shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: PAN

      Apr 1, 2022 12:03:03 PM

      The Target: Palo Alto Networks, a U.S based cybersecurity company. 

      The Take: Exposure of Personally Identifiable Information including: names, business contact information, conversation records, conversation records, email addresses, and support tickets with attachments such as firewall logs, configurations, and other debugging assets.

      The Vector: A misconfiguration of Palo Alto’s support ticketing system allowed anyone with an internet connection to login and view support tickets, gaining access to personal and client company information.

      The breach is critical reminder of the importance of credential management and authentication around points of access which expose customer data. The information gathered in support scenarios is especially sensitive as the exposed details can greatly aid malicious actors in crafting highly targeted and effective spear-phishing campaigns. All points of access should be appropriately locked down and employing another layer of security like Two-Facto Authentication is highly recommended.

      Read more...

      Topics:Know Your Breach

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates