.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Cornerstone Payment Systems
The Take: Exposure of 9 million transaction records which exposed Personally Identifiable Information including: email addresses, names, physical addresses, phone numbers, types of credit cards and donation details including destination and dollar amount.
The Vector: A misconfigured data server was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data.
This breach is critical reminder that authentication controls are an important piece in an overall robust cybersecurity posture. This data is perfect for constructing highly effecting spear-phishing campaigns. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.
Bleeping Computer: An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges.
BNN Bloomberg: The US’s first national cyber director, Chris Inglis, is planning to step down in the coming months, according to a person familiar with the matter.
Help Net Security: Kevin Weiss brings over 25 years of strategy and leadership experience in the technology space and joins Sectigo from Spireon, where he served as CEO for more than six years.
Axios: Heading into 2023, cybersecurity companies are starting to see the first signs of the economic downturn hitting their businesses. The big picture: More companies are starting to see their customers prioritize services like incident response over more costly, proactive IT investments like transitions to the cloud.
CBC: Toronto's Hospital for Sick Children says it has been hit with a ransomware attack affecting some of its phone lines, web pages and clinical systems.
CNBC: Imagine this situation: your CEO just resigned and as CFO, you’re the acting chief. After returning to the office from an exhausting overseas trip, your CIO informs you that malware was deployed within your customer databases.
Bleeping Computer: Sports betting company DraftKings revealed last week that more than 67,000 customers had their personal information exposed following a credential attack in November.
The Target: Uber, a U.S based ride-service company.
The Take: Exposure of sensitive company information including: IT Asset reports, Windows domain login names and email addresses, and Active Directory information.
The Vector: The data was stolen through a breach in a third-party provider, Teqtivity, using compromised employee credentials. These were used to gain access to an AWS backup server.
This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data. The information stolen in this attack could lead to highly targeted phishing campaigns against Uber. Regular vendor assessments are a key component in cybersecurity.
ITPro: The US' Department of Justice (DoJ) has begun the seizure of 48 DDoS-for-hire services and brought criminal charges against six individuals involved.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy