Industry News: ESG5

2021-05-25

Forbes: Fraud is not a new problem. Some historians trace it back to 300 B.C., when a Greek merchant named Hegestratos took out an insurance policy on his boat full of corn with the intent to sink it and collect the insurance money.

Read more...

The target: FastTrack Reflex Recruitment, a U.K based online recruitment firm.

The take: Exposure of 20,000 records of personally identifiable information including: email addresses, home addresses, full names, phone numbers, dates of birth, and passport photos.

The attack vector: The information was exposed due to a misconfigured cloud storage account, allowing anyone with an internet connection to access and download a full copy of the details.

Leaving databases exposed to the internet without any credential management impacts its confidentiality, integrity, and availability. Taking the stance of using industry standard practices of password length, complexity, two-factor authentication, and email verification, will raise the level of protection needed for sensitive information.

Read more...

2021-05-19

BNN Bloomberg: Colonial Pipeline Co. confirmed on Wednesday that it paid hackers US$4.4 million in ransom after suffering a devastating cyberattack that took the U.S.’s largest fuel pipeline offline.

Read more...

2021-05-18

BNN Bloomberg: President Joe Biden’s infrastructure proposal includes billions of dollars tied to improving cybersecurity, an area of intensified interest after the ransomware attack on the Colonial Pipeline Co. sent U.S. gasoline prices soaring.

Read more...

2021-05-18

Hedge Week: Eyre will drive Drawbridge’s corporate cybersecurity strategy and oversee infrastructure, security and privacy initiatives as the company continues its rapid global growth. Eyre also serves as Managing Director and Head of Europe for Drawbridge. 

Read more...

2021-05-18

IT News: The centre, which launches this month, will be led by Elrich Engel. Engel is currently AMP’s group head of cyber security and digital protection at AMP and acting director of architecture for cyber security and data.

Read more...

2021-05-18

Institutional Asset Manager: The Financial Conduct Authority (FCA) has sent 4,430 of its employees on compulsory cyber and information security courses over the past two financial years – (FY 19-20 and FY 20-21) – to help combat the growing threat of financial crime, such as money laundering and fraud, according to official figures.

Read more...

2021-05-17

Forbes: On the first Friday in May, a gang of black-hat hackers operating under the ominous nom de guerre of DarkSide successfully breached the cyber defenses of Colonial Pipeline, a company that moves 100 million gallons of fuel a day through a 5,500-mile network of pipes running across the eastern half of the U.S.

2021-05-17

Bleeping Computer: The UK government has announced a call for advice on defending against software supply-chain attacks and ways to strengthen IT Managed Service Providers (MSPs) across the country.

Read more...

The target: The U.S based Fermilab Physics Laboratory

The take: Exposure of databases containing proprietary documents, project names, configuration files, passwords, and personality identifiable information such as employee names and emails.

The attack vector: Security researchers found wide open ports in Fermilab’s systems and were able to use these unprotected points of access to gain access to their IT ticketing support system and file transfer service. This led to further exposures of employee name and titles, as well as many sensitive documents attached to individual help tickets. Fermilab’s file transferring service was also online with no password protection.

This breach highlights the importance of credential management and thorough testing of points of access in a firm’s IT systems. All entry points should be secured through robust password controls, using the appropriate length and complexity, along with proper management and monitoring.

Read more...