learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: GoDaddy

      The target: GoDaddy, a U.S based website domain registrar and web hosting company.

      The take: 1.2 million records of customer information including: email addresses, SSH keys, and database usernames and passwords.

      The attack vector: The threat actor gained access to GoDaddy’s hosting servers through a compromised employee account, granting them the same access to all the systems the firm’s user had. Multi-factor authentication was not enabled.

      This breach highlights not only the ever-present threat that compromised employee accounts pose to firms, but also the critical importance of proper credential management. Employing Multi-factor authentication is a key part of maintaining a robust cybersecurity posture and ensuring company and customer data Is only accessed by authorized parties.

      Read more...

      Federal Agencies Issue Cybersecurity Warning Ahead of Thanksgiving

      2021-11-24

      New York Post: Two federal agencies warned Americans to “remain vigilant” about their online security during the long Thanksgiving weekend after a year full of high-profile hacks.

      Read more...

      Most Businesses Expect Cybersecurity Threats to Increase Over the Next Year

      2021-11-23

      Tech Radar: Polling 3,600 business and technology executives from around the world for the report, PwC found multiple factors contributing to the rising threat of cybercrime, including lower barrier for entry for numerous types of malware attacks, rising complexity of organizations due to mergers and acquisitions, remote working, or multi-vendor environments, to name but a few.

      Read more...

      Russian Cybersecurity Entrepreneur Detained for Treason Claims Innocence

      2021-11-23

      The Moscow Times: Top cybersecurity entrepreneur Ilya Sachkov, who was arrested under charges of “state treason” in late September, has claimed he is innocent and asked Russian President Vladimir Putin to transfer him from jail to house arrest during the investigation. 

      Read more...

      US Government Issues Thanksgiving Ransomware Warning

      2021-11-22

      CNN: US officials are telling American businesses and government organizations to take extra precautions against hackers this Thanksgiving following multiple ransomware attacks during previous holiday periods.

      Read more...

      Cybersecurity Investing Always Fashionable

      2021-11-22

      ETF Trends: Cybersecurity is such an important theme that there an entire month devoted to awareness of it. For investors, the relevance of cybersecurity lasts for all 12 months of the year, and there are multiple avenues for addressing that relevance.

      Read more...

      Ethical Hackers and the Economics of Security Research

      2021-11-22

      Help New Security: Bugcrowd released a report which provides CIOs and CISOs valuable insight on ethical hackers and the economics of security research. New findings indicate a startling shift in the threat landscape with 8 out of 10 ethical hackers recently having identified a vulnerability they had never seen before.

      Read more...

      4 Key Cybersecurity Threats to New Central Bank Digital Currencies

      2021-11-20

      World Economic Forum: With G7 officials recently endorsing principles for central bank digital currencies (CBDC), and over 80 countries launching some form of initiative related to CBDC, it seems their widespread deployment is a matter of time.

      Read more...

      Know Your Breach: RedDoorz

      The target: RedDoorz, a Singapore based hotel booking site.

      The take: Exposure of 5.9 million records of Personally Identifiable Information including: names, contact numbers, email addresses, dates of birth, encrypted passwords and booking information.

      The attack vector: The attacker gained access to an Amazon Web Services key which was embedded in an APK (Android Application Package), a piece of software used in their systems. Had the firm examined the APK, they could have prevented the exploit by removing the AWS key from the APK.

      This breach highlights the critical importance of IT asset management, specifically just how necessary it is that firms are aware of what software they are using and how it is being deployed. Regular auditing of all software configurations, especially where customer data is stored, across the firm is essential for maintaining a robust cybersecurity posture.

      Read more...

      Senators Look to Defense Bill to Move Cybersecurity Measures

      2021-11-18

      The Hill: The Senate is eyeing the annual defense bill as a vehicle to attach critical provisions to improve the nation’s cybersecurity following a devastating year in which major attacks left the government flat-footed.  

      Read more...

      Cloud Security Firm Lacework Secures $1.3 Billion In New Funding Round

      2021-11-18

      ZDNet: The Series D funding round was led by existing investors Sutter Hill Ventures, Altimeter Capital, D1 Capital Partners, and Tiger Global Management. 

      Read more...

      US, UK Warn of Iranian Hackers Exploiting Microsoft Exchange, Fortinet

      2021-11-17

      Bleeping Computer: The warning was issued as a joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom's National Cyber Security Centre (NCSC).

      Read more...

      Vaccine Research Among Cyber Attack Targets

      2021-11-17

      BBC: The National Cyber Security Centre says it handled a record 777 incidents between August 2020 and September 2021. Its annual review said protecting the health sector became an urgent priority over the period.

      Read more...

      FBI Left Out of the Loop In Cyberattack Reporting Bill

      2021-11-16

      Politico: The FBI could be sidelined in new cybersecurity legislation, a top Bureau official told lawmakers. And, in the view of America’s most powerful law enforcement agency, that would be a big problem.

      Read more...

      Ethical Hackers Reduce $27 Billion In Risk During COVID-19 Vulnerability Surge

      2021-11-26

      Cision: Bugcrowd, the world's first crowdsourced cybersecurity platform for multiple solutions, released its annual Inside the Mind of a Hacker '21 report, which provides CIOs and CISOs valuable insight on ethical hackers and the economics of security research.

      Read more...

      DHS Announces New Program to Attract and Retain Cybersecurity Talent

      2021-11-15

      The Hill: The Department of Homeland Security (DHS) announced a new program to attract and retain cybersecurity professionals, as major cyber incidents have ticked up over the past year and are drawing more government attention.

      Read more...

      Know Your Breach: Robin Hood

      The target: Robin Hood, a U.S based investment and trading platform.

      The take: Exposure of an estimated 7 million customer accounts with Personally Identifiable Information including: 5 million email addresses and 2 million full names. For a small number of the exposed records, dates-of-birth and zip codes were also vulnerable.

      The attack vector: The attacker used social engineering to target one of Robin Hood’s Customer Support Representatives, tricking them into thinking they had authentication to access the firm’s internal systems and handed over their credentials. Using these legitimate permissions, the threat actors immediately accessed the sensitive data. 

      This breach highlights the great and always on-going risk that social engineering attacks pose to organizations. The strongest security controls are often only as effective as the employees who maintain them. Regular awareness testing and training, along with an emphasis on the importance of critical thinking and caution when receiving access requests from third parties is critical to a robust cybersecurity posture.

      Read more...

      Ethical Hackers In Saudi Arabia Take On Cybercriminals, Fraudsters

      2021-11-12

      Arab News: The growing popularity of e-commerce, online public services and social media in Saudi Arabia has brought many benefits that can improve the quality of day-to-day life.

      Read more...

      Cyber Security Breaches Are Greatest Staff-Related Risk, According to Attendees of Walkers’ Employment Conference on Equipping the Board

      2021-11-11

      Lexology: Cyber security breaches are overwhelmingly the greatest staff-related risk for a financial services business, according to a survey of Channel Island employers at Walkers' three-day virtual employment law conference.

      Read more...

      VP Harris Announces US Support for International Cybersecurity Partnership in Paris

      2021-11-11

      ZDNet: US Vice President Kamala Harris said the US will be joining the Paris Call for Trust and Security in Cyberspace -- a voluntary agreement between more than 80 countries, local governments, and tech companies centered on advancing cybersecurity and "preserving the open, interoperable, secure, and reliable Internet."

      Read more...

      Cyber Budgets of UK Enterprises Shrank During COVID-19 Pandemic: Report

      2021-11-11

      UKTN: The unexpected onset of the COVID-19 pandemic and the shift of workspace have led to a rapid increase in cyber-attacks across the world. According to Check Point research, the number of ransomware assaults worldwide increased by 102% in 2021.

      Read more...

      SolarWinds Vulnerability Exploited In First Stage of Clop Ransomware Attacks

      2021-11-10

      Dark Reading: A recent surge in Clop ransomware attacks led researchers to spot a common thread in the first stage of the attack: the exploitation of a known and patched vulnerability in SolarWinds Serv-U file server software.

      Read more...

      McAfee to Be Taken Private In US$14B Deal Including Debt

      2021-11-08

      BNN Bloomberg: An investor group led by buyout firms Advent International Corp., Permira Advisers and others agreed to take McAfee Corp. private in a deal that values the cybersecurity software maker at more than US$14 billion including debt.

      Read more...

      Know Your Breach: Umass Memorial Health

      The target: UMass Memorial Health, a Massachusetts-based healthcare network.

      The take: 209,000 records of Personally Identifiable Information including: names, dates of birth, medical record numbers, health insurance information, and clinical treatment information with dates of services, diagnoses, procedure information, and prescription details.

      The attack vector: The firm’s IT system was compromised when an employee fell for a phishing email. This granted the attackers access to all the files and programs to which the employee’s account was authorized to view. 

      This breach highlights the ongoing threat that phishing attacks pose for firms and remain one of the greatest security threats to an entire organization. Regular social engineering and awareness testing and training, along with tone-from-the-top messaging to emphasize the importance of critical thinking and caution are crucial to protecting sensitive information assets.

      Read more...

      U.S. Offers $10 Million Reward In Hunt for DarkSide Cybercrime Group

      2021-11-04

      Yahoo News: The U.S. State Department on Thursday announced a reward of up to $10 million for information leading to the identification or location of anyone with a key leadership position in DarkSide, a cybercrime organization the FBI has said is based in Russia.

      Read more...

      N.L. Health-care Cyberattack Is Worst In Canadian History, Says Cybersecurity Expert

      2021-11-04

      CBC: One cybersecurity expert says the cyberattack on the Newfoundland and Labrador health-care system may be the worst in Canadian history, and has implications for national security.

      Read more...

      US Federal Agencies Told to Patch Hundreds of Security Bugs

      2021-11-03

      Tech Crunch: The Biden administration has ordered nearly all federal agencies to patch hundreds of security bugs, some that were first found the best part of a decade ago.

      Read more...

      Labour Party Members' Data Hit By Cyber Incident

      2021-11-03

      BBC: Labour has yet to reveal who the third party is, the scale of the incident or what type of data was affected.

      Read more...

      Cyber Command Head Says US Has Carried Out A 'Surge' to Address Ransomware Attacks

      2021-11-03

      CNN: US Cyber Command head and director of the National Security Agency Gen. Paul Nakasone said Wednesday that the US had "conducted a surge" over the past three months to address the problem of ransomware attacks on US interests.

      Read more...

      How Hackers Are Targeting Cryptocurrency

      2021-11-02

      Dark Reading: As the cryptocurrency and digital asset markets mature, so have hackers' approaches to compromising exchanges, asset owners, and other parts of the crypto-financial ecosystem. Whereas cryptocurrencies' role in attacks used to simply be ransomware payments, the market has changed.

      Read more...

      SEC Commissioner Wants Cyber Rules for Advisors, BDs

      2021-11-01

      Think Advisor: SEC Commissioner Elad Roisman, a Republican, wants the agency to write a rule clarifying when advisors and broker-dealers must inform investors and the commission about a cybersecurity breach.

      Read more...