.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Forbes: Data has often been called the most valuable commodity of the digital world or the most valuable resource (paywall) in the world. In modern economics, it has perhaps surpassed the traditional worth of gold. Some have even gone on to suggest that it is as real an asset as land is, and perhaps even a more profitable factor for production in terms of revenue potential.
The target: MAXEX, an Atlanta-based residential mortgage trading company.
The take: 9GB of internal company and client data including: confidential banking information, login credentials, emails, penetration test reports, and full mortgage documentation for 23 individuals.
The attack vector: The breach took place due to an unsecured, publicly exposed Jenkins server. A server of this type is used in a variety of highly sensitive activities in the operation and development of software applications. Notably in this breach, MAXEX had stored login credentials in plain text with enough permissions to compromise many of its other systems.
This breach highlights the importance of properly securing data. Furthermore, it underscores the critical importance of credential management as a compromise in one system can easily lead to a pivot to other systems, which can have a cascading negative impact upon company and client data.
TechRepublic: The world's biggest social media companies may have to put more of a priority on security now that a New York state financial watchdog is calling for the creation of a designated regulator tasked with monitoring their cyber defense.
Reuters: The stock opened at $18.60 per share, compared with its IPO price of $20 per share. At the debut price, the company was valued around $8 billion. McAfee priced its IPO towards the lower end of its targeted range between $19 and $22 per share.
KnowBe4: Mid-level managers need to be particularly wary of targeted phishing attacks, according to Jenn Gast at INKY. Gast explains that criminals can easily conduct open-source research on a company’s organizational structure and craft spear phishing messages to trick its employees.
CNN: Director of National Intelligence John Ratcliffe said Wednesday both Iran and Russia have obtained US voter registration information in an effort to interfere in the election, including Iran posing as the far-right group Proud Boys to send intimidating emails to voters.
Yahoo Finance: Sixty-four per cent of organizations failed to report cyber breaches this year, over fears of reputational damage at a time when more customers are seeking service online, a cybersecurity expert explains.
Security Magazine: Financial services institutions and banks around the globe face monumental challenges as they look to streamline service delivery for customer transactions, manage multi-party loan processes, collaborate on industry benchmarks and indices, and eliminate fraud and cybercrime.
Cision: Sepio Systems, the leader in Hardware Access Control (HAC), today announced the availability of a new research note conducted with TAG Cyber, LLC, the leader in democratizing world-class cyber security research and advisory services, and co-authored by Sepio Systems, that claims rogue devices are posing severe threats to the financial services industry.
The target: Broadvoice, a Voice-over-IP service provider.
The take: 350 million total customer records of personally identifiable information including: full names, date of birth, phone number, and voice-mail transcripts with highly sensitive details such as medical records, loan applications, and mortgage information.
The attack vector: A misconfigured Elasticsearch database housing 10 separate clusters of data. There was no authentication or security in place meaning anyone with an internet connection could have full access to the data. These storage servers are easily discoverable with scanning tools available to administrators and malicious attackers alike.
The type of data exposed in this breach poses enormous risk for Broadvoice’s customers as the intricate details leaked, in voice calls and prescription records for example, would give phishing and fraud attacks a high chance of success. This breach demonstrates the extreme importance of securing access to a firm’s data. Proper authentication, monitoring, and credential management are some of the critical tools which can be implemented to prevent these occurrences.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy