learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: Halfords

      The Target: Halfords, a U.K-based automobile maintenance service.

      The Take: Exposure of Personally Identifiable Information of current and past customers including: telephone number, car details, and physical address location.

      The Vector: The firm’s automated confirmation email which contained a URL link for order tracking with ID in the address. By incrementing the ID number, different orders belonging to other customers were able to be freely accessed and seen.

      The breach is critical reminder of the importance of credential management and authentication around points of access which expose customer data. The information stored in customer record scenarios is especially sensitive as the exposed details can greatly aid malicious actors in crafting highly targeted and effective spear-phishing campaigns. All points of access to sensitive data should be appropriately locked down, minimizing unnecessary and dangerous exposure of customer information.

      Read more...

      OpenSea Reports Email Data Breach

      2022-06-30

      CoinDesk: Watch out for phishing emails, says OpenSea, after staff at the world’s largest NFT marketplace discovered that an employee of Customer.io, a platform for managing email newsletters and campaigns, leaked the list of OpenSea customers’ emails to an outside party.

      Read more...

      N. Korean Hackers Suspected of stealing $100 Million Crypto From US Firm

      2022-06-30

      Korea Herald: North Korea’s state-sponsored Lazarus Group is believed to be behind the recent $100 million cryptocurrency theft from a US blockchain company, the latest in a spate of high-profile cyber heists from the Kim Jong-un regime, London-based blockchain analytics firm Elliptic said.

      Read more...

      Cybersecurity Startups, Once the VC Darling, Hammered by Layoffs

      2022-06-29

      Tech Crunch: On the face of it, the cybersecurity sector is doing just fine. Demand for cybersecurity products remains high as cyberattacks continue to blight both public and private-sector businesses, and investor enthusiasm for all things cyber-related remains strong.

      Read more...

      Norway Hit with Cyberattack, Temporarily Suspending Service

      2022-06-29

      The Hill: Norway’s public and private sector websites were temporarily down on Wednesday following a cyberattack that targeted the country’s national data network, forcing it to suspend online services for several hours.

      Read more...

      What Drives Private Equity Firms to Acquire Cybersecurity Companies

      2022-06-28

      Gulf Business: Digital transformation has moved to the top of corporate agendas in nearly every vertical in the region. Over the last couple of years, organisations have digitised at great speed to adapt to hybrid work and achieve greater efficiency and competitiveness.

      Read more...

      Ransomware is the Biggest Global Cyber Threat. And the Attacks are Still Evolving

      2022-06-28

      ZDNet: Ransomware is the biggest cybersecurity threat facing the world today, with the potential to significantly affect whole societies and economies – and the attacks are unrelenting, the head of the National Cyber Security Centre (NCSC) has warned. 

      Read more...

      Alternative Investment Institutions Increasing Investment in Digital Transformation with Embedded Security; Partnering with MSPs Critical to Success

      2022-06-27

      Business Wire: ECI, the leader in public cloud and cybersecurity managed services for the global financial services industry, recently commissioned IDC to write the white paper "Cybersecurity and Digital Transformation of Global Alternative Asset Institutions: A Critical Pairing” to understand the intersection of cybersecurity and digital transformation (DX) for global alternative investment institutions. 

      Read more...

      Know Your Breach: StoreHub

      The Target: StoreHub, a Malaysian point-of-sale software vendor.

       The Take: Exposure of 1 million customers accounts with 1.7 billion records of Personally Identifiable Information including: full names, phone numbers, physical addresses, email address, device types, order information, partially masked credit card numbers, and access tokens. 

      The Vector: A completely unsecured AWS Elasticsearch database server with no authentication, or data encryption, was left open and accessible to anyone with an internet connection.

      This breach highlights the critical importance of employing robust practices of credential management, user authentication and validation. The personal information, along with the event logs and sensitive company information, can lead to highly effective phishing attacks. Furthermore, the use of encryption on user data can help secure sensitive information in the event of a breach and its use is widely considered a key pillar of a robust cybersecurity posture.

      Read more...

      Phishing Reaches All-time High in Early 2022

      2022-06-15

      Help Net Security: The APWG’s Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks—the worst quarter for phishing observed to date. This quarter was the first time the three-month total has exceeded one million. There were 384,291 attacks in March 2022, which was a record monthly total.

      Read more...

      Got Hit by a Cyberattack? Hackers Will Probably Come After You Again - Within a Year

      2022-06-15

      ZDNet: Most companies that get hit by a cyberattack are likely to fall victim again – sometimes repeatedly – as many struggle to improve their cybersecurity strategy, even after incidents. 

      Read more...

      Businesses Need to Be More Aggressive with Their Cyber Security, Cisco Warns

      2022-06-15

      ITPro: Governments have published numerous advisories warning businesses of the increased risk of spillover cyber attacks from the ongoing cyber war. Being aggressive with security can help keep out adversaries that are currently scanning businesses for weak points that have network access, Cisco’s experts said at Cisco Live 2022.

      Read more...

      Microsoft Acquires Cybersecurity Company Miburo to Boost Its Cyberthreat Detection Research Capabilities

      2022-06-14

      PYMNTS: Microsoft announced its plans to acquire cyberthreat analysis and research company Miburo in a Tuesday (June 14) blog post. The cybersecurity company specializes in detecting and responding to foreign information operations.

      Read more...

      Cybersecurity Threatens Financial Stability: Moody’s

      2022-06-14

      Investment Executive: With cyber threats posing a growing risk to financial stability, the European Union (EU) is imposing tougher cybersecurity standards, Moody’s Investors Service reports.

      Read more...

      New Federal Bill Would Compel Key Industries to Bolster Cyber Security — or Pay a Price

      2022-06-14

      CBC: The federal government has tabled a bill that would allow it to compel companies in the finance, telecommunications, energy and transportation sectors to either shore up their cyber systems against attacks or face expensive penalties.

      Read more...

      Hackers Clone Coinbase, MetaMask Mobile Wallets to Steal Your Crypto

      2022-06-13

      Bleeping Computer: Security researchers have uncovered a large-scale malicious operation that uses trojanized mobile cryptocurrency wallet applications for Coinbase, MetaMask, TokenPocket, and imToken services.

      Read more...

      Know Your Breach: MyEasyDocs

      The Target: MyEasyDocs, an India-based online documents verification platform.

      The Take: Exposure of 57,000 customer’s, in this case students, Personally Identifiable Information including: full names, phone numbers, grades, subject majors, email addresses, dates of graduation, National ID and School registration number.

      The Vector: The breach occurred through a misconfigured Microsoft Azure database, letting anyone with internet access connect and download the sensitive data.

      This breach highlights the critical importance of employing robust practices of credential management, user authentication and validation. An unprotected point of entry on a key piece of equipment like a storage server can lead to a breach with a cascading effect on data security. The detailed personal information, along with the event logs and sensitive company information, can lead to highly effective phishing attacks.

      Read more...

      Cyber Criminals Are Spending Longer Inside Business’ Networks After the Initial Breach

      2022-06-08

      Tech Central: Rogue actors who do not use ransomware are spending the most time inside small businesses with the average dwell time observed to be 51 days in organisations with fewer than 250 employees. Attackers targeting larger (3,000-5,000 employees) organisations spend on average just 20 days inside.

      Read more...

      Beijing-backed Hackers Breach ‘Major Telecommunications Companies,’ Authorities Warn

      2022-06-08

      The Hill: Cyber hackers backed by China are successfully targeting U.S. telecommunications companies in major breaches, the federal Cybersecurity and Infrastructure Security Agency (CISA) warned.

      Read more...

      Cybersecurity Groups Push US to Boost Collaboration on Hacks

      2022-06-07

      Financial Post: Business leaders and cybersecurity experts are pushing the Biden administration to step up efforts to quell big hacks against US companies. 

      Read more...

      Deutsche Bank Feared Russia Would Plant Spies Among IT Workers it Relocated to Berlin, Report Says

      2022-06-07

      Yahoo News: Deutsche Bank was so concerned Russia would plant government spies among hundreds of IT workers that it relocated from Russia to Berlin in the months following the invasion of Ukraine, a senior manager at the bank told The Financial Times.

      Read more...

