learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: GM

      The Target: General Motors, a U.S based automobile company.

      The Take: Exposure of Personally Identifiable Information including: first and last names, email address, physical address, username, phone numbers, profile picture, and usable reward point balance. 

      The Vector: Through a credential stuffing attack, the threat actors leveraged customer’s unsecure passwords already exposed through other means and were able to access user’s GM customer accounts. While banking information was not exposed, customer reward-card balances were freely able to be accessed and were used by the attackers to fraudulently redeem rewards. 

      This breach is a stark reminder that credential hygiene is an important piece in an overall robust cybersecurity posture. Enforcing multi-factor authentication, reasonably regular forced password resets, and password length and complexity rules are all effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.

      Read more...

      MAS Slaps Additional S$330m Capital Requirement on OCBC Over its Response to SMS Scams

      2022-05-26

      The Business Times: THE Monetary Authority of Singapore (MAS) has imposed an additional capital requirement of about S$330 million on OCBC Bank for its deficiencies in responding to a wave of spoofed SMS phishing scams in December 2021.

      Read more...

      How Private Equity Firms Can Prepare For The SEC's Proposed Cybersecurity Rules

      2022-05-25

      Mondaq: On February 9, 2022, the SEC released proposed rules relating to cybersecurity risk management, incident reporting, and disclosure for registered investment advisers ("RIAs") and funds that would impose sweeping new cybersecurity obligations for RIAs to private equity funds. 

      Read more...

      Cybersecurity Firm Semperis Raises Over $200 Million in KKR-Led Round

      2022-05-24

      U.S. News: U.S. cybersecurity software firm Semperis said it has raised over $200 million in a funding round led by private equity firm KKR & Co Inc at a valuation substantially higher than in its previous round.

      Read more...

      New Hedge Fund Cybersecurity Report Reveals Changes Firms are Making in a Post-Pandemic World

      2022-05-24

      Cision: Agio, a leading cybersecurity and managed IT provider for financial services firms, published its inaugural 2022 Hedge Fund Cybersecurity Trends Report today. The survey was conducted in Q1 and captured the opinions and perceptions of recent, current, and future cybersecurity programs, readiness, and initiatives from 100 hedge fund practitioners across the technology, operations, cybersecurity, and compliance fields.

      Read more...

      Cloudflare CEO Explains Why the Cybersecurity Firm is Still Operating in Russia

      2022-05-24

      Yahoo News: Cloudflare CEO Matthew Prince is standing by the secure networking company's decision to keep operating in Russia even as most Western companies have pulled out of the country for its war on Ukraine.

      Read more...

      US Senate: Govt’s Ransomware Fight Hindered by Limited Reporting

      2022-05-24

      Bleeping Computer: A report published today by U.S. Senator Gary Peters, Chairman of the Senate Homeland Security and Governmental Affairs Committee, says law enforcement and regulatory agencies lack insight into ransomware attacks to fight against them effectively.

      Read more...

      SolarWinds: Here's How We're Building Everything Around This New Cybersecurity Strategy

      2022-05-24

      ZDNet: It was one of the largest cyber-espionage attacks of recent times: hackers compromised several United States government federal agencies as well as big tech companies, and were inside networks for months before anyone spotted them. 

      Read more...

      Know Your Breach: TDI

      The Target: Texas Department of Insurance. 

      The Take: 2 million records of Personally Identifiable Information affecting 1.8 million individuals were exposed, including: social security numbers, addresses, dates of birth, phone numbers, and worker injury information. 

      The Vector: A configuration error with an online web portal which manages worker’s compensation information was not properly secured, allowing members of the public to freely access pages of the site containing sensitive information.

      This breach is a stark reminder of the importance of access control around public-facing web applications and the configuration of settings that control them. Sensitive information must be protected and ensuring proper authentication and credential management is being used is a key core of maintaining a robust cybersecurity posture.

      Read more...

      U.S. Narrows Scope of Anti-Hacking Law Long Hated by Critics

      2022-05-19

      Insurance Journal: The Department of Justice is changing its policy around a controversial anti-hacking law, addressing longstanding complaints from cybersecurity researchers that the law could criminalize good-faith efforts to improve technology.

      Read more...