.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Cision: Cybersecurity vulnerabilities are a major concern to business and organizations. The most recent massive computer breach, which allowed hackers to spend months exploring numerous U.S. government networks and private companies' systems around the world, has reignited the urgency in securing computer and information systems. According to a report by NPR, hackers attached their malware to a software update from SolarWinds, a company based in Austin, Texas. Many federal agencies and thousands of companies worldwide use SolarWinds' Orion software to monitor their computer networks.
The target: Solution for Healthcare. a Vietnamese technology firm which provides software for electronic health records and hospital management.
The take: 12 million records of an estimated 80,000 patients and healthcare staff. The personally identifiable information included: full names, dates of birth, postal codes, email addresses, phone numbers, passport details, credit card numbers, and detailed medical records.
The attack vector: The data was initially exposed due to an unsecured Elasticsearch server the company maintained which had no monitoring or credential management. The lack of any security measures whatsoever led to the further development wherein the exposed database was attacked by a malicious, automated software script named Meowbot. This led to the deletion of an unspecified amount of information in the server.
Leaving databases exposed to the without any credential management impacts its confidentiality, integrity and availability. Furthermore, when vulnerable data is left wide open, other kinds of attacks which could make its recovery impossible are easily executed. Ensuring data is protected with the appropriate measures is critical for operational success.
IT Pro Portal: British Airways (BA) has acknowledged it was responsible for two major 2018 data breaches and is looking to settle. According to an InfoSecurity report, BA is aiming to avoid litigation and is willing to pay out as much as $4 billion to settle the case.
Bank Info Security: In an alert, the agency notes hackers posing as ACSC employees are sending emails requesting that recipients download antivirus software. When the victim clicks on a link, malicious code that can steal banking credentials is downloaded onto the compromised device.
Politico: Anne Neuberger, who joined the NSA more than a decade ago and has been serving as the agency’s director of cybersecurity since 2019, will be named deputy national security adviser for cybersecurity in the incoming NSC, according to two people familiar with the plans.
Yahoo Finance: The Justice Department and the federal court system disclosed on Wednesday that they were among the dozens of U.S. government agencies and private businesses compromised by a massive, months-long cyberespionage campaign that U.S. officials have linked to elite Russia hackers.
SC Magazine: SolarWinds and some of its top executives have been hit with a class action lawsuit by stockholders, who allege the company lied and materially misled them about security practices leading up to a massive breach of its Orion management software that has reverberated throughout the public and private sector.
Yahoo Finance: The acquisition will support White Ops in its next phase of growth and further accelerate its expansion into new markets. The Company's core focus is to protect enterprises from sophisticated bot attacks and fraud across the domains of cybersecurity, digital advertising, and marketing, serving some of the largest enterprises and internet platforms.
Institutional Investor: The Equifax case — a breach that jeopardized the personal data of up to 143 million people but went unreported for more than a month after surfacing — is a good example of how things can go south quickly. The weeks-long disclosure gap provided abundant opportunity for those in the know to take advantage of the information, and insiders did.
The target: Marriage Tax Refund, a UK-based tax relief organization.
The take: 100,000 records of personally identifiable information including: full name, gender, home address, partner name and address, and refund amounts.
The attack vector: The firm had misconfigured its WordPress based Client Management Service, exposing a directory list containing PDF documents to the public. There was no password protection or credential management in place, meaning anyone with an internet connection could have viewed and downloaded the contents of the database.
Compromised management software of client data poses a high risk for a firm. Robust credential control around software which manages personally identifiable information is critical to maintaining a firm’s security and that of their clients. This breach highlights the importance of the management of client systems which contain client data, and how this information is accessed and secured, giving a critical reminder of how closely it needs to be managed.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy