learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: Klaviyo

      The Target: Klaviyo, an email marketing firm.

      The Take: Exposure of client’s Personally Identifiable Information including: names, addresses, emails, phone numbers, and two internal customer lead lists.

      The Vector: The attacker penetrated Klaviyo’s internal systems by tricking an employee to give up their company credentials through a phishing attack, allowing the threat actor to access systems with all the privileges of the stolen login.

      This breach highlights critical need for employee training to protect a firm against phishing attacks. By using the exposed credentials, the attackers were able to act with all the same permissions as the affected employee. The human component of cybersecurity is a very real and important piece of the overall picture of cybersecurity posture.

      Read more...

      Return-To-The-Office Mandates Will Require Cybersecurity Adjustments For Advisors

      2022-08-11

      Financial Advisor: When Elon Musk announced Tesla employees would be required to spend at least 40 hours per week in the company office, the world’s richest man raised eyebrows for overlooking employee needs and preferences.

      Read more...

      New Cross-Industry Group Launches Open Cybersecurity Framework

      2022-08-11

      Dark Reading: Amazon Web Services (AWS) and Splunk are leading an industry effort of 18 systems and security vendors to standardize how different monitoring systems share security alerts. The goal is to deliver a simplified and vendor-agnostic taxonomy to help security teams ingest and analyze security data faster.

      Read more...

      Cisco Hit by Cyberattack From Hacker Linked to Lapsus$ Gang

      2022-08-10

      BNN Bloomberg: Cisco Systems Inc. said it was the victim of a cyberattack in which a hacker repeatedly attempted to gain access to the Silicon Valley firm’s corporate network. 

      Read more...

      Introducing FINRA's Complex Investigations and Intelligence Team and Cyber and Analytics Unit

      2022-08-09

      FINRA: The new Complex Investigations and Intelligence (CII) team and Cyber and Analytics Unit (CAU) are driving a shift in terms of how Member Supervision’s National Cause and Financial Crimes Detection Program comes at its work and leverages intelligence and analytics to drive decision making and operations.

      Read more...

      How to Build an Organizational Culture That is 'Cybersecurity Ready'

      2022-08-09

      World Economic Forum: Cyber risk is one of the main challenges that organizations face today. The World Economic Forum's Global Risks Report 2022 highlights how cyber threats have intensified through digital transformation and growing digital dependency.

      Read more...

      Booster Hack Victims Warned They Could be Target for Scammers

      2022-08-09

      Stuff: KiwiSaver and pension fund manager Booster is warning 7566 of its savers to be on alert for scam callers and phishing emails after a massive data breach.

      Read more...

      Inflation, Cybersecurity Key Concerns for UAE Investors

      2022-08-08

      Zawya: Inflation, cybersecurity and risk of a potential recession are key concerns for UAE investors, with as many as 45% of them holding off on big purchases and 72% concerned about the long-term impact on retirement savings, a report said.

      Read more...

      Know Your Breach: Wiseasy

      The Target: Wiseasy, an Android based digital payments company.

      The Take: Exposure of payment information, system admin credentials, plain-text passwords for WiFi networks the app was connected to, and client personal information including: names, phone numbers, email addresses.

      The Vector: Compromised employee credentials were sold on the dark web, allowing the attackers to login and act as legitimate users to make configuration changes and view sensitive information.

      As Wiseasy had no multi-factor authentication set up on employee accounts, the exposed credentials let attackers fully access their internal systems and perform actions with every permission the breached accounts had access to. This security lapse is a stark reminder of the importance of having proper multi-factor authentication enforced on any and all accounts that have access to critical internal services.

      Read more...

      Here’s How to Disclose Cybersecurity Risk, According to Investors

      2022-08-04

      Tech Monitor: The way listed companies report on cybersecurity risk is not meeting the needs of investors, according to a new report from the UK’s Financial Reporting Council. Limited or ‘boilerplate’ disclosures are an indication that a company does not take cybersecurity seriously enough, investors told the Council.

      Read more...

      To Make US more Cyber-resilient, Government and Business Need Far Greater Collaboration

      2022-08-04

      The Hill: Cybercrime is now so ubiquitous that the question is not when an attack will occur on a business, individual, or government — It’s whetherthe victim is resilient enough to deal with the consequences.

      Read more...

      Tory Leadership Contest Ballot Papers Delayed Over Security Fears

      2022-08-04

      BBC: The party said it had changed its plans for the contest, which will decide the next prime minister, after consulting with security agency GCHQ.

      Read more...

      UK Provisionally Approves $8.1B NortonLifeLock-Avast Merger, Citing Competition from Microsoft

      2022-08-03

      Tech Crunch: The U.K.’s Competition and Markets Authority (CMA) has provisionally greenlighted the proposed $8.1 billion merger of cybersecurity companies NortonLifeLock and Avast, with Microsoft emerging as an unlikely ally as the two companies seek to push the deal over the line.

      Read more...

      Solana Wallets Targeted in Latest Multimillion-Dollar Hack

      2022-08-02

      Coin Desk: The Solana ecosystem appears to be the victim of crypto’s latest exploit, with users reporting their funds have been drained without their knowledge from major internet-connected “hot” wallets including Phantom, Slope and TrustWallet.

      Read more...

      State of Cybersecurity Funding in the First Half of 2022

      2022-08-02

      Help Net Security: As the stock market dropped more than 20% in 2022 and prices rise at the pump and grocery store, there are some markets that have shown their ability to weather the storm and retain strong demand and growth even amongst broader market turmoil. One example of this: the cybersecurity market

      Read more...

      NYDFS Proposes Significant Changes to Its Cybersecurity Rules

      2022-08-01

      Debevoise & Plimpton: On July 29, 2022, the New York Department of Financial Services (“NYDFS”) released Draft Amendments to its Part 500 Cybersecurity Rules, which include a mandatory 24-hour notification for cyber ransom payments, annual independent cybersecurity audits for larger entities, increased expectations for board expertise, and tough new restrictions on privileged accounts.

      Read more...