.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
ABA Banking Journal: With a joint agency final rule requiring banks to notify their primary regulatory within 36 hours of becoming aware of computer security incidents that are considered “notification incidents” taking effect on May 1, the OCC issued a bulletin reminding banks of their notification responsibilities and specifying points of contact.
CNN: The latest crypto hack has targeted a gaming-focused blockchain network that supports the popular video game Axie Infinity. Hackers made off with about $625 million worth of Ethereum and USDC, two cryptocurrencies, in one of the largest crypto hacks of all time.
The Target: Doctors Me, a private self-assessment health service company located in Japan.
The Take: Exposure of 300,000 records of nearly 12,000 customers. The exposed information was a collection of symptom photos, in many cases, exposing the customer’s faces.
The Vector: A misconfigured Amazon S3 storage server was left open online, meaning anyone with internet access could have viewed and downloaded the data.
While the photos were uploaded anonymously, attackers can cross reference these pictures with other social media sties and craft extremely effective spear-phishing campaigns, as well engage in fraud and blackmail. This breach is another critical reminder of the importance of airtight credential management at all points of access for firms. Ensuring two-factor and comprehensive user authentication is paramount for a robust cybersecurity posture.
Yahoo Finance: A day after U.S. President Joe Biden issued a stark warning that a Russian cyberattack “is coming,” members of his administration hosted a three-hour call with about 13,000 people representing businesses, public agencies and other organizations to discuss the potential threat.
PYMNTS: Seven teenagers were arrested by London police on Thursday (March 24) in connection with the recent hacking spree by the Lapsus$ cyber-crime gang that infiltrated Microsoft and Okta this week and recently, Samsung, Ubisoft and Nvidia.
Business Wire: New research from Thales has found that malware, ransomware and phishing continues to plague global organisations. In fact, one in five (21%) have experienced a ransomware attack in the last year; with 43% of those experiencing a significant impact on operations.
Business Wire: The Cyber Risk Institute (CRI), the Cloud Security Alliance (CSA), and the Bank Policy Institute-BITS announced today the release of a cloud extension for the CRI Profile version 1.2. The “Cloud Profile” represents the collaboration of over 50 financial institutions and major cloud service providers (CSPs) to extend the CRI Profile, which is a widely accepted cybersecurity compliance framework for the financial sector.
Investment Executive: According to Edelman’s 2021 Trust Barometer, two thirds of Canadians said they were worried about cyberattacks — more than those who were worried about contracting Covid-19. With the Canadian government now warning businesses about Russian cyberattacks, those concerns can only increase.
Yahoo News: EU countries should put in place a framework to manage cybersecurity risks at EU institutions, the European Commission said on Tuesday, amid concerns about rising cyberattacks that could disrupt key activities and steal sensitive information.
The Target: Melijoe.com a high-end e-commerce fashion retailer of luxury children’s clothing.
The Take: Exposure of 2 million records totalling 200GB of Personally Identifiable Information including: email addresses, names, gender, dates of birth, marketing and preferences data.
The Vector: A misconfigured Amazon S3 storage bucket was left open and unsecured, meaning anyone with an internet connection could have accessed and viewed the data.
This breach highlights the critical importance of employing robust practices of credential management, user authentication and validation. An unprotected point of entry on a key piece of equipment like a storage server can lead to a breach with a cascading effect on data security. The detailed personal information contained exposes users to targeted phishing attacks and fraud.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy