.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Coindesk: Unscrupulous hackers are socially engineering their way into financial systems and financial accounts. Well intentioned efforts to promote public safety are fostering prospective abrogation of personal data privacy. At the same time, there are new areas of business opportunity for distributed ledger companies emerging from the crisis.
The target: Small Business Administration (SBA), a US government agency that supports entrepreneurs and small businesses.
The take: Up to 8,000 applications for Economic Injury Disaster Loans may have been improperly exposed to other applicants, including such sensitive data as social security numbers, addresses, phone numbers, dates of birth, income and financial/insurance information.
The attack vector: A flaw in the caching configuration of the online loan application portal, implemented to accommodate increased demand, meant that when one applicant pressed the ‘back’ button in their web browser during the application process, they may have been served a page containing the application data belonging to another business.
Scalability of critical infrastructure is an essential component of web applications and electronic tools – sudden increases in demand for certain services are a reality in the face of the evolving COVID-19 pandemic. It is equally critical, however, that while considering system capacity, security controls are not weakened.
The Canberra Times: Up to 150 people have lost $10,000 from their superannuation accounts through a sophisticated fraud, police confirmed.
Federal Police Commissioner Reece Kershaw said a cybercrime team was investigating the fraud, which came to light on April 30.
Security Magazine: LastPass by LogMeIn released findings of its third Psychology of Passwords global report, revealing that people aren’t protecting themselves from cybersecurity risks even though they know they should. Year after year there is heightened global awareness of hacking and data breaches, yet consumer password behaviors remain largely unchanged, says the report.
Dark Reading: Women are better at cybersecurity and protecting themselves online, new research by NordPass suggests. The survey revealed that women are more concerned about the potential harm of their personal online accounts being hacked. They also tend to use unique passwords more often than men.
CNN: The United States and United Kingdom issued a new advisory Tuesday warning of ongoing cyberattacks against organizations involved in the coronavirus response, including health care bodies, pharmaceutical companies, academics, medical research organizations and local government.
Institutional Asset Manager: As firms reopen their offices, reduced density rules are likely to prevail for some time, meaning a workforce that is spread between the office and home. Monitoring communications by staff working in multiple locations will require changes in compliance processes, which may prove challenging if access to on-premise technology is needed.
ZDNet: The US Financial Industry Regulatory Authority (FINRA) has issued a rare cyber-security alert today warning member organizations of "a widespread, ongoing phishing campaign."
Tech Crunch: The UK’s data protection watchdog confirmed today the government still hasn’t given it sight of a key legal document attached to the coronavirus contacts tracing app which is being developed by the NHSX, the digital transformation branch of the country’s National Health Service.
The target: Council of the City of Sheffield in South Yorkshire, England
The take: 8.6 million records of vehicle movements, labelled with license plate numbers and millions of photographs from the county’s 100 surveillance cameras.
The attack vector: The city’s Automatic Number Plate Recognition (ANPR) system was left exposed and publicly available to anyone with an internet connection – furthermore, the internal dashboard on this exposed system employed absolutely no password protection or other method of authentication. Anyone with the public IP address of the system could immediately access and search the system by license plate number, potentially allowing bad actors to recreate the travel patterns and movements of individual citizens, minute by minute.
As we have previously emphasized, security controls must be commensurate with the level of sensitivity of data being stored, and must travel with that data throughout its lifecycle. When personally identifiable information is being collected and processed, best practise would prescribe multiple compensatory layers of protection, as consequences for breaches of such data can include falling afoul of the GDPR and privacy legislation in other jurisdictions.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy