.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Dark Reading: The National Security Administration (NSA), along with a coalition of international cybersecurity authorities, today issued an advisory warning managed service providers (MSPs) of an escalating threat of attack from both everyday cybercriminals and state-sponsored threat actors.
Help Net Security: The significantly oversubscribed fund is the largest seed stage cybersecurity-focused fund ever raised, bridging Israeli innovation and the US market. The fund will continue the firm’s long-standing strategy of supporting Israeli founders from inception through every critical stage of building a category-leading company and bolstering its position in the global market.
ZDNet: A record number of scams have been removed from the internet as part of a scheme to help protect people from fraud and cybercrime. The National Cyber Security Centre (NCSC) says it removed a total of 2.7 million scams, illicit domains and phishing services during 2021, nearly four times more than during 2020.
Yahoo Finance: ThoughtLab, a leading global research firm, today announced the findings of its 2022 cybersecurity benchmarking study, Cybersecurity Solutions for a Riskier World.
Bleeping Computer: The United Kingdom's National Cyber Security Centre (NCSC) has announced a new email security check service to help organizations identify vulnerabilities that could allow attackers to spoof emails or lead to email privacy breaches.
The Target: Heroku, a cloud platform as a service with support for several programming languages.
The Take: Exposure of customer passwords, file storage, and internal source code.
The Vector: The threat actor used previously exposed GitHub authorization tokens, general use tokens issued to third-party integration software firms by GitHub to allow them to integrate with their platform, and exploited these to connect to Heroku’s internal systems, allowing the attackers to exfiltrate and download the data from their database of customer accounts.
This breach is an important reminder of the danger of pivot attacks. While initially the authorization tokens which were stolen provided access only to customer accounts of Heroku who made use of the tokens, the attackers were able to pivot through these exposed accounts and access Heroku’s internal systems. No matter which level the breach takes place, it’s critical to evaluate all possible avenues of attack and take appropriate precautions.
Money Management: The Federal Court has found Australian Financial Services licensee, RI Advice, breached its license obligations to act efficiently and fairly when it failed to have adequate risk management systems to manage its cybersecurity risks.
ESG Clarity: Cybercrime has become an increasingly harmful threat to businesses over the past few decades, and the frequency and scale of attacks rose significantly during the pandemic. But many people think only of the technological disruption, or economic cost a cyberattack could cause their investments, failing to appreciate wider ESG implications.
Bleeping Computer: The Federal Bureau of Investigation (FBI) said today that the amount of money lost to business email compromise (BEC) scams continues to grow each year, with a 65% increase in the identified global exposed losses between July 2019 and December 2021.
CNBC: The Securities and Exchange Commission announced that it will almost double its staff responsible for protecting investors in cryptocurrency markets.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy