.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Security Magazine: Hiscox reveals that U.S. businesses’ cybersecurity spending is on the rise and they are leaders in cyber expertise, but still have more work to do when it comes to ransomware and phishing emails.
The target: The Kentucky office of Unemployment Insurance.
The take: Unauthorized access to claimant accounts which had the ability to alter the destination bank accounts of the benefit payments, forwarding the funds to fraudsters.
The attack vector: Attackers leveraged the lack of robust password hygiene and modern credential management in Unemployment Office’s IT systems. It was reported that some 4000 users had created passwords such as “1-2-3-4” and 1500 used the phrase “2020”, both easily exploited with moderate computing power and password cracking applications.
Enforcing strong password management across all platforms is critical to protecting customer data. Industry standard practices of password length, complexity, two-factor authentication, and email verification will only be effective if these methods are enforced. Doing so will ensure users, and their data, are protected as much as possible.
ZDNet: Hackers working for the Russian foreign intelligence service are behind the SolarWinds attack, cyber-espionage campaigns targeting COVID-19 research facilities and more, according to the United States and the United Kingdom.
DFS: Superintendent of Financial Services Linda A. Lacewell announced today that National Securities Corporation (“National Securities”) will pay a $3 million penalty to New York State for violations of DFS’s Cybersecurity Regulation that caused the exposure of a substantial amount of sensitive, non-public, personal data belonging to its customers, including thousands of New York consumers.
Funds Europe: French asset managers have been warned that they could be nurturing a false sense of security over their management of cybersecurity risks.
Barron's: Over the past year, lockdowns complicated traditional crime groups’ ability to conduct conspiracies. As a result, many migrated to the dark web, a digital underground where cybercriminals can remain anonymous. This trend popularized a shadow industry of services that allow criminals to continue to partake in activities like extortion and money laundering.
Private Equity Wire: Fund I closed at USD1.3 billion, exceeding its target of USD1 billion and making it one of the largest first-time, technology-focused private equity funds ever raised. Managing Partners of the firm include Greg Clark, Ian Loring, Steve Luczo, Matt MacKenzie and Hugh Thompson.
Yahoo Finance: Chris Inglis, a former NSA deputy director, is being nominated as the government's first national cyber director. Jen Easterly, a former deputy for counterterrorism at the NSA, has been tapped to run the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security.
Reuters: Cybersecurity company KnowBe4 Inc, backed by private-equity firm KKR & Co and funds affiliated with Goldman Sachs, said it was aiming for a valuation of up to $3 billion in its initial public offering in the United States.
The target: Office Depot, a European online seller of office equipment
The take: 974,050 wide-ranging records of sensitive information including: monitoring logs, server IP addresses, secure remote login credentials, and customer’s personally identifiable information such as names, physical addresses, and order history.
The attack vector: A non-password protected, unencrypted Elasticsearch database was left online, allowing anyone to access the information by entering the URL.
Leaving databases exposed to the internet without any credential management impacts its confidentiality, integrity, and availability. Furthermore, collecting and storing sensitive data in plain text without encryption increases the risk to clients. In some cases, the database credentials needed to access the encrypted data is stored on the same server, rendering the encryption ineffective. Proper credential access, along with best encryption practices is essential in keeping data secure.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy