.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Checkout operates checkout.com and is a global payment processing firm that provides a unified payments API, hosted payment portals, mobile SDK, and plugins to use on existing platforms.
The Take: Checkout says the threat actor, known as ShinyHunters, gained access to a third-party legacy system that had not been properly decommissioned, which held merchant data from 2020 and earlier, including internal operational documents and onboarding materials
The Vector: Upon investigation, Checkout determined that this data was obtained by the threat actor gaining unauthorized access to a legacy third-party cloud file storage system, used in 2020 and prior years.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Yahoo Finance: The Securities and Exchange Commission said it was dropping a landmark civil fraud case against SolarWinds and Tim Brown, the company’s chief information security officer.
SecurityWeek: Chronosphere explains that its platform enables teams to “zero in on the data that’s most useful” and provides insights into every layer of their stack — from the infrastructure to the applications to the business.
PR Newswire: Nudge Security, the leading innovator in SaaS and AI security governance, announced Series A funding of $22.5 million led by Cerberus Ventures with participation from existing investors Ballistic Ventures, Forgepoint Capital, and Squadra Ventures.
CFO Dive: Financial industry CFOs have faced an “an unprecedented tightening of cybersecurity oversight” in recent years, with new rules from entities such as the Federal Trade Commission and the New York State Department of Financial Services, according to the report.
The Target: GlobalLogic, a provider of digital engineering services part of the Hitachi group.
The Take: The data stolen in the breach includes personal information collected by GlobalLogic's human resources and, depending on the affected individual, it includes name, address, phone number, and emergency contact (name and phone number). The attackers also exfiltrated the email addresses, dates of birth, nationalities, countries of birth, passport information, national identifiers or tax identifiers (e.g., Social Security Numbers), salary information, and bank account details of impacted employees.
The Vector: In a breach notification letter filed with the office of Maine's Attorney General, the company states that the attackers exploited an Oracle EBS zero-day vulnerability to steal personal information belonging to 10,471 employees.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
TechCrunch: Deepwatch, a cybersecurity firm that makes an AI-powered detection and response platform, laid off dozens of employees, citing AI as one of the reasons.
CSO Online: Google is asking to a US court for help in dismantling the infrastructure behind the Lighthouse phishing-as-a-service operation, the latest effort by a technology company to use the legal system to put a dent in cybercrime.
CSO Online: Two cybersecurity laws that lapsed during the government shutdown moved closer to restoration after the Senate voted 60-40 to advance legislation extending them through January 2026.
Business Wire: Armis, the cyber exposure management and security company, announced a pre-IPO funding round of $435 million, bringing the company’s valuation to $6.1 billion.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy