learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: Transcredit

      The Target: Transcredit, a Florida based credit reporting company.

      The Take: Exposure of 822, 789 records of Personally Identifiable Information including: first and last names, emails, bank information, notes of payment history, internal User ID’s and passwords, full data schema detailing where and how data stored.

      The Vector: An unsecured, non-password protected database was found open and accessible by anyone with an internet connection.

      It is critical to employ robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data security. Furthermore, the access credentials which were exposed could lead to pivot attacks by breaching other IT systems belonging to the firm.

      Read more...

      Among the Most Mature for Cybersecurity, the Financial System Still Has A Long Way to Go

      2022-01-20

      Finextra: Based on data from eight years of working to assess cyber risk at hundreds of companies across many sectors in dozens of countries, it is clear that the financial sector is one of the best prepared for an attack, reflecting years of improvements and investment. But, although it only lagged behind the industrial, cyber and manufacturing sectors, the financial sector still has a lot of work to do, we found in our soon-to-published research.

      Read more...

      Crypto.com Shares Details on Security Breach: 483 Accounts Compromised

      2022-01-20

      Coin Telegraph: The Crypto.com security breach saga gets clarity with an official statement from the Singapore-based crypto exchange following a halt on withdrawals after detecting “suspicious activities” in user accounts.

      Read more...

      Indonesia's Central Bank Confirms Ransomware Attack, Conti Leaks Data

      2022-01-20

      Bleeping Computer: Bank Indonesia (BI), the central bank of the Republic of Indonesia, has confirmed today that a ransomware attack hit its networks last month. A Bank Indonesia spokesperson also told BleepingComputer the attack took place last month and that the bank's operations are not disrupted after the incident.

      Read more...

      Australia, UK to Jointly Target State-based Actors and Ransomware Groups

      2022-01-20

      IT News: Australia and the United Kingdom have signed a pact to crack down on state-based actors, ransomware groups and other "malign actors" that use cyber attacks to "undermine freedom and democracy".

      Read more...

      McAfee Enterprise and FireEye Are Now Called Trellix

      2022-01-18

      ZDNet: During 2021, Symphony Technology Group (STG) picked up McAfee Enterprise for $4 billion in March, and followed it up in June with a $1.2 billion purchase of FireEye. With the merger of the two cybersecurity firms completed in October, the companies have been given a new name.

      Read more...

      Ongoing Demand for Cybersecurity Will Boost Megatrend in 2022

      2022-01-18

      Funds Europe: The cybersecurity megatrend is set to continue in 2022 as demand for cybersecurity solutions remain “relatively constant” after some “major hacks” in 2021, according to Christopher Gannatti, global head of research at WisdomTree.

      Read more...

      FBI, US Agencies Look Beyond Indictments in Cybercrime Fight

      2022-01-18

      U.S. News: The FBI and other federal agencies are increasingly looking to counter cyber threats through tools other than criminal indictments, the head of the bureau's cyber division said in an interview with The Associated Press.

      Read more....

      Know Your Breach: FCI

      The Target: Fertility Center of Illinois

      The Take: Exposure of Personally Identifiable Information including: full names, social security numbers, financial information, medical data, and health insurance policy numbers, employee numbers, and passport numbers.

      The Vector: The threat actors were able to access a third-party server where FCI’s data was stored, and as the firm did not employ proper authentication tools, the attackers were able to freely view and download the sensitive information. 

      This breach highlights the critical nature of employing robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data security. Furthermore, firms must be aware of where their data is stored, be that on their own sites or a third-party, and take steps to ensure it is secure.

      Read more...

      The Impact of Cybersecurity Regulations on the Financial Services Industry in 2022

      2022-01-13

      JDSUPRA: Following the SolarWinds and the Colonial Pipeline cyberattacks, the Biden Administration emphasized a shift toward mandatory cybersecurity requirements.

      Read more...