learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: Cox Communications

      The Target: Cox Communications, a U.S based digital cable provider and telecommunicating company.

      The Take: Breach of employee accounts, leading to further exposure of Personally Identifiable Information including: name, address, telephone, Cox account number, username, PIN code, account security question and answer. 

      The Vector: The threat actor impersonated a Cox Support Agent and gained access to a different employee’s credentials, which allowed them to view the sensitive data. 

      This breach highlights the ongoing and persistent threat of social engineering. Regular awareness testing and training, along with tone-from-the-top messaging to emphasize the importance of critical thinking and caution are crucial to protecting sensitive information assets.

      Read more...

      Dovell Bonnett Talks About Enterprise Password Security Solutions

      2021-12-29

      Yahoo Finance: Dovell Bonnett talks with Mission Matters about the growing importance of efficient frontend cybersecurity and how Access Smart can help businesses achieve secure networks and data by removing their weakest link – Employee-Managed Passwords.

      Read more...

      Saskatchewan Liquor and Gaming Authority Investigating Christmas Day Cybersecurity Incident

      2021-12-28

      Global News: The Saskatchewan Liquor and Gaming Authority (SLGA) reports that it has temporarily disabled certain computer systems and applications, as it investigates a cybersecurity incident that occurred on Dec. 25.

      Read more...

      Shutterfly Reports Ransomware Incident

      2021-12-27

      ZDNet: Digital photography company Shutterfly reported a ransomware attack on Sunday. The incident was first reported by Bleeping Computer, which said a source told them the company was attacked by the Conti ransomware group.  

      Read more...

      Capital One Settles Class-Action Cyber Lawsuit for $190 Million

      2021-12-23

      BNN Bloomberg: Capital One Financial Corp. agreed to pay $190 million to settle a class-action lawsuit that customers filed against the firm after a hacker broke into its cloud-computing systems and stole their personal information.

      Read more...

      Cybersecurity Startup Snyk Is Said to Plan 2022 IPO

      2021-12-23

      BNN Bloomberg: Cybersecurity startup Snyk Ltd. is making preparations for an initial public offering that could happen as early as next year, according to people familiar with the matter.

      Read more...

      Alibaba Admits It Was Slow to Report Software Bug After Beijing Rebuke

      2021-12-23

      BNN Bloomberg: Alibaba Group Holding Ltd. conceded it was slow to report a major vulnerability in widely used software because it was unaware of its severity, a day after China’s tech industry overseer suspended cooperation on cybersecurity with the online retail giant.

      Read more...

      Know Your Breach: Sennheiser

      The Target: Sennheiser, an audio equipment manufacturer.

      The Take: Exposure of Personally Identifiable Information of 28,000 customers including: full names, email address, phone numbers, names of client companies and their employees.

      The Vector: An unsecured public facing Amazon S3 storage server was left open on the internet, meaning anyone who navigated to the address would able to view the information in full.

      It is critical to employ robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data security.

      Read more...

      RSA Cybersecurity Conference Delayed Until June as Omicron Rages

      2021-12-22

      BNN Bloomberg: The RSA Conference, a major cybersecurity event that takes place annually in San Fransisco, is being delayed until June due to an increase in Covid-19 cases. The event was originally scheduled to take place in February. 

      Read more...

      We’re starting to see a national response to ransomware, says Mandiant CEO

      2021-12-21

      CNBC: As the recent Log4j breach demonstrates, U.S. businesses and government organizations have been taking a pounding from cybercriminals. It’s coming in the form of ransomware, data breaches, distributed denial-of-service (DDoS), and other damaging attacks.

      Read more...

      Wipro to Acquire Edgile to Strengthen its Leadership in Strategic Cybersecurity Services

      2021-12-20

      Yahoo Finance: Wipro Limited, a leading global information technology, consulting and business process services company, today announced it has signed an agreement to acquire Austin, Texas headquartered Edgile, a transformational cybersecurity consulting provider that focuses on risk and compliance, information and cloud security, and digital identity.

      Read more...

      Cybersecurity Firm ZeroFox to Go Public Via $1.4 Bln Blank-check Deal

      2021-12-20

      Financial Post: Cybersecurity company ZeroFox said it will buy digital privacy protection platform IDX and go public through a merger with blank-check firm L&F Acquisition Corp, in a deal that values the combined entity at $1.4 billion.

      Read more...

      SEC Charges Five Russians in $80 Million Hacking and Trading Scheme

      2021-12-20

      SEC: The Securities and Exchange Commission today announced fraud charges against five Russian nationals for engaging in a multi-year scheme to profit from stolen corporate earnings announcements obtained by hacking into the systems of two U.S.-based filing agent companies before the announcements were made public.

      Read more...

      Cybersecurity Company Identifies mMonths-long Attack On US federal Commission

      2021-12-20

      ZDNet: The United States Commission on International Religious Freedom (USCIRF) has been hit with a cyberattack, according to cybersecurity firm Avast

      Read more...

      Know Your Breach: Gumtree

      The Target: Gumtree, a U.K based online retailer of used goods.

      The Take: Exposure of potentially 1.7 million records of Personally Identifiable Information including: full name and physical location (postal code or coordinates).

      The Vector: A software vulnerability allowed threat actors to view user’s physical locations by simply pressing F12 to view the Developer Tools and inspect the website’s source code, a feature present in every modern internet browser. In addition, one of its APIs exposed usernames, allowing them to be read without any authentication. 

      This breach highlights the importance of rigorous software testing and the deployment of authentication methods wherever user data is being handled. Ensuring that whenever a firm’s website is transmitting user data it is using protective and confidential methods, such as securing source code and employing proper authentication, will help firms meet cyber industry standards which are critical for a company’s overall posture.

      Read more...

      The Healthcare Cybersecurity Market Was Valued At USD 9.52 Billion In 2020 and Is Expected to Reach USD 24.1 Billion by 2026

      2021-12-16

      Global Newswire: The Healthcare sector is experiencing a paradigm shift due to many factors. New models of care are evolving, the focus is shifting from illness to wellness, and costs continue to climb amid growing demand for personalized, long-term care and the need for patients to participate in care management.

      Read more...

      Trudeau Tasks Cabinet with New Cybersecurity Plan Amid Growing Attacks, Spying

      2021-12-16

      Global News: Prime Minister Justin Trudeau has tasked a committee of senior cabinet ministers to develop a new national cybersecurity plan amid increasingly public warnings from the country’s intelligence community about online threats.

      Read more...

      FINRA, FCA Warn Firms of Cybersecurity Threat

      2021-12-15

      Advisor's Edge: egulators in the U.S. and U.K. are warning the financial industry about a cybersecurity vulnerability that has been uncovered with open-source software widely used in enterprise applications and cloud services.

      Read more...

      After Theft of $77.7 Million, Victim AscendEX to Reimburse Customers

      2021-12-15

      ZDNet: Crypto platform AscendEX has pledged to reimburse their customers, who lost a total of $77.7 million in a hack on December 11.

      Read more...

      Ransomware Hits HR Solutions Provider Kronos, Locking Customers Out of Vital Services

      2021-12-14

      Help Net Security: The end of the year chaos caused by the revelation of the Log4Shell vulnerability has, for some organizations, been augmented by a ransomware attack on Ultimate Kronos Group (UKG), one of the biggest HR and workforce management solutions providers in the US.

      Read more...

      Cybersecurity Startup Guardio, Now with 1M Users of Its Browser Extension, Raises Its First Funding: $47M Led by Tiger Global

      2021-12-14

      Yahoo Finance: Some say that antivirus software that you install on your PC may have run its course when it comes to the next generation of computing in the cloud. Today a startup that has built what it believes comes next is making some news with a large funding round, its first outside money.

      Read more...

      New Cyber Vulnerability Poses 'Severe Risk,' DHS Says

      2021-12-12

      ABC News: The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent statement about a new cyber vulnerability that could touch a wide swath of the internet.

      Read more...

      Know Your Breach: RATP

      The Target: Régie Autonome des Transports Parisiens

      The Take: Exposure of 3 million records of Personally Identifiable Information belonging to 60,000 employees including: full names, email addresses, source code and APIs, logins for their RATP accounts, hashed passwords, and more critically, access to the firm’s Github account where attackers could access ongoing projects.

      The Vector: The data was left open and accessible to public on an unsecured SQL database backup server, allowing anyone with internet access to connect and view the sensitive information.

      It is critical to employ robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data exposure. This breach highlights the multiplicative effects of these cascading pivot attacks which is why it’s important to lock down every point of access in an IT system.

      Read more...

      Exclusive-IMF, 10 Countries Simulate Cyberattack On Global Financial System

      2021-12-09

      U.S. News: Israel led a 10-country simulation of a major cyberattack on the global financial system in an attempt to increase cooperation that could help to minimise any potential damage to financial markets and banks.

      Read more...

      Cybersecurity Can Pose A Risk In More Than One Way for Financial Advisors

      2021-12-08

      CNBC: Financial advisors may want to view cybersecurity as a critical issue on more than one level.

      Read more...

      Hummingbird Lands $30M to Bring Design Thinking to Anti-money Laundering Investigations

      2021-12-07

      Yahoo News: Hummingbird, which sells anti-money laundering software to banks and fintechs, announced today that it raised a $30 million Series B led by new investor Battery Ventures. Existing investors Flourish and Homebrew also participated in the round, alongside FinVC and Plaid co-founder William Hockey.

      Read more...

      Biden’s Cyber Leaders Go to Silicon Valley for More Help Fighting Hackers

      2021-12-07

      Politico: Senior Biden administration officials met in Silicon Valley on Monday with key technology and cybersecurity companies as part of a push for more help from the private sector in fending off increasingly aggressive hackers working for adversarial regimes and criminal gangs.

      Read more...

      The Cyberdemic Will Continue, According to the 2022 Experian Data Breach Industry Forecast

      2021-12-06

      Business Wire: In the Experian ninth annual Data Breach Industry Forecast, five predictions for 2022 underscore the ongoing impact of the pandemic on cybersecurity. Cybercriminals will continue to exploit vulnerabilities within remote working and the vaccine ecosystem, but also set their sights on new targets such as online gambling.

      Read more...

      U.S. Bank Regulator Urges Vigilance As Ransomware Attacks On the Rise

      2021-12-06

      U.S. News: A top U.S. banking regulator is cautioning firms to ensure they have robust policies to protect themselves from cyberattacks, saying it is seeing an uptick in ransomware attacks, it said in a report issued.

      Read more...

      BitMart Says It Will Compensate Victims of $196 Million Hack and Restore Trading

      2021-12-06

      CNBC: Crypto trading platform Bitmart says it will use its own money to reimburse victims of a large-scale security breach, in which hackers took as much as $196 million.

      Read more...

      Know Your Breach: Huntington Hospital

      The Target: Huntington Hospital, a New York based medical center.

      The Take: Exposure of 13,000 records of Personally Identifiable Information including: name, date-of-birth, phone number, addresses, internal account number, medical record number, diagnoses, and other treatment information.

      The Vector: An employee improperly accessed this information without clearance and was not prevented from viewing this data based upon their level of access and role within the firm, exposing the data.

      This breach highlights the important concept of Least-Privilege when it comes to system access and authorization. Employees should only have access to the minimum amount of information and privileges they need to do their role. Ensuring this process is applied at all levels of access across a firm is a key component to maintaining a robust Cybersecurity posture.

      Read more...

      Governor General's Office Says Internal Network Breached

      2021-12-02

      CTV News: The Office of the Secretary to Gov. Gen. Mary Simon says that there’s been an ‘unauthorized access to its internal network,’ with the scope of the breach still under investigation.

      Read more...

      Understanding Cybersecurity Management for FinTech: Cybersecurity Vulnerabilities and Risk In FinTech

      2021-12-01

      IT World Canada: FinTech revolves around technologies such as cloud, blockchain, AI, and mobile devices that are used for financial transaction payments, cryptocurrencies, money transfers, trading, and regulatory compliance.

      Read more...

      Control Failures Are Behind A Growing Number of Cybersecurity Incidents

      2021-12-01

      Help Net Security: Data from a survey of 1,200 enterprise security leaders reveals that an increase in tools and manual reporting combined with control failures are contributing to the success of threats such as ransomware, which costs organizations an average of $1.85 million in recovery, according to Panaseer.

      Read more...

      Russian Man Sentenced for Providing ‘Bulletproof Hosting’ for Cybercriminals

      2021-12-01

      The Unites States Department of Justice: A Russian man was sentenced today for providing “bulletproof hosting” services, which were used by cybercriminals between 2009 to 2015 to distribute malware and attack financial institutions and victims throughout the United States.

      Read more...

      Data Breach Costs Increase By $1 Million When Remote Workers Are Involved

      2021-11-30

      KnowBe4: You already knew remote workers increase the risk of cyberattack. New data spells out exactly what the impact of a remote workforce is on data breaches and the cost to remediate.

      Read more...

      Clearlake Capital Bulks Up Software Portfolio with Quest Deal

      2021-11-29

      Financial Post: Clearlake Capital Group said it would buy Quest Software from Francisco Partners, as the investment firm seeks to tap into the pandemic-spurred surge in demand for enterprise software and cybersecurity tools.

      Read more...

      40% of Global Investment In Cyber Comes to Israel – Ex-Cyber Czar

      2021-11-28

      The Jerusalem Post: Forty percent of all private financial input into cyber technology and companies is invested in Israel, a new book co-written by founder of the Israel’s National Cyber Directorate has revealed.

      Read more...