.png?width=200&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The target: TronicsXhange, a California-based electronics retailer
The take: 80,000 images of personal identification cards and 10,000 fingerprint scans. Information included: driver license number, full name, birthday, home address, gender, hair and eye color, height and weight, and a photo of the individual.
The attack vector: The breach occurred when an unsecured Amazon S3 bucket was discovered online even after the company had ended its operation. The database was connected with no password protection meaning anyone who found the correct URL could access and freely download the data.
The breach is serious as the sensitive information stored could lead to severe cases of fraud. Asset management is a critical procedure for any company, and the fact that this server was kept online even after the company had supposedly closed its doors for business highlights the extreme importance of proper decommissioning procedures to ensure sensitive information is securely destroyed or taken offline.
ZDNet: A new offensive force made up of spies, cyber experts and the members of the military is already conducting cyber operations to disrupt hostile state activities, terrorists and criminals, the UK government has revealed.
Yahoo Finance: Cybersecurity Ventures predicts global cybercrime costs will grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This prediction is part of a special report conducted by Cybersecurity Ventures and sponsored by INTRUSION, Inc.
Reuters: Canada on Wednesday identified state-sponsored programs in China, Russia, Iran and North Korea as major cyber crime threats for the first time, and said it feared foreign actors could try to disrupt power supplies.
NBC News: Krebs, the director of the Cybersecurity and Infrastructure Security Agency, or CISA, has been the target of public criticism from Trump since the Nov. 3 election over his agency's Rumor Control blog, which rebuts a list of false claims about election fraud and hacking — many of which Trump or his lawyers have touted as real after he lost the election.
My Twin Tiers: The New York State Department of Financial Services has announced their partnership with Global Cyber Alliance to help bring a “cybersecurity toolkit” to small businesses in the State. The DFS stated that this partnership is following many small businesses switch to online and remote work during the COVID-19 pandemic.
Investment Week: The worm damaged about 6,000 computers, representing - at the time - roughly 10% of the entire internet. Over the ensuing decades, computing and connectivity would become even more ubiquitous, as how we work and play increasingly went online; and where, the combination of chips and sensors would become the very fabric of our how we live our lives.
Cision: Trend Micro Incorporated, the leader in cloud security, has identified a new class of cybercrime. Criminals are using cloud services and technology to speed up attacks, which decreases the amount of time enterprises have to identify and respond to a breach.
The target: Vertafore, a U.S based insurance provider.
The take: 27.7 million records of personally identifiable information including: driver license numbers, first and last names, date of birth, address, and vehicle registration history.
The attack vector: Three database files containing the above information were placed, through human error, on an unsecured external, third-party storage service with no authorization access. Meaning anyone with an internet connection had the ability to access and download the data.
This breach highlights the importance of robust cybersecurity protocols and processes. Rigid steps around the transfer andmovement of data is needed to ensure maximum protection of sensitive information, with multiple checks to verify that the destination of the information is secure and expected safeguards are in place. When data is moved, the proper controls commensurate with the sensitivity of the data must travel with it.
Forbes: How each cybersecurity CEO responds to the challenges of keeping employees safe, customers secure and product release cycles on schedule while still achieving customer success – all virtually – provide valuable insights into leading a company during difficult times. Simon Biddiscombe, CEO of MobileIron, exemplifies the empathy all CEOs interviewed have for their employees' welfare. "My first priority when the pandemic hit was to protect the health and safety of our employees, yet still maintain an "always-on business" for our customers," Simon mentioned during a recent interview.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
London
1 Pancras Square, Kings Cross
Gridiron Building
London, N1C 4AG
United Kingdom
+44 20 3036 0828
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Abu Dhabi
24th Floor Al Sila Tower, Suite 2422
Abu Dhabi Global Market Square
Al Maryah Island, Abu Dhabi, UAE
+971 (2) 694 8510
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Copyright © 2019 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Use and Privacy Policy