Industry News: ESG5

2022-07-11

ZDNet: Brazen cyber criminals are now posing as cybersecurity companies in phishing messages that claim the recipient has been hit by a cyberattack and that they should urgently respond in order to protect their network.

Read more...

The Target: Kaiser Permanente, a U.S based health plan and health-care provider.

The Take: Personally Identifiable health Information on 69,000 individuals, including: first and last name, medical record number, dates of service, laboratory test results. 

The Vector: A threat actor gained access to compromised employee email account and acting with all the same permissions as the breached credentials, downloaded and stole the information.

This breach is a stark reminder of the importance of robust employee credential authentication and password hygiene. Performing regular monitoring on account behaviour is critical to ensure access is kept within the firm. Additionally, locking down appropriate permissions, admin access, and ensuring users only need the tools they need to do their jobs, and no more, will reduce the risk of these attacks.

Read more...

2022-07-07

Security Week: A SecurityWeek study showed that more than 430 cybersecurity mergers and acquisitions were announced in 2021. SecurityWeek will soon also publish an M&A analysis for the first half of 2022.

Read more...

2022-07-07

BNN Bloomberg: China’s cabinet stressed the need to bolster information security, following a huge leak of personal data that could be the largest cyber-attack in the country’s history. 

Read more...

2022-07-06

Tech Crunch: Hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data, including guests’ credit card information.

Read more...

2022-07-06

The Middletown Press: Officials with a Foxborough, Mass.-based cybersecurity firm announced their company has acquired Edge Technology Group of Greenwich, which is an information technology company serving financial firms.

Read more...

2022-07-06

Dark Reading: The recent upheaval in the supply chain is unprecedented, thanks to ongoing disruptions tied to the pandemic, financial and trade sanctions stemming from Russia's war in Ukraine, cyberattacks targeting the supply chain, and other factors.

Read more...

2022-07-06

Tech Radar: The Chief Digital and Artificial Intelligence Office (CDAO), the Directorate for Digital Services and the Department of Defense Cyber Crime Center (DC3) jointly launched “Hack US”, a bounty-hunting program aimed at identifying high-severity flaws in government systems.

Read more...

2022-07-05

Forbes: When a private equity firm had acquired a midsized manufacturer late last year, little did they know that someone else had set on the same target as well. Just two months after it was purchased, a cybercriminal organization launched a crippling ransomware attack that locked up the manufacturer’s systems.

Read more...

The Target: Halfords, a U.K-based automobile maintenance service.

The Take: Exposure of Personally Identifiable Information of current and past customers including: telephone number, car details, and physical address location.

The Vector: The firm’s automated confirmation email which contained a URL link for order tracking with ID in the address. By incrementing the ID number, different orders belonging to other customers were able to be freely accessed and seen.

The breach is critical reminder of the importance of credential management and authentication around points of access which expose customer data. The information stored in customer record scenarios is especially sensitive as the exposed details can greatly aid malicious actors in crafting highly targeted and effective spear-phishing campaigns. All points of access to sensitive data should be appropriately locked down, minimizing unnecessary and dangerous exposure of customer information.

Read more...