.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
ZDNet: Singapore and the U.S. have conducted drills to assess how well banks operating in their respective markets respond to cybersecurity threats.
Bleeping Computer: The FBI and Ukrainian police have seized nine cryptocurrency exchange websites that facilitated money laundering for scammers and cybercriminals, including ransomware actors.
Dark Reading: The FBI is requesting more than $63 million in new funding to fight cyber threats in 2024. On April 27, FBI Director Christopher Wray presented before the House Committee on Appropriations Subcommittee on Commerce, Justice, Science.
The Target: Peugeot, a France based automobile manufacturer.
The Take: Exposure of company sensitive data including: credentials to a MYSQL database, secure web tokens along with their passphrases and locations of keys, a link to the git repository for the website, and source code.
The Vector: Peugeot’s website based in Peru was hosting an unsecured environment file (.env), which contains credentials for other services used by the program, or website in this case, that the developers are working on. The logins stored here exposed credentials to a third-party software Peugeot used named Symphony, which could let attackers download session IDs and impersonate users.
This breach is a critical reminder to monitor, flag, and properly secure all publicly accessible files on a website, and to furthermore ensure these files are protected by passwords adhering to robust cybersecurity standards of complexity and length. This attack also shows how one exposure of a system can lead to a pivot into other systems. It’s essential to secure all public-facing websites.
TechCrunch: Lookout’s long-running transition to becoming an enterprise security company is all but complete, revealing today that it’s selling its consumer mobile security business to Finland’s F-Secure in a deal valued at around $223 million.
The Economic Times: The United States is sending more of its cyber forces abroad to help foreign governments fight hackers, a top US military official said at the RSA cybersecurity conference in San Francisco.
Business Wire: Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), will highlight new research and insights on stage at the 2023 RSA Conference.
Crunchbase: Just as funding has sputtered to cybersecurity startups in recent quarters, the main exit avenue for startups and investors also has been narrowing.
Spiceworks: Last month, the Securities and Exchange Commission proposed sweeping cybersecurity regulations aimed at the finance sector to minimize cybersecurity risk, define incident response and public disclosure protocols, and more.
Forbes: As the founder of a nonprofit that focuses on cyber resilience, I often stress how important the dialogue is around assessing and analyzing a company's digital footprint, dark web exposure, leaked data and compromised credentials in real time.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy