The Target: Trustanduse.com, a digital platform for consumers to rate products, services, stores, and professionals.
The Take: Exposure of 439,000 records of Personally Identifiable Information including: usernames, first and last names, Facebook IDs, phone numbers, and hashed account passwords.
The Vector: A misconfigured data server was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data.
This breach is critical reminder that authentication controls are an important piece in an overall robust cybersecurity posture. This data is perfect for constructing highly effecting spear-phishing campaigns. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.
CRN: Cyren is cutting “substantially all” of its staff with layoffs of 121 employees as the cybersecurity vendor says it is exploring an asset sale or liquidation, the company said. The publicly traded company said in a news release that “existing cash and projected cash flows from operations will not be sufficient to meet the company‘s working capital needs in the near term.” The company’s stock price fell 44 percent, to 42 cents a share.
Business Wire: KnowBe4, Inc. (“KnowBe4”), the provider of the world’s largest security awareness training and simulated phishing platform, announced the completion of its acquisition by Vista Equity Partners (“Vista”), a leading global investment firm focused exclusively on enterprise software, data and technology-enabled businesses, for $24.90 per share in cash.
CTV: A dozen Canadian ministers quietly met in Vancouver last week to brainstorm better online protections for the private information of citizens. The Digital Trust and Cybersecurity symposium on Jan. 25 was attended by representatives from every province and territory, save Alberta, and took place roughly six months after the inaugural meeting in Quebec.
Dark Reading: We've recently seen substantial layoffs across the tech sector, to the tune of around 140,000 redundancies made by big names such as Amazon, Salesforce, Microsoft, and Tesla. As the recession bites, falling stock prices and further contraction in the market, together with merger and acquisition activity, are expected to force businesses to reduce head count further still.
CNN: US and European law enforcement’s disruption last week of a $100-million ransomware gang is the clearest public example yet of a new high-stakes strategy from the Biden administration to prioritize protecting victims of cybercrime – even if it means tipping off suspects and potentially make it harder to arrest them.
Bleeping Computer: Cybercrime groups are increasingly running their operations as a business, promoting jobs on the dark web that offer developers and hackers competitive monthly salaries, paid time off, and paid sick leaves. In a new report by Kaspersky, which analyzed 200,000 job ads posted on 155 dark websites between March 2020 and June 2022, hacking groups and APT groups seek to hire mainly software developers (61% of all ads), offering very competitive packages to entice them.
Forbes: Now is the time for cybersecurity policies to become as ubiquitous and accepted as workplace safety policies. Cybersecurity today is where physical safety was 40 years ago—there are few regulations or standards, and those that exist often feel arbitrarily imposed. Cybersafety is not an expected or regulated part of corporate culture.
The Target: Zendesk, a customer solutions service provider.
The Take: Access to an internal logging database which may have contained service data belonging to Zendesk and its customers.
The Vector: An employee’s credentials were compromised though an SMS phishing attack which led to the employees handing over their login credentials to the attackers.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. Regular social engineering and phishing awareness training are effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.
Mondaq: Cybersecurity has become an increasingly regulated area of risk for many businesses in the digital world. As technology has advanced and cyber-attacks have become more sophisticated, the measures needed to protect business' data from breaches become more extensive too. This is mirrored by an increased regulatory environment where sanctions are implemented more strictly and conservatively by regulators.