.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
ZDNet: The United States Commission on International Religious Freedom (USCIRF) has been hit with a cyberattack, according to cybersecurity firm Avast.
The Target: Gumtree, a U.K based online retailer of used goods.
The Take: Exposure of potentially 1.7 million records of Personally Identifiable Information including: full name and physical location (postal code or coordinates).
The Vector: A software vulnerability allowed threat actors to view user’s physical locations by simply pressing F12 to view the Developer Tools and inspect the website’s source code, a feature present in every modern internet browser. In addition, one of its APIs exposed usernames, allowing them to be read without any authentication.
This breach highlights the importance of rigorous software testing and the deployment of authentication methods wherever user data is being handled. Ensuring that whenever a firm’s website is transmitting user data it is using protective and confidential methods, such as securing source code and employing proper authentication, will help firms meet cyber industry standards which are critical for a company’s overall posture.
Global Newswire: The Healthcare sector is experiencing a paradigm shift due to many factors. New models of care are evolving, the focus is shifting from illness to wellness, and costs continue to climb amid growing demand for personalized, long-term care and the need for patients to participate in care management.
Global News: Prime Minister Justin Trudeau has tasked a committee of senior cabinet ministers to develop a new national cybersecurity plan amid increasingly public warnings from the country’s intelligence community about online threats.
Advisor's Edge: egulators in the U.S. and U.K. are warning the financial industry about a cybersecurity vulnerability that has been uncovered with open-source software widely used in enterprise applications and cloud services.
ZDNet: Crypto platform AscendEX has pledged to reimburse their customers, who lost a total of $77.7 million in a hack on December 11.
Help Net Security: The end of the year chaos caused by the revelation of the Log4Shell vulnerability has, for some organizations, been augmented by a ransomware attack on Ultimate Kronos Group (UKG), one of the biggest HR and workforce management solutions providers in the US.
Yahoo Finance: Some say that antivirus software that you install on your PC may have run its course when it comes to the next generation of computing in the cloud. Today a startup that has built what it believes comes next is making some news with a large funding round, its first outside money.
ABC News: The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent statement about a new cyber vulnerability that could touch a wide swath of the internet.
The Target: Régie Autonome des Transports Parisiens
The Take: Exposure of 3 million records of Personally Identifiable Information belonging to 60,000 employees including: full names, email addresses, source code and APIs, logins for their RATP accounts, hashed passwords, and more critically, access to the firm’s Github account where attackers could access ongoing projects.
The Vector: The data was left open and accessible to public on an unsecured SQL database backup server, allowing anyone with internet access to connect and view the sensitive information.
It is critical to employ robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data exposure. This breach highlights the multiplicative effects of these cascading pivot attacks which is why it’s important to lock down every point of access in an IT system.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy