.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The target: Microsoft’s email server software, Microsoft Exchange.
The take: The networks of over 30,000 organizations, consisting of hundreds of thousand of on-premises servers. Threat actors have moved aggressively to exfiltrate personally identifiable information, highly sensitive company and client data, banking details, financial data, and more.
The attack vector: Four security holes in Exchange Server versions 2013 to 2019 were exploited in tandem to grant attackers full access to an array of email severs. More critically, in every instance where the breach was discovered, the intruders had installed a backdoor, which continues to allow remote access to affected servers even after the set of four vulnerabilities have been patched.
While zero-day exploits will unavoidably cause challenges for vendors and their clients, we underscore the critical nature of threat monitoring, timely patching, enacting defense-in-depth measures to mitigate the failure of any single layer of security controls. Approaching security incidents and overall cybersecurity with a “when not if” mindset can materially reduce the impact of incidents such as these.
Insurance Business: Boards and managers will soon be held responsible for protecting their organisations, shareholders, and customers from cyber risks as cyber attackers continue to take advantage of the work-from-home environment – potentially increasing directors and officers (D&O) liability insurance premiums.
Silicon: The wide ranging impact from the Microsoft Exchange zero-day flaws continue to be felt with a fresh warning from security researchers.
BNN Bloomberg: A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.
BNN Bloomberg: Cybersecurity platform Snyk Ltd. said it has closed a $300 million funding round that gives it a valuation of $4.7 billion, quadrupling its value since the start of 2020.
Private Equity Wire: Drawbridge will use the funds to accelerate product innovation, expand sales and marketing activities across North America and EMEA, and continue investing in its people, platform, and client services. The investment follows a period of dramatic growth for Drawbridge. Over 300 funds in the alternative investment industry – including hedge funds and private equity funds – with more than USD800 billion in Assets Under Management work with Drawbridge to build and maintain their cybersecurity programs.
Cision: Infosys, a global leader in next-generation digital services and consulting, and Interbrand, a global brand consultancy firm, today revealed that the potential risk in brand value of a data breach to the world's 100 most valuable brands could amount to as much as $223b, according to a joint cybersecurity and brand value impact report launched.
Financial Post: The European Banking Authority on Monday said it had been targeted by hackers, although no data had been obtained and it was redoubling efforts to shield itself amid a global cyber attack exploiting flaws in Microsoft’s mail server software.
The target: Star Alliance airlines, Air New Zealand, Malaysia Airlines, Finnair and others
The take: Frequent flyer information for at least a million passengers, including name, date of birth, gender, contact information, ID number and frequent flyer status.
The attack vector: The breach was traced to SITA, an IT service provider that claims to serve 90% of the global aviation industry, and acts as the intermediary to store and share frequent flyer information between airlines.
Supply chain attacks continue to pose a material threat, as bad actors identify high-value targets which can enable them to capture information for multiple organizations at once. When entrusting service providers with sensitive information, firms are still ultimately responsible for their data and must ensure that commensurate controls travel with it throughout its lifecycle.
We Live Security: Companies operating in the financial services industry aren’t by any means strangers to being targeted by various forms of financial crimes and fraud. However, over time, the playing field has changed and threat actors have adapted their tactics to better suit the digital world. Cybercriminals now use different flavors of fraud and extortion as well as directly breach companies to line their pockets.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy