shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: Revere Health

      The target: Revere Health, a Utah based multispecialty physician group. 

      The take: Personally Identifiable Information of 12,000 patients including: medical record numbers, dates of birth, provider names, and procedures and insurance names.

      The attack vector: An employee of Revere Health fell victim to a phishing attack, allowing the attacker control of their email account.

      Phishing attacks against individual employees remain one of the greatest security threats to an entire organization. Regular social engineering and awareness testing and training, along with tone-from-the-top messaging to emphasize the importance of critical thinking and caution are crucial to protecting sensitive information assets.

      Read more...

      The Government-industry Cyberdefense Dance

      2021-08-26

      Axios: After assembling a team of tough-minded regulators to take on big technology companies, the Biden administration on Wednesday called on many of those same companies to work with the federal government to address a growing wave of cyberattacks.

      Read more...

      Managing Cybersecurity Risk: Four Options for CEOs, CFOs and Risk Officers

      2021-08-26

      Forbes: Cybersecurity risk, once the focus of technology professionals, is now a boardroom topic. CEOs, CFOs, risk officers and audit committees are seeing cybersecurity risk come into the scope of their roles.

      Read more...

      A COVID-19 Phishing Caper

      2021-08-26

      KnowBe4: A new phishing campaign is exploiting the ongoing uncertainty about company policies related to COVID-19, according to Roger Kay at INKY. 

      Read more...

      Hackers Drained Their Coinbase Accounts. The Victims Want Answers.

      2021-08-24

      NBC News: For Tanja Vidovic, it was a moment of panic: She had received a series of alerts about someone changing access to her cryptocurrency account. And she realized, as she stared at her computer screen, that nearly all of her $168,000 in holdings was gone — vanished before her eyes.

      Read more...

      80% of Global Businesses Expect a Breach of Customer Records In the Next Year

      2021-08-24

      Security Magazine: The findings come from Trend Micro’s biannual Cyber Risk Index (CRI) report, which measures the gap between respondents’ cybersecurity preparedness versus their likelihood of being attacked.

      Read more...

      Singapore, US Pledge Deeper Collaboration In Cybersecurity

      2021-08-23

      ZDNet: Singapore and the US have inked a series of memorandums of understanding (MOUs) to widen their collaboration in cybersecurity across defence, financial, and research and development.

      Read more...

      Ransomware Attacks Doubled In Frequency During Pandemic

      2021-08-23

      IT Pro Portal: Phishing may be the most common cybersecurity threat in the UK, but it could be only a matter of time before ransomware snatches the crown, a report from cybersecurity firm CybSafe suggests.

      Read more...

      Know Your Breach: Ford

      The target: Ford, a U.S based maker of automobiles.

      The take: Exposure of Personally Identifiable Information including: customer and employee records, finance account numbers, database names and tables, internal support tickets, user profiles, and authentication access tokens,  

      The attack vector: A known vulnerability present in one of Ford’s misconfigured customer management interfaces named Pega Infinity, could have allowed an attacker access to the backend web panel. From here, they could execute malicious commands through the URL to retrieve data base tables, run queries, and more critically, perform administrative actions.

      This breach highlights the importance of having processes in place to update software in a timely manner, an essential part of complying with industry standard cybersecurity practices. Furthermore, this exposure also demonstrates how one exposed point of access can have a cascading and multiplying effect on the severity of a breach.

      Read more...

      Financial Institutions Are Prime Targets for Cybercriminals and Future Attacks Are 'Inevitable'

      2021-08-19

      Institutional Asset Manager: According to IBM, 23 per cent of all cyber-attacks are directed at financial institutions, while the total cost of a single data breach is the second largest among all industries, costing financial organisations USD5.72 million on average.

      Read more...

      Ransomware Attacks Are Now the Second Most Commonly Reported Security Incident

      2021-08-19

      Beta News: Analysis by CybSafe of incidents reported to the UK's Information Commissioner's Office (ICO) shows that ransomware attacks made up 22 percent of all reported cyber security incidents in the first half of 2021. This is up from 11 percent in the first half of 2020.

      Read more...

      More Than $90 Million in Cryptocurrency Stolen After a Top Japanese Exchange is Hacked

      2021-08-19

      CNBC: Japanese cryptocurrency exchange Liquid said Thursday it has been hit by a cyberattack that saw hackers make off with a reported $97 million worth of digital coins.

      Read more...

      SEC Charges Pearson plc for Misleading Investors About Cyber Breach

      2021-08-16

      SEC: The Securities and Exchange Commission today announced that Pearson plc, a London-based public company that provides educational publishing and other services to schools and universities, agreed to pay $1 million to settle charges that it misled investors about a 2018 cyber intrusion involving the theft of millions of student records, including dates of births and email addresses, and had inadequate disclosure controls and procedures.

      Read more...

      World Bank and Partners Announce New Global Fund for Cybersecurity

      2021-08-16

      World Bank: Digital transformation is accelerating in many countries, offering new opportunities for economic growth and enabling low- and medium-income countries to leapfrog development through increased productivity and improved service delivery across key sectors, including finance, health, education, and agriculture.

      Read more...

      Hackers Reportedly Selling Data On 100M T-Mobile Users

      2021-08-16

      PYMNTS: T-Mobile is investigating claims that sensitive information from 100 million users is being sold on the dark web, Motherboard reported, citing contact with the seller and having seen data samples. 

      Read more...

      FINRA Warns of Phishing Campaign Exploiting Imposter Domain Names

      2021-08-16

      IT Pro: The Financial Industry Regulatory Authority (FINRA) has warned of a new phishing campaign that involves fraudulent emails using domain names pretending to be the financial regulator.

      Read more...

      Know Your Breach: Reindeer

      The target: Reindeer, a U.S-based online marketing company.

      The take: The exposure of 50,000 records of Personally Identifiable Information including: names, addresses, date of birth, email addresses, Facebook ID’s, and phone numbers.

      The attack vector: Reindeer failed to secure this AmazonS3 bucket with any credential management whatsoever, allowing anyone with an internet connection to access the data.

      While Reindeer is no longer in operation, the data they held belonged to firms that are currently operating, and this breach highlights not only the necessity of robust credential controls, but also the risks of using third party vendors. Up to date monitoring on where and what systems a firm’s data resides on is essential for maintaining the expected industry standard of cybersecurity.

      Read more...

      Ukraine Shuts Down Money Laundering Cryptocurrency Exchanges

      2021-08-12

      Bleeping Computer: The Security Service of Ukraine (SBU) took down a network of cryptocurrency exchanges used to anonymize transactions since the beginning of 2021. Over 1,000 "customers" used the clandestine exchanges to launder funds received from Russian electronic payments processors, including Yandex.Money, Qiwi, and Webmoney.

      Read more...

      Remote Working Brings Benefits, But Also sScurity Fears

      2021-08-12

      Hedge Week: The implications have been profound as it has become more critical than ever for management firms to offer staff – everyone from portfolio managers to back office teams – the ability to access essential systems remotely.

      Read more...

      Clearlake Capital Completes Strategic Equity Investment In RSA

      2021-08-12

      Markets Insider: Clearlake Capital Group, L.P. (together with its affiliates, "Clearlake") announced that it has completed its strategic equity investment in RSA Security LLC ("RSA" or the "Company").

      Read more...

      $600 Million Gone: The Biggest Crypto Theft in History

      2021-08-12

      CNN Business: Hackers have stolen some $600 million in cryptocurrency from the decentralized finance platform Poly Network, in what it says is the largest theft in the industry’s history. 

      Read more...

      Abrdn's Butwell Explains How AI Deal Will Benefit Advisers

      2021-08-11

      FT Adviser: Abrdn's head of adviser platforms has said the company's acquisition of AI-driven investment business Exo Investing will benefit advisers.

      Read more...

      Cybersecurity Giants NortonLifeLock and Avast Merge in $8.1B Deal

      2021-08-11

      Tech Crunch: U.S. cybersecurity firm NortonLifeLock has confirmed it is acquiring British rival Avast in order to create a global consumer security powerhouse.

      Read more...

      Ransomware Demands and Payments Hit New Records

      2021-08-10

      Computer Weekly: The average ransom paid by victim organisations has increased by 82% since 2020 to a record  $570,000, as cyber criminals intensify their ransomware efforts with increasingly aggressive tactics, according to data from Palo Alto Networks Unit 42 security consulting group.

      Read more...

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates