learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

Know Your Breach: Option Way

The target: Flight booking site, Option Way.

The take: Security researchers were able to access Option Way’s Elasticsearch database via browser due to misconfiguration. Exposed (and unencrypted) data personally identifying information is a ripe target for identity thieves.

The attack vector: Security researchers were able to access Option Way’s Elasticsearch database via browser due to misconfiguration. Exposed (and unencrypted) data includes names, dates of birth, gender, e-mail addresses, phone numbers and addresses - a ripe target for identity thieves. 

Companies must evaluate their ‘attack surface’ across servers/firewalls and third-party services to ensure that their data is secure and should continuously monitor infrastructure to be assured that changes do not result in exposure of sensitive information.

Read more...

State AG Sues Dunkin’ Over Response to App Cyberattacks

2019-09-26

New York Post: The New York Attorney General sued the retail chain formerly known as Dunkin Donuts for its handling of a cyber-security lapse that gave hackers access to hundreds of thousands in store credit that could only be used to buy crullers and other Dunkin products.

Read more...

Gone Phishing: How Easy is it to Fall for a Fake Email?

2019-09-26

CityAM: Phishing emails are a major concern in cyber security. Some, like that message, are intended to trick the recipient into revealing sensitive information, while others are used to install malware onto someone’s device – sometimes without their knowledge – or can even lead to a ransomware attack, where the user is locked out of their system unless they fork over cash to the perpetrator.

Read more...

Cybersecurity: Why You Should Hire Staff from Firms That Have Fallen Victim to Hackers

2019-09-25

ZDNet: Companies that fall victim to cyberattacks and data breaches often come in for criticism, but one of the best things an organisation can do to ensure it remains protected against the impacts of a hacking incident is to take advantage of the expertise of cybersecurity professionals who've faced a major attack.

Read more...

New California Privacy Initiative Proposed for 2020 Ballot

2019-09-25

CNet: California is poised to enact the country's most stringent privacy law on Jan. 1, but the driving force behind the California Consumer Privacy Act wants privacy rights in the state to be even stronger. 

Read more...

Growth in Fintech Drives Growth in Cyberattacks - Kaspersky

2019-09-24

IOL: According to reports, Africa’s Fintech ecosystem has surged 60 percent in the last two years and the continent’s Fintech firms have grown to 491 from 301 in 2017, with $132.8 million raised in 2018, making last year the sector’s best year yet - and proving the sector’s readiness given the high mobile phone penetration levels and the boom in mobile financial services and payment technologies.

Read more...

Russian Hacker Pleads Guilty to Huge Data Thefts from JPMorgan, Others

2019-09-23

Bloomberg: A Russian hacker admitted Monday that he executed the largest known cyber-attack against a U.S. bank, pleading guilty to charges that he stole data on more than 80 million clients of JPMorgan Chase & Co. and other institutions that netted hundreds of millions of dollars in ill-gotten gains.

Read more...

27 Countries Sign Cybersecurity Pledge with Digs at China and Russia

2019-09-23

CNN: Twenty-seven countries have signed a joint agreement on what constitutes fair and foul play in cyberspace — with a nod toward condemning China and Russia.

Read more...

Know Your Breach: Scotiabank

The target: Scotiabank, a major Canadian based banking institution

The take: Login keys to backend systems, internal source code of mobile apps, software blueprints, and credentials for a database of foreign exchange rate data.

The attack vector: The data in question was left accessible on a non-secured public repository, GitHub. Analysis of the leaked data could provide numerous and deep exploitations and vulnerabilities.

Source code repositories, like file storage repositories, must be correctly configured to ensure that sensitive data remains internal and accessible only by authorized parties. Default permissions or accessibility settings must always be reviewed before sensitive data is committed to storage.

Read more...

Acronis Hits Unicorn Status with $147 Million Catapult from Goldman Sachs

2019-09-19

Forbes: Acronis, a data protection and storage company, achieved unicorn status on Wednesday with a $147 million funding round led by Goldman Sachs. The company’s first major injection of cash boosts its valuation to more than $1 billion, according to CEO and founder Serguei Beloussov.

Read more...

Compensation Pledge as Funds Tighten Security after Data Hack Claims

2019-09-19

The Sydney Morning Herald: Australians who have had their super accounts drained by crime gangs will be fully compensated as some of the country's biggest funds ramp up cyber-security in the wake of an alleged $10 million international identity theft scam.

Read more...

Los Angeles Launches Cybersecurity System to Detect Malicious Emails

2019-09-17

LA Sentinel: Los Angeles Mayor Eric Garcetti today announced L.A. Cyber Lab’s new Threat Intelligence Sharing Platform, as well as a free mobile app that will help people detect malicious email. Garcetti said this makes Los Angeles the first city in the nation to release a publicly available threat-sharing platform and cybersecurity app.

Read more...

Security Firm: Data Breach Exposes Millions of Ecuadorians

2019-09-16

SecurityWeek: Researchers at vpnMentor said the problem stemmed from an unsecured server located in Miami that contained information on over 20 million individuals, most of whom reside in Ecuador. The small South American nation is home to just over 17 million people, meaning nearly everyone could have been exposed.

Read more...

Academia is Playing a Growing Role in Cybersecurity

2019-09-16

University Affairs: Universities in Canada are joining the growing ranks of global cybercrime fighters. In June alone, three universities – Ryerson University, the University of Waterloo and the University of New Brunswick – announced initiatives to increase the country’s cybersecurity capacity.

Read more...

Cybersecurity Firms Welcome to Set Up Base in Singapore: Teo Chee Hean

2019-09-16

The Strait times: Global cyber security firms, large and small, that set up base in Singapore to grow their businesses and capabilities can tap the Republic's technical prowess, skilled manpower and networks, Senior Minister Teo Chee Hean said.

Read more...

Cybersecurity Finally Hitting Bank Execs’ Radar: Now Investment Priority

2019-09-16

CBR: Improving cybersecurity is now top of the technology investment agenda at banks, according to an annual survey conducted by Lloyds Banking Group: climbing above reducing operating costs and improving customer satisfaction – last year’s priorities.

Read more...

Know Your Breach: Monster.com

The target: Monster.com, a popular job posting website service.

The take: Personal information of hundreds of job applicants dating between 2014 and 2017 including: resumes, phone numbers, email addresses, home addresses and work history.

The attack vector: A customer of Monster.com, a third-party recruitment company, misconfigured a publicly-accessible web server, leaving records exposed.

A firm’s security posture is only as good as its weakest link - sub-contractors and third parties with access to sensitive data are possible sources of data leakage and must be held to a firm’s own security standards.

Read more...

Irish Government Invested €340m to Tackle Cyber Crime

2019-09-12

Business Irish: Justice Minister Charlie Flanagan has admitted that the Government cannot deal with the threat of cyber-attacks on its own. Speaking this morning at the Secure Computing Forum cyber security conference at Dublin's RDS, the Minister stressed that Ireland needs to stay ahead of the growing number of cyber-criminals.

Read more...

39% of European Businesses Admit to Being Breached But Majority of Hacks Remain Hidden From Public

2019-09-12

Cision: Nearly two-fifths of European businesses have knowingly fallen victim to a cyberattack in the last five years, with 64% admitting that they may have been hacked unknowingly. This is compounded by a sense of apathy and acceptance, as 62% of respondents believe hackers are more sophisticated than security software developers.

Read more...

Bank Joins Uni to Fight Cyber Crime

2019-09-10

The Australian: Australia’s banks and universities are being forced to fight off increasingly sophisticated cyber attacks, and NAB is responding through a new strategic partnership with La Trobe University to be finalized on Tuesday.

Read more...

Government of Canada Selects KeyData Associates for Cyber Security Contract

2019-09-10

Cision: KeyData Associates Inc. (" KeyData"), a leading provider of cybersecurity services, announced today that it has been selected by the Government of Canada's Shared Services Canada (SSC) to provide security technology solutions and systems integration services to address the Privileged Access Management (PAM) requirements of the Government of Canada's cybersecurity strategy.

Read more...

Cybersecurity Firm Backed by David Harding Lost £3.7m in 2018

2019-09-09

The Telegraph: Ripjar, a start-up headquartered in Cheltenham and backed by British hedge fund billionaire David Harding, saw its losses for 2018 climb to £3.7m from £1.9m the previous year. Administrative expenses rose to £5.6m from £3.2m in 2017, despite a 30.6pc increase in turnover to £2.6m.

Read more...

Symantec Receives Interest From Buyout Firms Permira, Advent

2019-09-06

Reuters: Private equity firms Permira and Advent International Corp have proposed a deal to buy Symantec Corp for more than $16 billion after the cyber security company agreed to a sale of a big chunk of its business.

Read more...

Hackers Steal $4.2 Million From Law Enforcement Pension Fund

2019-09-06

Tulsa World: The FBI is investigating a cybertheft of $4.2 million from the state’s pension fund for retired Oklahoma Highway Patrol troopers, state agents, park rangers and other law enforcement officers.

Read more...

Know Your Breach: Facebook

The Target: Facebook, the social media giant.

The take: 419 million records which contained user’s unique Facebook ID and their associated phone numbers, as well as names, gender and country.

The attack vector: A server containing the data was left unsecured and publicly accessible. Facebook justified the security breach by explaining that the records were ‘old’, and believe that the user accounts in question were not compromised as a result of the breach.

Data breaches are a liability, regardless of whether or not the leaked data is in its most current form. Backups, replicates, and otherwise non-production datasets must be protected with the same encryption and protections to prevent the loss of sensitive information.

Read more...

Brazilian Criminal Gang Clones Mastercard Debit Cards Issued by German Bank

2019-09-04

The Paypers: A Brazilian criminal gang has cloned Mastercard debit cards issued by German bank OLB and withdrew more than EUR 1.5 million from about 2,000 of its customers. Criminals have stolen the funds by cloning customer debit cards and then cashing out user funds across Brazil, despite the original cards being protected by EMV (chip-and-PIN) technology. 

Read more...

Top 3 Hedge Fund Cybersecurity Threats

2019-09-04

AGIO: In the context of cybersecurity, social engineering can best be defined as the use of deceptive tactics to prompt individuals to grant access or disclose information for fraudulent or malicious purposes. 

Read more...

Scammers Use CEO Voice 'Deepfakes' to Con Workers Into Wiring Cash

2019-09-04

ZDNet: Criminals are using AI-generated audio to impersonate a CEO's voice and con subordinates into transferring funds to a scammer's account. So-called deepfake voice attacks could be the next frontier in a scam that's cost US businesses almost $2bn over the past two years using fraudulent email. 

Read more...

Canada Faces Massive Shortage of Cybersecurity Workers

2019-09-02

The Globe and Mail: Lack of candidates who are able to prevent data breaches means agencies, businesses and customers are left vulnerable to attacks.

Read more...

India Inches Closer to Becoming a Cybersecurity Superpower

2019-09-02

Business Standard: The 'Digital India' and 'New India' mission has been offered an essential impetus by an Indian Ethical hacker, Khushhal Kaushik. His passion, drive and burning desire to 'go the extra mile', has helped him strengthen India's stature in the global cyber security industry. Conventionally, western countries have always ruled the cyber security domain.

Read more...

BEC Overtakes Ransomware and Data Breaches in Cyber-Insurance Claims

2019-09-02

ZDNet: Business email compromise (BEC) has overtaken ransomware and data breaches as the main reason companies filed a cyber-insurance claim in the EMEA (Europe, the Middle East, and Asia) region last year, said insurance giant AIG.

Read more...

Cybersecurity Software Company Imperva Suffers Data Breach

2019-08-30

Security Magazine: In a blog post, Imperva said its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula suffered a data exposure incident. On August 20, Imperva learned from a third party of the data breach that impact Cloud WAF product who had accounts through September 15, 2017.

Read more...