learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: GoDaddy

      The target: GoDaddy, a U.S based website domain registrar and web hosting company.

      The take: 1.2 million records of customer information including: email addresses, SSH keys, and database usernames and passwords.

      The attack vector: The threat actor gained access to GoDaddy’s hosting servers through a compromised employee account, granting them the same access to all the systems the firm’s user had. Multi-factor authentication was not enabled.

      This breach highlights not only the ever-present threat that compromised employee accounts pose to firms, but also the critical importance of proper credential management. Employing Multi-factor authentication is a key part of maintaining a robust cybersecurity posture and ensuring company and customer data Is only accessed by authorized parties.

      Read more...

      Federal Agencies Issue Cybersecurity Warning Ahead of Thanksgiving

      2021-11-24

      New York Post: Two federal agencies warned Americans to “remain vigilant” about their online security during the long Thanksgiving weekend after a year full of high-profile hacks.

      Read more...

      Most Businesses Expect Cybersecurity Threats to Increase Over the Next Year

      2021-11-23

      Tech Radar: Polling 3,600 business and technology executives from around the world for the report, PwC found multiple factors contributing to the rising threat of cybercrime, including lower barrier for entry for numerous types of malware attacks, rising complexity of organizations due to mergers and acquisitions, remote working, or multi-vendor environments, to name but a few.

      Read more...

      Russian Cybersecurity Entrepreneur Detained for Treason Claims Innocence

      2021-11-23

      The Moscow Times: Top cybersecurity entrepreneur Ilya Sachkov, who was arrested under charges of “state treason” in late September, has claimed he is innocent and asked Russian President Vladimir Putin to transfer him from jail to house arrest during the investigation. 

      Read more...

      US Government Issues Thanksgiving Ransomware Warning

      2021-11-22

      CNN: US officials are telling American businesses and government organizations to take extra precautions against hackers this Thanksgiving following multiple ransomware attacks during previous holiday periods.

      Read more...

      Cybersecurity Investing Always Fashionable

      2021-11-22

      ETF Trends: Cybersecurity is such an important theme that there an entire month devoted to awareness of it. For investors, the relevance of cybersecurity lasts for all 12 months of the year, and there are multiple avenues for addressing that relevance.

      Read more...

      Ethical Hackers and the Economics of Security Research

      2021-11-22

      Help New Security: Bugcrowd released a report which provides CIOs and CISOs valuable insight on ethical hackers and the economics of security research. New findings indicate a startling shift in the threat landscape with 8 out of 10 ethical hackers recently having identified a vulnerability they had never seen before.

      Read more...

      4 Key Cybersecurity Threats to New Central Bank Digital Currencies

      2021-11-20

      World Economic Forum: With G7 officials recently endorsing principles for central bank digital currencies (CBDC), and over 80 countries launching some form of initiative related to CBDC, it seems their widespread deployment is a matter of time.

      Read more...

      Know Your Breach: RedDoorz

      The target: RedDoorz, a Singapore based hotel booking site.

      The take: Exposure of 5.9 million records of Personally Identifiable Information including: names, contact numbers, email addresses, dates of birth, encrypted passwords and booking information.

      The attack vector: The attacker gained access to an Amazon Web Services key which was embedded in an APK (Android Application Package), a piece of software used in their systems. Had the firm examined the APK, they could have prevented the exploit by removing the AWS key from the APK.

      This breach highlights the critical importance of IT asset management, specifically just how necessary it is that firms are aware of what software they are using and how it is being deployed. Regular auditing of all software configurations, especially where customer data is stored, across the firm is essential for maintaining a robust cybersecurity posture.

      Read more...

      Senators Look to Defense Bill to Move Cybersecurity Measures

      2021-11-18

      The Hill: The Senate is eyeing the annual defense bill as a vehicle to attach critical provisions to improve the nation’s cybersecurity following a devastating year in which major attacks left the government flat-footed.  

      Read more...