Oct 23, 2020 9:27:42 AM
.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Oct 23, 2020 9:27:42 AM
The target: MAXEX, an Atlanta-based residential mortgage trading company.
The take: 9GB of internal company and client data including: confidential banking information, login credentials, emails, penetration test reports, and full mortgage documentation for 23 individuals.
The attack vector: The breach took place due to an unsecured, publicly exposed Jenkins server. A server of this type is used in a variety of highly sensitive activities in the operation and development of software applications. Notably in this breach, MAXEX had stored login credentials in plain text with enough permissions to compromise many of its other systems.
This breach highlights the importance of properly securing data. Furthermore, it underscores the critical importance of credential management as a compromise in one system can easily lead to a pivot to other systems, which can have a cascading negative impact upon company and client data.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy