.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Cision: Bugcrowd, the world's first crowdsourced cybersecurity platform for multiple solutions, released its annual Inside the Mind of a Hacker '21 report, which provides CIOs and CISOs valuable insight on ethical hackers and the economics of security research.
The Hill: The Department of Homeland Security (DHS) announced a new program to attract and retain cybersecurity professionals, as major cyber incidents have ticked up over the past year and are drawing more government attention.
The target: Robin Hood, a U.S based investment and trading platform.
The take: Exposure of an estimated 7 million customer accounts with Personally Identifiable Information including: 5 million email addresses and 2 million full names. For a small number of the exposed records, dates-of-birth and zip codes were also vulnerable.
The attack vector: The attacker used social engineering to target one of Robin Hood’s Customer Support Representatives, tricking them into thinking they had authentication to access the firm’s internal systems and handed over their credentials. Using these legitimate permissions, the threat actors immediately accessed the sensitive data.
This breach highlights the great and always on-going risk that social engineering attacks pose to organizations. The strongest security controls are often only as effective as the employees who maintain them. Regular awareness testing and training, along with an emphasis on the importance of critical thinking and caution when receiving access requests from third parties is critical to a robust cybersecurity posture.
Arab News: The growing popularity of e-commerce, online public services and social media in Saudi Arabia has brought many benefits that can improve the quality of day-to-day life.
Lexology: Cyber security breaches are overwhelmingly the greatest staff-related risk for a financial services business, according to a survey of Channel Island employers at Walkers' three-day virtual employment law conference.
ZDNet: US Vice President Kamala Harris said the US will be joining the Paris Call for Trust and Security in Cyberspace -- a voluntary agreement between more than 80 countries, local governments, and tech companies centered on advancing cybersecurity and "preserving the open, interoperable, secure, and reliable Internet."
UKTN: The unexpected onset of the COVID-19 pandemic and the shift of workspace have led to a rapid increase in cyber-attacks across the world. According to Check Point research, the number of ransomware assaults worldwide increased by 102% in 2021.
Dark Reading: A recent surge in Clop ransomware attacks led researchers to spot a common thread in the first stage of the attack: the exploitation of a known and patched vulnerability in SolarWinds Serv-U file server software.
BNN Bloomberg: An investor group led by buyout firms Advent International Corp., Permira Advisers and others agreed to take McAfee Corp. private in a deal that values the cybersecurity software maker at more than US$14 billion including debt.
The target: UMass Memorial Health, a Massachusetts-based healthcare network.
The take: 209,000 records of Personally Identifiable Information including: names, dates of birth, medical record numbers, health insurance information, and clinical treatment information with dates of services, diagnoses, procedure information, and prescription details.
The attack vector: The firm’s IT system was compromised when an employee fell for a phishing email. This granted the attackers access to all the files and programs to which the employee’s account was authorized to view.
This breach highlights the ongoing threat that phishing attacks pose for firms and remain one of the greatest security threats to an entire organization. Regular social engineering and awareness testing and training, along with tone-from-the-top messaging to emphasize the importance of critical thinking and caution are crucial to protecting sensitive information assets.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy