The target: GoDaddy, a U.S based website domain registrar and web hosting company.
The take: 1.2 million records of customer information including: email addresses, SSH keys, and database usernames and passwords.
The attack vector: The threat actor gained access to GoDaddy’s hosting servers through a compromised employee account, granting them the same access to all the systems the firm’s user had. Multi-factor authentication was not enabled.
This breach highlights not only the ever-present threat that compromised employee accounts pose to firms, but also the critical importance of proper credential management. Employing Multi-factor authentication is a key part of maintaining a robust cybersecurity posture and ensuring company and customer data Is only accessed by authorized parties.
New York Post: Two federal agencies warned Americans to “remain vigilant” about their online security during the long Thanksgiving weekend after a year full of high-profile hacks.
Tech Radar: Polling 3,600 business and technology executives from around the world for the report, PwC found multiple factors contributing to the rising threat of cybercrime, including lower barrier for entry for numerous types of malware attacks, rising complexity of organizations due to mergers and acquisitions, remote working, or multi-vendor environments, to name but a few.
ETF Trends: Cybersecurity is such an important theme that there an entire month devoted to awareness of it. For investors, the relevance of cybersecurity lasts for all 12 months of the year, and there are multiple avenues for addressing that relevance.
Help New Security: Bugcrowd released a report which provides CIOs and CISOs valuable insight on ethical hackers and the economics of security research. New findings indicate a startling shift in the threat landscape with 8 out of 10 ethical hackers recently having identified a vulnerability they had never seen before.
The target: RedDoorz, a Singapore based hotel booking site.
The take: Exposure of 5.9 million records of Personally Identifiable Information including: names, contact numbers, email addresses, dates of birth, encrypted passwords and booking information.
The attack vector: The attacker gained access to an Amazon Web Services key which was embedded in an APK (Android Application Package), a piece of software used in their systems. Had the firm examined the APK, they could have prevented the exploit by removing the AWS key from the APK.
This breach highlights the critical importance of IT asset management, specifically just how necessary it is that firms are aware of what software they are using and how it is being deployed. Regular auditing of all software configurations, especially where customer data is stored, across the firm is essential for maintaining a robust cybersecurity posture.
The Hill: The Senate is eyeing the annual defense bill as a vehicle to attach critical provisions to improve the nation’s cybersecurity following a devastating year in which major attacks left the government flat-footed.
ZDNet: The Series D funding round was led by existing investors Sutter Hill Ventures, Altimeter Capital, D1 Capital Partners, and Tiger Global Management.
Bleeping Computer: The warning was issued as a joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom's National Cyber Security Centre (NCSC).
Politico: The FBI could be sidelined in new cybersecurity legislation, a top Bureau official told lawmakers. And, in the view of America’s most powerful law enforcement agency, that would be a big problem.
The Hill: The Department of Homeland Security (DHS) announced a new program to attract and retain cybersecurity professionals, as major cyber incidents have ticked up over the past year and are drawing more government attention.
The target: Robin Hood, a U.S based investment and trading platform.
The take: Exposure of an estimated 7 million customer accounts with Personally Identifiable Information including: 5 million email addresses and 2 million full names. For a small number of the exposed records, dates-of-birth and zip codes were also vulnerable.
The attack vector: The attacker used social engineering to target one of Robin Hood’s Customer Support Representatives, tricking them into thinking they had authentication to access the firm’s internal systems and handed over their credentials. Using these legitimate permissions, the threat actors immediately accessed the sensitive data.
This breach highlights the great and always on-going risk that social engineering attacks pose to organizations. The strongest security controls are often only as effective as the employees who maintain them. Regular awareness testing and training, along with an emphasis on the importance of critical thinking and caution when receiving access requests from third parties is critical to a robust cybersecurity posture.
Arab News: The growing popularity of e-commerce, online public services and social media in Saudi Arabia has brought many benefits that can improve the quality of day-to-day life.
Lexology: Cyber security breaches are overwhelmingly the greatest staff-related risk for a financial services business, according to a survey of Channel Island employers at Walkers' three-day virtual employment law conference.
ZDNet: US Vice President Kamala Harris said the US will be joining the Paris Call for Trust and Security in Cyberspace -- a voluntary agreement between more than 80 countries, local governments, and tech companies centered on advancing cybersecurity and "preserving the open, interoperable, secure, and reliable Internet."
Dark Reading: A recent surge in Clop ransomware attacks led researchers to spot a common thread in the first stage of the attack: the exploitation of a known and patched vulnerability in SolarWinds Serv-U file server software.
BNN Bloomberg: An investor group led by buyout firms Advent International Corp., Permira Advisers and others agreed to take McAfee Corp. private in a deal that values the cybersecurity software maker at more than US$14 billion including debt.
The target: UMass Memorial Health, a Massachusetts-based healthcare network.
The take: 209,000 records of Personally Identifiable Information including: names, dates of birth, medical record numbers, health insurance information, and clinical treatment information with dates of services, diagnoses, procedure information, and prescription details.
The attack vector: The firm’s IT system was compromised when an employee fell for a phishing email. This granted the attackers access to all the files and programs to which the employee’s account was authorized to view.
This breach highlights the ongoing threat that phishing attacks pose for firms and remain one of the greatest security threats to an entire organization. Regular social engineering and awareness testing and training, along with tone-from-the-top messaging to emphasize the importance of critical thinking and caution are crucial to protecting sensitive information assets.
Yahoo News: The U.S. State Department on Thursday announced a reward of up to $10 million for information leading to the identification or location of anyone with a key leadership position in DarkSide, a cybercrime organization the FBI has said is based in Russia.
CBC: One cybersecurity expert says the cyberattack on the Newfoundland and Labrador health-care system may be the worst in Canadian history, and has implications for national security.
Tech Crunch: The Biden administration has ordered nearly all federal agencies to patch hundreds of security bugs, some that were first found the best part of a decade ago.
BBC: Labour has yet to reveal who the third party is, the scale of the incident or what type of data was affected.
Dark Reading: As the cryptocurrency and digital asset markets mature, so have hackers' approaches to compromising exchanges, asset owners, and other parts of the crypto-financial ecosystem. Whereas cryptocurrencies' role in attacks used to simply be ransomware payments, the market has changed.
Think Advisor: SEC Commissioner Elad Roisman, a Republican, wants the agency to write a rule clarifying when advisors and broker-dealers must inform investors and the commission about a cybersecurity breach.