      Nearly 3 in 4 family Offices Faced Cyber Breaches in Recent Years: EY

      2022-06-07

      Business Times: ALMOST 3 quarters or 74 per cent of single family offices (SFO) surveyed by EY experienced some form of cybersecurity or data breach in recent years, according to a new study conducted by the advisory services firm.

      Read more...

      How Crypto Giant Binance Became a Hub for Hackers, Fraudsters and Drug Traffickers

      2022-06-07

      IOL: In September 2020, a North Korean hacking group known as Lazarus broke into a small Slovakian crypto exchange and stole virtual currency worth some $5.4 million (R837m). It was one of a string of cyber heists by Lazarus that Washington said were aimed at funding North Korea's nuclear weapons programme.

      Read more...

      Cybersecurity M&A Activity Shows No Signs of Slowdown

      2022-06-06

      Dark Reading: Cloud security vendor Lacework's recent announcement that it will reduce head count as part of a restructuring plan — just months after it secured $1.3 billion in a record-setting funding round — may have shocked the high-flying cybersecurity sector, but industry analysts say the layoffs do not signal any broad, imminent industry slowdown.

      Read more...

      Know Your Breach: Verizon

      The Target: Verizon, a U.S multinational telecommunications company.

       The Take: Exposure of an employee database containing Personally Identifiable Information including: full names, email addresses, and phone numbers. 

      The Vector: The attacker posed as an internal support agent and tricked an employee into allowing them to remotely access their corporate computer. From there, the threat actor gained access to a Verizon internal tool that displayed employee information, from there they wrote a script to scrape and export the data. 

      This breach highlights the ongoing and ever-present need for employee training to protect a firm against social engineering attacks. While Verizon’s systems were not penetrated or affected in any way, the attacker was still able to exploit an employee’s ignorance to exfiltrate sensitive company data. The human component of cybersecurity is a very real and important piece of the overall picture of cybersecurity posture.

      Read more...

      Singapore Mandates 'Kill Switch' for Banks as Safeguard Against Online Scams

      2022-06-02

      ZDNet: Banks in Singapore will have to provide a "kill switch" as part of a new slew of security measures to safeguard against growing online scams. Consumers also are urged to access their accounts via mobile banking apps, instead of web browsers, to minimise risks. 

      Read more...

      China's Draft Cybersecurity Rules Pose Risks for Financial Firms, Lobby Group Warns

      2022-06-02

      Nasdaq: China's proposed cybersecurity rules for financial firms could pose risks to operations of western companies by making their data vulnerable to hacking, among other things, a leading lobby group has said in a letter seen by Reuters.

      Read more...

      Paladin Capital Group Announces Close of $372 Million Cyber Fund II

      2022-06-01

      Business Wire: Paladin Capital Group, a leading cyber and advanced technology investor, announced the closing of its Cyber Fund II (“the Fund”), a $372 million multi-stage fund that invests in cybersecurity startups bringing innovative technologies to market. The Fund surpassed its initial target of $250 million.

      Read more...

      Bad News: The Cybersecurity Skills Crisis is About to Get Even Worse

      2022-06-01

      ZDNet: Nearly a third of the cybersecurity workforce is planning to leave the industry in the near future, new research suggests, leaving organizations in a troubling position as the threat landscape evolves "at an alarming rate".

      Read more...

      Germany Issues Fresh Warning to Banks of Cyber Attacks Due to Ukraine War

      2022-05-31

      U.S. News: The German financial regulator BaFin issued a fresh cyber security warning to the nation's financial sector due to the war in Ukraine following a recent increase in cyber attacks.

      Read more...

      'Cybersecurity Disclosure Can Make Companies Vulnerable to Attacks'

      2022-05-30

      FT Adviser: Our increasing reliance on technology has positives but it can also bring the bad, and when it comes to disclosure, this can make a company more vulnerable to cyber attacks, warns Carlota Garcia-Manas.

      Read more...

      50k Customers Caught Up in Spirit Super Phishing Attack

      2022-05-30

      it News: As many as 50,000 members of Tasmanian-based industry super fund Spirit Super may have had their sensitive personal information compromised after a phishing attack earlier this month.

      Read more...