.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The target: Suprema, a South Korean biometrics company.
The take: Unencrypted fingerprint data, facial recognition information and images, which are used to secure sensitive physical locations, user permissions and activity logs. Further to this, an additional 27.8 million records of data which included: client dashboards, usernames, passwords, ID’s, staff security levels and clearances, home addresses and emails; business hierarchies; mobile devices and operating system information.
The attack vector: An unsecured server accessed via web browser. This weakness let attackers manipulate the URL to expose huge amounts of unprotected data. Access to this information would allow: unauthorized changes to existing security settings within organization, lock out staff from their own systems, gain access to physical facilities, set up sophisticated phishing campaigns targeting senior personnel, and alter activity logs.
Reuters: The European Central Bank (ECB) shut down one of its websites on Thursday after it was hacked and infected with malicious software.
The ECB said no market-sensitive data had been compromised during the attack on its Banks’ Integrated Reporting Dictionary (BIRD), which it uses to provide bankers with information on how to produce statistical and supervisory reports.
Computer Weekly: The majority of UK financial companies are failing to prevent cyber security incidents, mainly because of employees failing to follow security policies and a lack of security budget, a survey reveals...
SC Media: First American Financial Corp. is reportedly the subject of a US Securities and Exchange Commission investigation, following the discovery of a website defect that left 885 million documents exposed to the public.
CNBC: Presidential contender Sen. Elizabeth Warren wants the Federal Trade Commission’s inspector general to open an investigation into the agency after it announced that victims of the Equifax data breach will get “nowhere near” the $125 compensation package originally advertised.
Reuters: Canadian lender Desjardins Group said on Monday it spent C$70 million ($53 million) in the second quarter related to a data privacy breach earlier this year that exposed personal information of 2.9 million members.
The company offered the affected accounts a credit monitoring plan and identity theft insurance for five years, without any additional costs to those customers, Desjardins said.
Computing: The report, entitled "The Dark Side of Russia: How New Internet Laws & Nationalism Fuel Russian Cybercrime", claims that Russia's new internet laws, which will come into effect on 1st November, will make it difficult for companies operating in Russia to protect both their communications and the privacy of their customers.
Forbes: Apple has massively increased the amount it’s offering hackers for finding vulnerabilities in iPhones and Macs, up to $1 million. It’s by far the highest bug bounty on offer from any major tech company.
That’s up from $200,000, and in the fall the program will be open to all researchers. Previously only those on the company’s invite-only bug bounty program were eligible to receive rewards.
The target: Sark Technologies
The take: Personal information of over 43,000 customers including: names, addresses, phone numbers, email address, encrypted card numbers and cardholder data.
The attack vector: A vulnerability within an image upload function of Sark Technologies’s reservation and management software, SuperINN. This allowed attackers to insert malicious scripts to export customer data to their own pockets. In addition, the hackers also identified another pathway of attack through a vulnerability in a SQL injection, using this to further extract sensitive cardholder data.
The Government of Canada: the Government is announcing two initiatives to help advance Canada’s National Cyber Security Strategy: the release of a National Cyber Security Action Plan, and the re-launching of the Cyber Security Cooperation Program with $10.3 million available over five years to support initiatives in the area of cyber security in Canada.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy