.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Bob's Guide: On May 14, BoE’s director of supervisory risk specialists, Nick Strange gave a progress report on operational resilience, and announced that the Financial Policy Committee (FPC) would have an upcoming stress testing pilot on payment systems.
The target: Flight booking site, Option Way.
The take: Security researchers were able to access Option Way’s Elasticsearch database via browser due to misconfiguration. Exposed (and unencrypted) data personally identifying information is a ripe target for identity thieves.
The attack vector: Security researchers were able to access Option Way’s Elasticsearch database via browser due to misconfiguration. Exposed (and unencrypted) data includes names, dates of birth, gender, e-mail addresses, phone numbers and addresses - a ripe target for identity thieves.
Companies must evaluate their ‘attack surface’ across servers/firewalls and third-party services to ensure that their data is secure and should continuously monitor infrastructure to be assured that changes do not result in exposure of sensitive information.
New York Post: The New York Attorney General sued the retail chain formerly known as Dunkin Donuts for its handling of a cyber-security lapse that gave hackers access to hundreds of thousands in store credit that could only be used to buy crullers and other Dunkin products.
CityAM: Phishing emails are a major concern in cyber security. Some, like that message, are intended to trick the recipient into revealing sensitive information, while others are used to install malware onto someone’s device – sometimes without their knowledge – or can even lead to a ransomware attack, where the user is locked out of their system unless they fork over cash to the perpetrator.
ZDNet: Companies that fall victim to cyberattacks and data breaches often come in for criticism, but one of the best things an organisation can do to ensure it remains protected against the impacts of a hacking incident is to take advantage of the expertise of cybersecurity professionals who've faced a major attack.
CNet: California is poised to enact the country's most stringent privacy law on Jan. 1, but the driving force behind the California Consumer Privacy Act wants privacy rights in the state to be even stronger.
IOL: According to reports, Africa’s Fintech ecosystem has surged 60 percent in the last two years and the continent’s Fintech firms have grown to 491 from 301 in 2017, with $132.8 million raised in 2018, making last year the sector’s best year yet - and proving the sector’s readiness given the high mobile phone penetration levels and the boom in mobile financial services and payment technologies.
Bloomberg: A Russian hacker admitted Monday that he executed the largest known cyber-attack against a U.S. bank, pleading guilty to charges that he stole data on more than 80 million clients of JPMorgan Chase & Co. and other institutions that netted hundreds of millions of dollars in ill-gotten gains.
CNN: Twenty-seven countries have signed a joint agreement on what constitutes fair and foul play in cyberspace — with a nod toward condemning China and Russia.
The target: Scotiabank, a major Canadian based banking institution
The take: Login keys to backend systems, internal source code of mobile apps, software blueprints, and credentials for a database of foreign exchange rate data.
The attack vector: The data in question was left accessible on a non-secured public repository, GitHub. Analysis of the leaked data could provide numerous and deep exploitations and vulnerabilities.
Source code repositories, like file storage repositories, must be correctly configured to ensure that sensitive data remains internal and accessible only by authorized parties. Default permissions or accessibility settings must always be reviewed before sensitive data is committed to storage.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy