.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Army Futures Command, a division of the United States’ Depart of Defense.
The Take: Exposure of Personally Identifiable Information of an unknown amount.
The Vector: Settings controlling access to Shared files on Microsoft Teams were accidentally set to “public” instead of private, resulting in any shared files being exposed to all users across the firm. The default settings were set to public, and the company did not investigate these settings prior using the messaging platform.
This breach is a stark reminder of the importance of access control around shared files and the configuration of settings that control them. Sensitive information must be protected and trusting in default settings to be sufficient is not part of maintaining a robust cybersecurity posture. Investigating any avenue through which information is shared, even inside the firm, is critical to get a full and clear picture of how information is handled.
Evening Standard: Six of the top UK “challenger” banks have weak financial controls that leave them at risk of being victims of money laundering, terrorist financing, fraud and cyber-crime, the top City watchdog warned today.
Help Net Security: VMware released a report which takes the pulse of the financial industry’s top CISOs and security leaders on the changing behavior of cybercriminal cartels and the defensive shift of the financial sector.
JDSUPRA: On March 9, 2022, the Securities and Exchange Commission (“SEC”) announced Proposed Rules on cybersecurity risk management, strategy, governance, and incident disclosure (“Proposed Rules”) to address concerns of increasing cybersecurity threats to public companies.
Yahoo Finance: An Israeli private investigator pleaded guilty in a probe of a vast hacking-for-hire ring that allegedly targeted hedge funds, short sellers, journalists and advocacy groups fighting climate change.
ZDNet: Eight cybersecurity authorities from the Five Eye nations have come together to release a joint cybersecurity advisory that more malicious cyber activity is on the way as Russia's invasion of Ukraine continues to affect geopolitical stability.
Funds Tech: Europe’s financial institutions have been urged by regulators to makes themselves more resilient to a growing risk of cyber security that has been intensified by war and has stalled the economic recovery from Covid.
Cision: This new investment will support Fortress's mission of securing U.S. critical industries from cybersecurity and operational threats emanating from their supply chains.
The Target: Christie Business Holdings Company, a major medical firm based out of Illinois in the United States.
The Take: Personally Identifiable Data belonging to 500,000 individuals. The data accesses contained: names, addresses, medical and insurance information, and Social Security Numbers.
The Vector: The threat actors gained access through BEC attack (Business Email Compromise) on an employee’s email account, therefore able to act with all the permissions of said employee, and attempted to intercept business transactions as well as view the exposed personal data.
This breach is a stark reminder of the important not only robust employee credential authentication and password hygiene, but also the principle of least privilege. When a firm’s employee account is breached, it’s critical to note the attackers can access and perform all the same actions as the employee. Locking down appropriate permissions, admin access, and ensuring users only need the tools they need to do their jobs, and no more, will reduce the risk of these attacks.
ZDNet: Founded in 2003, Barracuda is the developer of cybersecurity solutions, including email protection, app and cloud defenses, data management, and network security. Products include Secure Access Service Edge (SASE) offerings, threat detection and response, and data inspection.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy