday (June 14) blog post. The cybersecurity company specializes in detecting and responding to foreign information operations.
Investment Executive: With cyber threats posing a growing risk to financial stability, the European Union (EU) is imposing tougher cybersecurity standards, Moody’s Investors Service reports.
CBC: The federal government has tabled a bill that would allow it to compel companies in the finance, telecommunications, energy and transportation sectors to either shore up their cyber systems against attacks or face expensive penalties.
Bleeping Computer: Security researchers have uncovered a large-scale malicious operation that uses trojanized mobile cryptocurrency wallet applications for Coinbase, MetaMask, TokenPocket, and imToken services.
The Target: MyEasyDocs, an India-based online documents verification platform.
The Take: Exposure of 57,000 customer’s, in this case students, Personally Identifiable Information including: full names, phone numbers, grades, subject majors, email addresses, dates of graduation, National ID and School registration number.
The Vector: The breach occurred through a misconfigured Microsoft Azure database, letting anyone with internet access connect and download the sensitive data.
This breach highlights the critical importance of employing robust practices of credential management, user authentication and validation. An unprotected point of entry on a key piece of equipment like a storage server can lead to a breach with a cascading effect on data security. The detailed personal information, along with the event logs and sensitive company information, can lead to highly effective phishing attacks.
Tech Central: Rogue actors who do not use ransomware are spending the most time inside small businesses with the average dwell time observed to be 51 days in organisations with fewer than 250 employees. Attackers targeting larger (3,000-5,000 employees) organisations spend on average just 20 days inside.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy