learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

Know Your Breach: Carter’s

The target: Carter’s, a U.S based retailer of baby clothing and apparel.

The take: An estimated 410,000 records of personally identifiable information including: full names, physical addresses, email addresses, phone numbers, shipping tracking ID’s, and purchases and transaction details.

The attack vector: The breach occurred because of the failure to implement authentication controls for the URL shortener used on the site. When a customer made a purchase online, they were redirected to the shortened purchase cart page URL which had no credential management. Furthermore, the links were not set to expire, letting anyone with the URL access the sensitive information at any time for any length of time.

Any page where customer data is stored should follow industry standard practices be managed with proper credential deployment and security. The exposure of detailed personal information makes a firm’s users extremely vulnerable to phishing attacks and fraud.

Read more...

U.S. Senate to Probe Whether Legislation Needed to Combat Cyber Attacks

2021-06-10

O Canada: U.S. Senate Majority Leader Chuck Schumer said he is initiating a review of recent high-profile cyber attacks on governments and businesses to find out whether a legislative response is needed.

Read more...

Serious Cyberattacks in Europe Doubled in the Past Year, New Figures Reveal, as Criminals Exploited the Pandemic

2021-06-10

CNN Business: Significant cyberattacks against critical targets in Europe have doubled in the past year, according to new EU figures obtained by CNN, as the pandemic pushed lives indoors and online.

Read more...

Drawbridge Launches New Module for Private Equity Funds

2021-06-09

Private Equity Wire: The new module gives PE funds a single view to monitor the complete cyber risk profiles of their portfolio companies in real-time. The first offering of its kind in the industry, the module was developed in partnership with Drawbridge clients who have been confronted with a dramatic rise in cyber-attacks on their portfolio companies in terms of both size and frequency.   

Read more...

JBS Says it Paid $11 Million Ransom After Cyberattack

2021-06-09

CNN Business: The meat supplier JBS USA paid an $11 million ransom in response to a cyberattack that led to the shutdown of its entire US beef processing operation last week, the company said in a statement.

Read more...

ExtraHop to be Acquired by Bain Capital Private Equity and Crosspoint Capital Partners

2021-06-08

Businesswire: ExtraHop, the leader in cloud-native network detection and response, today announced that it has entered into a definitive agreement to be acquired by Bain Capital Private Equity (“Bain Capital”) and Crosspoint Capital Partners (“Crosspoint Capital”) in a strategic transaction valued at $900 million. 

Read more...

At J&J, Some 15.5 Billion Potential Cyberattacks Each Day

2021-06-08

Morning Star: Covid-19 vaccines have transformed the global economy. The companies that produce them, meanwhile, already a big target for hackers, have to be more on their toes than ever.

Read more...

Deal Activity in Cybersecurity Space Witnessed Fluctuating Fortunes During 2016-2020

2021-06-08

Global Data: Venture capital (VC) funding and mergers and acquisitions (M&A) activity in the cybersecurity space fluctuated during 2016-2020, according to GlobalData, a leading and data analytics company.

Read more...

Know Your Breach: 20/20 Hearing Care Network

The target: 20/20 Hearing Care Network, a vision and hearing benefits administrator.

The take: 3.3 million records of Personally Identifiable Information including: names, addresses, member numbers, date of birth, and health insurance information.

The attack vector: An unsecured Amazon Web Services cloud storage database server was left online with no password protection. This meant anyone with an internet connection was able to connect and download the data. In addition, after the data was removed by the attackers, it was then deleted.

This breach highlights the critical importance of firm’s data backups, and if there should be an incident where information is deleted, it’s essential to be able to restore data to fully ascertain the scope of the breach. Proper credential management to ensure accounts and permissions are appropriately deployed and used, is an integral part of maintaining a robust cybersecurity posture.

Read more...

Give the Ransomware Threat the Same Priority as Terrorism, says US Official Guidance

2021-06-04

Computing: Ransomware gangs should be tracked and disrupted using the same strategies deployed against terrorist groups, US Department of Justice officials have suggested.

Read more...

Business Leaders Must Take Urgent Action to Counter Ransomware Threat, White House Warns in Memo

2021-06-03

CNBC: The Biden administration is urging corporate executives and business leaders to take immediate steps to prepare for ransomware attacks, warning in a new memo that cybercriminals are shifting from stealing data to disrupting core operations.

Read more...

FireEye is Selling its Products Business and Name for $1.2 Billion

2021-06-02

CNBC: The U.S. cybersecurity firm said the sale will split Mandiant Solutions, its cyber forensics unit, from its cloud security, network and email products.

Read more...

Why a Culture of Silence and Driving Mistakes Underground is Bad for Everyone

2021-06-02

ZDNet: Cybersecurity works best when people know that their corporate information security team will be sympathetic to mistakes. That's because, if someone suspects they may have clicked a phishing link or fallen victim to a cyberattack, they're much more likely to be open about it – and that helps the whole organisation stay secure against malicious hackers.

Read more...

Two-Thirds of Organizations Plan to Improve Their Cybersecurity in the Wake of Devastating Ransomware Attacks

2021-06-02

KnowBe4: With 81% of organizations believing ransomware attacks will become more prevalent in the second half of 2021, nearly everyone is preparing for the worst to come.

Read more...

Security Leaders More Concerned About Legal Settlements Than Regulatory Fines

2021-06-01

Help Net Security: An overwhelming 90% of security leaders are concerned about group legal settlements following a serious data breach, compared to 85% who are worried about regulatory fines, Egress reveals.

Read more...

Reserve Bank Moves to Address Cyber Vulnerability After KPMG Report

2021-05-31

RNZ: A report by consultancy KPMG has uncovered shortcomings in the Reserve Bank's data protection practices, which resulted in it becoming a victim of a cyber-attack on the third-party file-sharing application it used to share and store information.

Read more...