.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
ABC News: Businesses hit by cyber attacks will be required to report the incidents to federal authorities, as new specific offences for criminals operating online are announced by the Federal Government.
The target: Twitch.tv, a U.S based video game streaming service.
The take: Exposure of 125GB of information including source code and commit history dating back to the company’s founding, creator payout revenue from 2019 to 2021, their internal cybersecurity tool NOC tool, and which AWS services they use.
The attack vector: A misconfiguration error left one of its servers exposed, allowing the attacker to gain access to the server and exfiltrate the data of some 6000 repositories of firm storage.
It is critical to employ robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data exposure.
EIB: The European Cyber Security Organisation (ECSO) and the European Investment Advisory Hub, a joint advisory initiative of the European Investment Bank (EIB) Group and the European Commission, announced their participation in a feasibility study on the design and set-up of a European Cybersecurity Investment Platform (ECIP).
Help Net Security: The National Cybersecurity Alliance and CybSafe announced the release of a report which polled 2,000 individuals across the U.S. and UK. The report examined key cybersecurity trends, attitudes, and behaviors ahead of Cybersecurity Awareness Month this month.
The United States Department of Justice: Deputy Attorney General Lisa O. Monaco announced the creation of a National Cryptocurrency Enforcement Team (NCET), to tackle complex investigations and prosecutions of criminal misuses of cryptocurrency, particularly crimes committed by virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure actors.
Yahoo Finance: The bicameral Ransom Disclosure Act, drafted by Sen. Elizabeth Warren and Rep. Deborah Ross, would mandate companies and organizations — though not individuals — to provide the U.S. Department of Homeland Security data on ransomware payments, including the amount and type of cryptocurrency demanded and the sum that was paid.
Money Marketing: Financial firms must start taking cyber security more seriously, as it is something the UK regulator is likely to get tough on, Financial Technology Research Centre founder and director Ian McKenna has warned.
Private Equity Wire: Over the past 18 months, the shift towards working from home has exposed private equity firms to a far higher threat of cyberattacks, and many have wanted to review their cybersecurity options to ensure good defences against cyber-attack, says George Ralph, Global Managing Director and CRO of business IT consultancy RFA, who specialise in cloud, data, and cybersecurity solutions.
California News Times: A Bank-backed initiative to test cyber defenses in the UK financial sector is open to financial services companies of all types and sizes on Monday with the most extensive exercises of its type.
The target: Portpass, a private proof-of-vaccination mobile application.
The take: Exposure of potentially 650,000 records of personally identifiable information including: email addresses, names, blood types, phone numbers, birthdays, and driver's licences
The attack vector: Portpass stored user profiles on their website, accessible to the public, which exposed the above information to anyone visiting the site. This data not encrypted and was stored as plain text.
Use of industry standard authentication protocols is an integral part of maintaining a rigorous cybersecurity posture, and it is critical to employ robust practices of credential management, user authentication and validation, around all points of access, especially public facing ones, in a firm’s IT network. This breach also highlights the important of encryption as a method to improve the security of stored data, which can still protect the exposed information.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy