shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: Zendesk

      The Target: Zendesk, a customer solutions service provider.

      The Take: Access to an internal logging database which may have contained service data belonging to Zendesk and its customers.

      The Vector: An employee’s credentials were compromised though an SMS phishing attack which led to the employees handing over their login credentials to the attackers.

      This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. Regular social engineering and phishing awareness training are effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.

      Read more...

      UK: Cybersecurity - Private Equity Firms Sharpen Their Focus

      2023-01-25

      Mondaq: Cybersecurity has become an increasingly regulated area of risk for many businesses in the digital world. As technology has advanced and cyber-attacks have become more sophisticated, the measures needed to protect business' data from breaches become more extensive too. This is mirrored by an increased regulatory environment where sanctions are implemented more strictly and conservatively by regulators.

      Read more...

      Zacks Investment Research Data Breach Affects 820,000 Clients

      2023-01-25

      Bleeping Computer: Zacks discovered the at the end of last year that some customer records had been accessed without authorization. An internal investigation into the incident determined that a threat actor gained access to the network somewhere between November 2021 and August 2022.

      Read more...

      German Cybersecurity Officials Looking Into 'Attacks' On Websites

      2023-01-25

      Sky News: The attacks - known as distributed denial-of-service (DDoS) - work by directing high volumes of internet traffic towards targeted servers in a bid by so-called hacktivists to knock them offline.

      Read more...

      North Korea-linked Hackers Behind $100 Million Crypto Heist, FBI Says

      2023-01-24

      CNBC: North Korean-linked actors were behind the theft of $100 million through the hack of a crypto product last year, the Federal Bureau of Investigation said.

      Read more...

      LastPass Owner GoTo Says Hackers Stole Customers’ Backups

      2023-01-24

      TechCrunch: LastPass’ parent company GoTo — formerly LogMeIn — has confirmed that cybercriminals stole customers’ encrypted backups during a recent breach of its systems.

      Read more...

      Abacus Group Expands PE Cybersecurity Offering

      2023-01-23

      Private Equity Wire: Abacus Group, a provider of hosted IT services and solutions to alternative investment firms, has acquired two boutique cybersecurity consulting companies, Gotham Security and its parent company, GoVanguard, which will now be known as Gotham Security, and will operate as an independent subsidiary of Abacus Group. 

      Read more...

      Cybersecurity Worries Around Hybrid Working Drop, but Many IT Leaders Still Concerned Over Cyber-Skills Gap

      2023-01-23

      DarkReading: Leading global intelligence and cyber security consultancy S-RM has today revealed in its Cyber Security Insights Report that there has been a drop in concern around the cyber security threats posed by hybrid working. However, a significant proportion (35%) of IT leaders say they are concerned over a cyber skills gap among employees. 

      Read more...

      Know Your Breach: Myrocket

      The Target: Myrocket, a Human Resources recruitment company based in India.

      The Take: Exposure of 200,000 employees and 9 million candidate records of Personally Identifiable Information including: names, taxpayer information, personal identification numbers, emails, phone numbers, bank details, dates of birth, salaries, payslips, employees roles, and more.

      The Vector: A misconfigured data server was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data.

      This breach is critical reminder that authentication controls are an important piece in an overall robust cybersecurity posture. This data is perfect for constructing highly effecting spear-phishing campaigns. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.

      Read more...

      Fewer Companies Are Paying Ransoms to Hackers, Researchers Say

      2023-01-19

      BNN Bloomberg: In findings published, the blockchain forensics firm estimated that ransom payments — which are almost always paid in cryptocurrency — fell to $456.8 million in 2022 from $765.6 million in 2021, a 40% drop.

      Read more...

      PayPal Accounts Breached in Large-scale Credential Stuffing Attack

      2023-01-19

      Bleeping Computer: PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data. Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites.

      Read more...

      Cole-Frieman & Mallon Launches First Cybersecurity Law Practice for Asset Managers With Eye to SEC’s Proposed Rules

      2023-01-18

      BusinessWire: With the Securities & Exchange Commission proposing tighter cybersecurity requirements for hedge funds and other asset managers, Cole-Frieman & Mallon LLP, one of the nation’s leading boutique law firms serving the investment management industry, has launched a first-of-its-kind cybersecurity law practice.

      Read more...

      A New Era Is Dawning in Cybersecurity, but Only the Best Algorithms Will Win

      2023-01-17

      DarkReading: In the wake of increasing concern about threat actors using open source AI tools like ChatGPT to launch sophisticated cyberattacks at scale, it's time for us to reconsider how AI is being leveraged on the defensive side to fend off these threats.

      Read more...

      North Korean Hacking Group Tied to $100M Harmony Hack Moves 41,000 Ether Over Weekend

      2023-01-17

      CoinDesk: “North Korea’s Lazarus Group had a very busy weekend, moving $63.5 million (~41,000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges,” ZachXBT alerted on Twitter.

      Read more...

      Nordic States to Develop Common Cybersecurity Strategy

      2023-01-17

      Yahoo News: The multinational agreement to develop the strategy followed a meeting of the Nordic Council’s executive committee in December. The council functions as the official organization for formal interparliamentary cooperation between the Nordic states. Formed in 1952, it includes Denmark, Finland, Iceland, Norway, Sweden, the Faroe Islands, Greenland and the Åland Islands.

      Read more...

      Allianz Risk Barometer 2023: Cyber and Business Interruption Top Threats as Economic and Energy Risks Rise

      2023-01-17

      Business Wire: It is both stability and change in the Allianz Risk Barometer 2023Cyber incidents and Business interruption rank as the biggest company concerns for the second year in succession (both with 34% of all responses). However, it is Macroeconomic developments such as inflation, financial market volatility and a looming recession (up from #10 to #3 year-on-year), as well as the impact of the Energy crisis (a new entry at #4) which are the top risers in this year’s list of global business risks, as the economic and political consequences of the world in the aftermath of Covid-19 and the Ukraine war take hold.

      Read more...

      Know Your Breach: CAF

      The Target: CAF, the French Social Security agency

      The Take: 10,000 records of Personally Identifiable Information exposed including: physical address, date of birth, household composition and income, amounts and benefits received.

      The Vector: An unencrypted and unprotected file containing the above information was sent to a third-party service provider, who then posted the file to their website which was publicly accessible to anyone.

      This breach is a reminder of how critical authentication controls are on sensitive data to maintain an overall robust cybersecurity posture, and more critically, ensuring these controls are in place when communicating and sending data to third-party vendors. The information stolen in this attack could lead to highly targeted phishing campaigns against the victims. Regular vendor assessments are also a key component in cybersecurity.

      Read more...

      Carlyle Leads $55m Series B Round in Cybersecurity Platform

      2023-01-11

      Private Equity Wire: Global investment firm Carlyle has led a $55m Series B investment round in Hack The Box, a cybersecurity upskilling and talent assessment platform, with a global community of more than 1.7 million members and a portfolio of more than 1,500 enterprise, government and university customers. 

      Read more...

      New Dark Pink APT Group Targets Govt and Military with Custom Malware

      2023-01-11

      Bleeping Computer: Attacks targeting government agencies and military bodies in multiple countries in the APAC region have been attributed to what appears to be a new advanced threat actor that leverages custom malware to steal confidential information.

      Read more...

      Cyber Security to Become a Crucial Part of Sustainability Endeavors for Companies Globally: Astra ESG Solutions

      2023-01-10

      Cision: An uptake in high-profile data breaches and the exponential rise in digitization have redefined the dynamics in the cybersecurity industry. Stakeholders have become cagey towards data management practices and cybersecurity vulnerabilities.

      Read more...

      Mendicino Open to Working with MPs to ‘Improve’ Much-Criticized Cybersecurity Bill

      2023-01-10

      Toronto Star: The federal public safety minister says he is prepared to work with other parliamentarians to revise the Liberal government’s cybersecurity bill after civil society groups and opposition MPs raised transparency and accountability concerns.

      Read more...

      Hackers Hit Websites of Danish Central Bank, Other Banks

      2023-01-10

      Reuters: Hackers have disrupted access to the websites of Denmark's central bank and seven private banks in the country this week, according to the central bank and an IT firm that serves the industry.

      Read more...

      Attackers Are Already Exploiting ChatGPT to Write Malicious Code

      2023-01-09

      Dark Reading: Since OpenAI released ChatGPT in late November, many security experts have predicted it would only be a matter of time before cybercriminals began using the AI chatbot for writing malware and enabling other nefarious activities. Just weeks later, it looks like that time is already here.

      Read more...

      Iowa’s Largest City Cancels Classes Due to Cyber Attack

      2023-01-09

      The Star: Des Moines Public Schools announced that classes would be cancelled for its 33,000 students after being “alerted to a cyber security incident on its technology network.“

      Read more...

      Know Your Breach: Twitter

      The Target: Twitter, a U.S based social media platform.

      The Take: Exposure of 235 Million records of Personally Identifiable Information including: email addresses, usernames, and phone numbers.

      The Vector: A zero-day exploit was used which allowed the attacker to scrape Twitter user profiles for the stolen information. This vulnerability circumvented Twitter’s privacy option which should prevent searching am account by it’s associated phone number/email.

      This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected.

      Read more...

      Bluebottle Hackers Used Signed Windows Driver in Attacks on Banks

      2023-01-05

      Bleeping Computer: A signed Windows driver has been used in attacks on banks in French-speaking countries, likely from a threat actor that stole more than $11 million from various banks.

      Read more...

      CaixaBank Forms International Consortium for Cybersecurity Research

      2023-01-05

      IBS Intelligence: Working with 11 international entities, CaixaBank has formed a European research consortium to explore ways to improve cybersecurity by leveraging artificial intelligence (AI) and big data. The project, AI4CYBER, is part of the Horizon Europe programme and is funded by the European Union.

      Read more...

      RFA Enhances Hedge and PE Fund Cyber Security Offering

      2023-01-04

      Hedge Week: RFA, a specialist IT provider to the alternative investment sector, has enhanced its cyber security offering for hedge and private equity funds with the addition of external surface attack management and dark web breach and exposure monitoring solutions.

      Read more...

      Twitter Whistleblower ‘Mudge’ Joins Cybersecurity Firm Rapid7

      2023-01-04

      BNN Bloomberg: Peiter Zatko, the prominent computer security expert who blew the whistle last year on alleged security problems at Twitter Inc., is joining the cybersecurity firm Rapid7 Inc., the company said.

      Read more...

      Rackspace Confirms Play Ransomware Was Behind Recent Cyberattack

      2023-01-04

      Bleeping Computer: Texas-based cloud computing provider Rackspace has confirmed that the Play ransomware operation was behind a recent cyberattack that took down the company's hosted Microsoft Exchange environments.

      Read more...

      Preventing Data Breaches: The Role of Threat Intelligence Platforms and Cybersecurity Strategies

      2023-01-03

      Forbes: Threat intelligence platforms are becoming increasingly important for both government agencies and businesses in today's digital landscape. The growing threat of ransomware attacks and other malicious activities from threat actors has highlighted the need for organizations to have a comprehensive and effective way to monitor, analyze and respond to potential threats.

      Read more...

      A Few Cybersecurity Stocks Soared in 2022, But Most Stumbled

      2023-01-03

      Bank Info Security: After two sensational years in the public markets during the height of the COVID-19 pandemic, 2022 was a rude awakening for the cybersecurity industry.

      Read more...

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates