Industry News: ESG5

The target: Adobe, an American computer software company.

The take: 7.5 million customer accounts which contained email addresses, account creation dates, subscription status, country and payment details.

The attack vector: A misconfigured Elasticsearch cloud database was left online without any password protection. This information could easily be used to launch sophisticated, targeted phishing attacks to trick users into giving further sensitive details.

When provisioning new systems or types of systems, care must be taken to ensure that appropriate and proportionate security measures are implemented, either by automated scanning or by manual review. Adopting (and validating) robust controls to technological tools employed is critical to secure operations. 

Read more...

2019-11-29

Yahoo Finance: At a time when trust has become central to the customer experience, KPMG cyber security practice leaders have told a roundtable that they believe financial services firms are demonstrating a commitment to trust through their cyber agendas. They said that amidst accelerating technological disruption, actively managing customer trust is presenting new revenue opportunities and challenges for financial institutions.

Read more...

2019-11-27

Cointelegraph: In its “Cryptocurrency Anti-Money Laundering Report, 2019 Q3,” security research firm CipherTrace delved into the 120 most popular cryptocurrency exchanges’ compliance with Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements and analyzed patterns in crypto-related crimes.

Read more...

2019-11-26

Cision: Madrid-based cybersecurity firm buguroo has secured $11 million in Series A funding to bring its Deep Learning based online fraud detection and prevention technology, combining behavioral biometrics, malware detection and device assessment, to more financial services customers.

Read more...

2019-11-25

Pensions & Investments: Record keepers are under pressure from retirement plan trustees and regulators to protect participant data in the U.K. after several companies such as Tesco PLC and British Airways PLC became targets of cyberattacks.

Read more...

2019-11-25

Bloomberg: Dell Technologies Inc. is exploring a sale of RSA Security, a cybersecurity business it hopes could fetch at least $1 billion, including debt, according to people familiar with the matter.

Read more...

2019-11-25

ZDNet: The Australian government should reinstate the position of Minister for Cybersecurity, according to multiple public submissions to the review of the nation's Cyber Security Strategy 2020.

Read more...

2019-11-24

The Hindu: An industry-oriented workshop on ‘Cyber security technologies and applications’ organised at the Indian Institute of Information Technology (IIIT Sri City) gave a fresh outlook on the emerging opportunities in the sector as well as future global applications.

Read more...

The target: Macy’s, an American department store chain.

The take: First and last names, physical addresses, ZIP codes, email addresses, payment card numbers, card security codes and expiration dates.

The attack vector: The attackers used card skimming code, colloquially termed as Magecart, to inject a malicious script into two pages on Macy’s website, the wallet and checkout page. Tampering with the scripts on the retailer’s website allowed attackers to ‘skim’ sensitive information as it was entered by customers and forward it to their own systems.

Any webpage where sensitive information is entered by the user is a prime target for hackers. Ensuring robust standards around critical nodes such as these are key for strong security practices.

Read more...

2019-11-21

The Irish News: The Northern Ireland division of US cybersecurity firm Proofpoint lost £1million last year on the back of a significant increase in salary costs, a new report produced by the company has shown.

Read more...