Industry News: ESG5

The Target: Zendesk, a customer solutions service provider.

The Take: Access to an internal logging database which may have contained service data belonging to Zendesk and its customers.

The Vector: An employee’s credentials were compromised though an SMS phishing attack which led to the employees handing over their login credentials to the attackers.

This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. Regular social engineering and phishing awareness training are effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.

Read more...

2023-01-25

Mondaq: Cybersecurity has become an increasingly regulated area of risk for many businesses in the digital world. As technology has advanced and cyber-attacks have become more sophisticated, the measures needed to protect business' data from breaches become more extensive too. This is mirrored by an increased regulatory environment where sanctions are implemented more strictly and conservatively by regulators.

Read more...

2023-01-25

Bleeping Computer: Zacks discovered the at the end of last year that some customer records had been accessed without authorization. An internal investigation into the incident determined that a threat actor gained access to the network somewhere between November 2021 and August 2022.

Read more...

2023-01-25

Sky News: The attacks - known as distributed denial-of-service (DDoS) - work by directing high volumes of internet traffic towards targeted servers in a bid by so-called hacktivists to knock them offline.

Read more...

2023-01-24

CNBC: North Korean-linked actors were behind the theft of $100 million through the hack of a crypto product last year, the Federal Bureau of Investigation said.

Read more...

2023-01-24

TechCrunch: LastPass’ parent company GoTo — formerly LogMeIn — has confirmed that cybercriminals stole customers’ encrypted backups during a recent breach of its systems.

Read more...

2023-01-23

Private Equity Wire: Abacus Group, a provider of hosted IT services and solutions to alternative investment firms, has acquired two boutique cybersecurity consulting companies, Gotham Security and its parent company, GoVanguard, which will now be known as Gotham Security, and will operate as an independent subsidiary of Abacus Group. 

Read more...

2023-01-23

DarkReading: Leading global intelligence and cyber security consultancy S-RM has today revealed in its Cyber Security Insights Report that there has been a drop in concern around the cyber security threats posed by hybrid working. However, a significant proportion (35%) of IT leaders say they are concerned over a cyber skills gap among employees. 

Read more...

The Target: Myrocket, a Human Resources recruitment company based in India.

The Take: Exposure of 200,000 employees and 9 million candidate records of Personally Identifiable Information including: names, taxpayer information, personal identification numbers, emails, phone numbers, bank details, dates of birth, salaries, payslips, employees roles, and more.

The Vector: A misconfigured data server was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data.

This breach is critical reminder that authentication controls are an important piece in an overall robust cybersecurity posture. This data is perfect for constructing highly effecting spear-phishing campaigns. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.

Read more...

2023-01-19

BNN Bloomberg: In findings published, the blockchain forensics firm estimated that ransom payments — which are almost always paid in cryptocurrency — fell to $456.8 million in 2022 from $765.6 million in 2021, a 40% drop.

Read more...