.png?width=200&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The target: GoDaddy, a U.S based website domain registrar and web hosting company.
The take: 1.2 million records of customer information including: email addresses, SSH keys, and database usernames and passwords.
The attack vector: The threat actor gained access to GoDaddy’s hosting servers through a compromised employee account, granting them the same access to all the systems the firm’s user had. Multi-factor authentication was not enabled.
This breach highlights not only the ever-present threat that compromised employee accounts pose to firms, but also the critical importance of proper credential management. Employing Multi-factor authentication is a key part of maintaining a robust cybersecurity posture and ensuring company and customer data Is only accessed by authorized parties.
New York Post: Two federal agencies warned Americans to “remain vigilant” about their online security during the long Thanksgiving weekend after a year full of high-profile hacks.
Tech Radar: Polling 3,600 business and technology executives from around the world for the report, PwC found multiple factors contributing to the rising threat of cybercrime, including lower barrier for entry for numerous types of malware attacks, rising complexity of organizations due to mergers and acquisitions, remote working, or multi-vendor environments, to name but a few.
The Moscow Times: Top cybersecurity entrepreneur Ilya Sachkov, who was arrested under charges of “state treason” in late September, has claimed he is innocent and asked Russian President Vladimir Putin to transfer him from jail to house arrest during the investigation.
CNN: US officials are telling American businesses and government organizations to take extra precautions against hackers this Thanksgiving following multiple ransomware attacks during previous holiday periods.
ETF Trends: Cybersecurity is such an important theme that there an entire month devoted to awareness of it. For investors, the relevance of cybersecurity lasts for all 12 months of the year, and there are multiple avenues for addressing that relevance.
Help New Security: Bugcrowd released a report which provides CIOs and CISOs valuable insight on ethical hackers and the economics of security research. New findings indicate a startling shift in the threat landscape with 8 out of 10 ethical hackers recently having identified a vulnerability they had never seen before.
World Economic Forum: With G7 officials recently endorsing principles for central bank digital currencies (CBDC), and over 80 countries launching some form of initiative related to CBDC, it seems their widespread deployment is a matter of time.
The target: RedDoorz, a Singapore based hotel booking site.
The take: Exposure of 5.9 million records of Personally Identifiable Information including: names, contact numbers, email addresses, dates of birth, encrypted passwords and booking information.
The attack vector: The attacker gained access to an Amazon Web Services key which was embedded in an APK (Android Application Package), a piece of software used in their systems. Had the firm examined the APK, they could have prevented the exploit by removing the AWS key from the APK.
This breach highlights the critical importance of IT asset management, specifically just how necessary it is that firms are aware of what software they are using and how it is being deployed. Regular auditing of all software configurations, especially where customer data is stored, across the firm is essential for maintaining a robust cybersecurity posture.
The Hill: The Senate is eyeing the annual defense bill as a vehicle to attach critical provisions to improve the nation’s cybersecurity following a devastating year in which major attacks left the government flat-footed.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
London
1 Pancras Square, Kings Cross
Gridiron Building
London, N1C 4AG
United Kingdom
+44 20 3036 0828
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Abu Dhabi
24th Floor Al Sila Tower, Suite 2422
Abu Dhabi Global Market Square
Al Maryah Island, Abu Dhabi, UAE
+971 (2) 694 8510
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy