.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Discord.io is not an official Discord site but a third-party service allowing server owners to create custom invites to their channels. Most of the community was built around the service's Discord server, with over 14,000 members.
The Take: The most sensitive information in the breach is a member's username, email address, billing address (small number of people), salted and hashed password (small number of people), and Discord ID.
The Vector: A person known as 'Akhirah' began offering the Discord.io database for sale on the new Breached hacking forums. As proof of the theft, the threat actor shared four user records from the database.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. In particular, the information exposed here is perfect for crafting highly believable phishing campaigns as it would allow push notifications. Access monitoring and testing for every public-facing webpage is a key strategy to mitigate these kinds of breaches to protect a firm’s customer base.
Dark Reading: Cyber defenders so far are winning the war over artificial intelligence: AI tools have yet to be meaningfully integrated into cyberattacks, while defenders have been using them to greater effect.
Forbes: In the ever-changing landscape of cybersecurity, chief information security officers (CISOs) play a crucial role in safeguarding organizations against evolving threats.
Advisor's Edge: The Canadian financial services industry is seeing a surge in cybercrime and fraud, according to new data from LexisNexis Risk Solutions.
SecurityWeek: The plans were announced in an SEC filing, with employees being notified starting August 14. In addition, the company revealed that it’s implementing “certain real estate‑related cost optimization actions”.
Traders Magazine: Artificial Intelligence has considerably impacted the financial services industry in recent years, especially since the advent of OpenAI in late 2022.
Forbes: Finance organizations within midsize businesses have more on their minds than the traditional risks in credit, operational budgets, investments, and regulatory compliance.
Network Computing: Cybersecurity has been rapidly moving to the cloud, driving organizations to cloud-based solutions from third-party vendors instead of self-owned and maintained network security devices and software.
The Target: Salesforce, Inc., an American cloud-based software company headquartered in San Francisco, California
The Take: The goal of the phishing kit employed in this campaign was to steal Facebook account credentials, even featuring two-factor authentication bypassing mechanisms.
The Vector: The attackers chained a flaw dubbed "PhishForce," to bypass Salesforce's sender verification safeguards and quirks in Facebook's web games platform to mass-send phishing emails.
As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.
US News: One of the world’s biggest law firms said it is separating from the Chinese firm that was part of its global network for eight years, citing changes in cybersecurity and other rules that have rattled foreign companies.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy