.jpg?width=200&height=78&name=CH%20Diligence%20(thicker%20line).jpg "CH Diligence (thicker line)")
ZDNet: Hackers working for the Russian foreign intelligence service are behind the SolarWinds attack, cyber-espionage campaigns targeting COVID-19 research facilities and more, according to the United States and the United Kingdom.
DFS: Superintendent of Financial Services Linda A. Lacewell announced today that National Securities Corporation (“National Securities”) will pay a $3 million penalty to New York State for violations of DFS’s Cybersecurity Regulation that caused the exposure of a substantial amount of sensitive, non-public, personal data belonging to its customers, including thousands of New York consumers.
Funds Europe: French asset managers have been warned that they could be nurturing a false sense of security over their management of cybersecurity risks.
Barron's: Over the past year, lockdowns complicated traditional crime groups’ ability to conduct conspiracies. As a result, many migrated to the dark web, a digital underground where cybercriminals can remain anonymous. This trend popularized a shadow industry of services that allow criminals to continue to partake in activities like extortion and money laundering.
Private Equity Wire: Fund I closed at USD1.3 billion, exceeding its target of USD1 billion and making it one of the largest first-time, technology-focused private equity funds ever raised. Managing Partners of the firm include Greg Clark, Ian Loring, Steve Luczo, Matt MacKenzie and Hugh Thompson.
Yahoo Finance: Chris Inglis, a former NSA deputy director, is being nominated as the government's first national cyber director. Jen Easterly, a former deputy for counterterrorism at the NSA, has been tapped to run the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security.
Reuters: Cybersecurity company KnowBe4 Inc, backed by private-equity firm KKR & Co and funds affiliated with Goldman Sachs, said it was aiming for a valuation of up to $3 billion in its initial public offering in the United States.
The target: Office Depot, a European online seller of office equipment
The take: 974,050 wide-ranging records of sensitive information including: monitoring logs, server IP addresses, secure remote login credentials, and customer’s personally identifiable information such as names, physical addresses, and order history.
The attack vector: A non-password protected, unencrypted Elasticsearch database was left online, allowing anyone to access the information by entering the URL.
Leaving databases exposed to the internet without any credential management impacts its confidentiality, integrity, and availability. Furthermore, collecting and storing sensitive data in plain text without encryption increases the risk to clients. In some cases, the database credentials needed to access the encrypted data is stored on the same server, rendering the encryption ineffective. Proper credential access, along with best encryption practices is essential in keeping data secure.
Cision: Darktrace, a leading autonomous cyber security AI company, today announced that a study conducted by MIT Technology Review finds that 96% of security leaders are now preparing for the emergence of AI-powered cyber-attacks, with many embracing AI defenses.
ZDNet: Phishing attacks remain a huge problem and crooks are spending a lot of time and effort to ensure that, for the potential victim, clicking on a bad link is the most intuitive and easiest thing to do.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montréal
1080 Côte du Beaver Hall, Suite 904
Montréal, QC
Canada, H2Z 1S8
+1-450-465-8880
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy