.jpg?width=200&height=78&name=CH%20Diligence%20(thicker%20line).jpg "CH Diligence (thicker line)")
Reuters: British cyber security officials are investigating whether classified UK-U.S. trade documents that were shared online ahead of Thursday’s election were acquired by hacking or were leaked, two sources told Reuters.
The target: Sprint, an American telecommunications company.
The take: 261,300 documents, including phone bills and bank statements containing: names, addresses, phone numbers, and in some cases, screenshots with subscribers’ online usernames and account PINs.
The attack vector: A misconfigured cloud storage bucket was publicly exposed and not protected by a password, allowing anyone with internet access to download the contents. The misconfiguration was traced a marketing agency contracted by Sprint.
Any subsidiary or contractor which handles sensitive data is a potential breach source. Internal security controls must be extended to third parties handling a firm’s sensitive data.
The Economic Times: Tel Aviv, Researchers from cybersecurity firm Check Point have revealed how hackers stole $1 million seed funding sent by a Chinese venture capital firm to an Israeli start-up.
Reuters: U.S. authorities on Thursday took aim at a Russian cybercriminal group known as Evil Corp, indicting its Lamborghini-driving alleged leader and ordering asset freezes against 17 of his associates over a digital crime spree that has netted more than $100 million from companies across the world.
Ottawa Business Journal: Students and researchers at the University of Ottawa will now have access to tools and expertise on the cybersecurity sector from IBM Canada.
Washington Post: On Nov. 18, a United Nations committee passed a Russia-backed cybercrime resolution by a vote of 88 to 58, with 34 countries abstaining. Russia, Belarus, Cambodia, China, Iran, Myanmar, Nicaragua, Syria and Venezuela sponsored the resolution, titled “Countering the use of information and communications technologies for criminal purposes.” The United States said it is “disappointed with the decision.”
The Telegraph: The West was slow to respond to the threat of cyber attacks, the chief of the NATO Cooperative Cyber Defence Centre (CCDCOE) has admitted.
**Article may require a subscription**
Business Standard: National Cyber Security Coordinator (NCSC) Lt Gen (retd) Rajesh Pant raised concern over the lack of cyber-infrastructure in the country and said are we waiting for a cyber earthquake before getting our act together.
Tech Crunch: Israel is a powerhouse in both offensive and defensive cyber operations, with cybersecurity giants CyberArk, Check Point, and Illusive Networks all founded in the country in recent years.
The target: Adobe, an American computer software company.
The take: 7.5 million customer accounts which contained email addresses, account creation dates, subscription status, country and payment details.
The attack vector: A misconfigured Elasticsearch cloud database was left online without any password protection. This information could easily be used to launch sophisticated, targeted phishing attacks to trick users into giving further sensitive details.
When provisioning new systems or types of systems, care must be taken to ensure that appropriate and proportionate security measures are implemented, either by automated scanning or by manual review. Adopting (and validating) robust controls to technological tools employed is critical to secure operations.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montréal
1080 Côte du Beaver Hall, Suite 904
Montréal, QC
Canada, H2Z 1S8
+1-450-465-8880
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy