Industry News: ESG5

The target: Scotiabank, a major Canadian based banking institution

The take: Login keys to backend systems, internal source code of mobile apps, software blueprints, and credentials for a database of foreign exchange rate data.

The attack vector: The data in question was left accessible on a non-secured public repository, GitHub. Analysis of the leaked data could provide numerous and deep exploitations and vulnerabilities.

Source code repositories, like file storage repositories, must be correctly configured to ensure that sensitive data remains internal and accessible only by authorized parties. Default permissions or accessibility settings must always be reviewed before sensitive data is committed to storage.

Read more...

2019-09-19

Forbes: Acronis, a data protection and storage company, achieved unicorn status on Wednesday with a $147 million funding round led by Goldman Sachs. The company’s first major injection of cash boosts its valuation to more than $1 billion, according to CEO and founder Serguei Beloussov.

Read more...

2019-09-19

The Sydney Morning Herald: Australians who have had their super accounts drained by crime gangs will be fully compensated as some of the country's biggest funds ramp up cyber-security in the wake of an alleged $10 million international identity theft scam.

Read more...

2019-09-17

LA Sentinel: Los Angeles Mayor Eric Garcetti today announced L.A. Cyber Lab’s new Threat Intelligence Sharing Platform, as well as a free mobile app that will help people detect malicious email. Garcetti said this makes Los Angeles the first city in the nation to release a publicly available threat-sharing platform and cybersecurity app.

Read more...

2019-09-16

SecurityWeek: Researchers at vpnMentor said the problem stemmed from an unsecured server located in Miami that contained information on over 20 million individuals, most of whom reside in Ecuador. The small South American nation is home to just over 17 million people, meaning nearly everyone could have been exposed.

Read more...

2019-09-16

University Affairs: Universities in Canada are joining the growing ranks of global cybercrime fighters. In June alone, three universities – Ryerson University, the University of Waterloo and the University of New Brunswick – announced initiatives to increase the country’s cybersecurity capacity.

Read more...

2019-09-16

The Strait times: Global cyber security firms, large and small, that set up base in Singapore to grow their businesses and capabilities can tap the Republic's technical prowess, skilled manpower and networks, Senior Minister Teo Chee Hean said.

Read more...

2019-09-16

CBR: Improving cybersecurity is now top of the technology investment agenda at banks, according to an annual survey conducted by Lloyds Banking Group: climbing above reducing operating costs and improving customer satisfaction – last year’s priorities.

Read more...

The target: Monster.com, a popular job posting website service.

The take: Personal information of hundreds of job applicants dating between 2014 and 2017 including: resumes, phone numbers, email addresses, home addresses and work history.

The attack vector: A customer of Monster.com, a third-party recruitment company, misconfigured a publicly-accessible web server, leaving records exposed.

A firm’s security posture is only as good as its weakest link - sub-contractors and third parties with access to sensitive data are possible sources of data leakage and must be held to a firm’s own security standards.

Read more...

2019-09-12

Business Irish: Justice Minister Charlie Flanagan has admitted that the Government cannot deal with the threat of cyber-attacks on its own. Speaking this morning at the Secure Computing Forum cyber security conference at Dublin's RDS, the Minister stressed that Ireland needs to stay ahead of the growing number of cyber-criminals.

Read more...