.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: MM.Finance, the largest decentralized finance platform on the Cronos blockchain.
The Take: $2 Million
The Vector: A DNS (domain name service, a server that directs users to the appropriate website upon entering the name of a site) vulnerability allowed attackers to inject a malicious website address into the code on the front-facing website as a redirected destination. When users visited the site to make transactions, they were instead sent to a bad website address where the threat actor was able to steal the funds being transacted.
This breach is an important reminder of the critical nature of user-facing website security. Any method which allows public access must be secured to the highest standard and regularly audited for potential breaches. Furthermore, monitoring and updating, if necessary, configurations of key infrastructure like DNS servers is part of maintaining a robust cybersecurity posture.
Irish Examiner: The European Union’s “fragmented” approach to cybersecurity and the “patchy” capabilities of member states is creating several problems in terms of combating State-level attacks and criminal hacks, according to an international expert.
Bleeping Computer: The U.S. Department of Justice (DoJ) has charged Idris Dayo Mustapha for a range of cybercrime activities that took place between 2011 and 2018, resulting in financial losses estimated to over $5,000,000.
Dark Reading: The National Security Administration (NSA), along with a coalition of international cybersecurity authorities, today issued an advisory warning managed service providers (MSPs) of an escalating threat of attack from both everyday cybercriminals and state-sponsored threat actors.
Help Net Security: The significantly oversubscribed fund is the largest seed stage cybersecurity-focused fund ever raised, bridging Israeli innovation and the US market. The fund will continue the firm’s long-standing strategy of supporting Israeli founders from inception through every critical stage of building a category-leading company and bolstering its position in the global market.
ZDNet: A record number of scams have been removed from the internet as part of a scheme to help protect people from fraud and cybercrime. The National Cyber Security Centre (NCSC) says it removed a total of 2.7 million scams, illicit domains and phishing services during 2021, nearly four times more than during 2020.
Yahoo Finance: ThoughtLab, a leading global research firm, today announced the findings of its 2022 cybersecurity benchmarking study, Cybersecurity Solutions for a Riskier World.
Bleeping Computer: The United Kingdom's National Cyber Security Centre (NCSC) has announced a new email security check service to help organizations identify vulnerabilities that could allow attackers to spoof emails or lead to email privacy breaches.
The Target: Heroku, a cloud platform as a service with support for several programming languages.
The Take: Exposure of customer passwords, file storage, and internal source code.
The Vector: The threat actor used previously exposed GitHub authorization tokens, general use tokens issued to third-party integration software firms by GitHub to allow them to integrate with their platform, and exploited these to connect to Heroku’s internal systems, allowing the attackers to exfiltrate and download the data from their database of customer accounts.
This breach is an important reminder of the danger of pivot attacks. While initially the authorization tokens which were stolen provided access only to customer accounts of Heroku who made use of the tokens, the attackers were able to pivot through these exposed accounts and access Heroku’s internal systems. No matter which level the breach takes place, it’s critical to evaluate all possible avenues of attack and take appropriate precautions.
Money Management: The Federal Court has found Australian Financial Services licensee, RI Advice, breached its license obligations to act efficiently and fairly when it failed to have adequate risk management systems to manage its cybersecurity risks.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy