The Target: Software bug-tracking company Rollbar
The Take: Sensitive customer information, including usernames and email addresses, account names, and project information, such as environment names and service link configuration.
The Vector: The security breach was discovered by Rollbar on September 6 when reviewing data warehouse logs showing that a service account was used to log into the cloud-based bug monitoring platform. Once inside Rollbar's systems, the threat actors searched the company's data for cloud credentials and Bitcoin wallets.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.
CNBC: Cisco is acquiring cybersecurity software company Splunk for $157 per share in a cash deal worth about $28 billion, the company said in its largest acquisition ever.
PR Newswire: Evolution Equity Partners, a leading cybersecurity-focused venture capital firm, is pleased to announce its partnership with Women Who Code, a global nonprofit organization dedicated to empowering diverse women to excel in technology careers.
TechCrunch: HiddenLayer, a security startup focused on protecting AI systems from adversarial attacks, announced that it raised $50 million in a funding round co-led by M12 and Moore Strategic Ventures with participation from Booz Allen Hamilton, IBM, Capital One and TenEleven.
BNN Bloomberg: The Department of Homeland Security wants Congress and other federal agencies to help it streamline 52 different cyber reporting requirements to protect critical infrastructure and ease regulatory burdens on hacking victims.
Cybersecurity Dive: The Securities and Exchange Commission introduced new requirements for disclosing material cybersecurity incidents on Sept. 5, placing pressure on organizations to adopt robust reporting mechanisms.
Forbes: Recently, research firm Cybersecurity Ventures shared its “Top 10 Cybersecurity Predictions And Statistics For 2023,” which unveiled the alarming fact that global cybercrime financial damage will reach $8 trillion in 2023 and $10.5 trillion by 2025.
Cointelegraph: Bankrupt cryptocurrency exchange FTX has restored its customer claims portal with tighter security protocols, which was previously shut down due to a cyberattack.
The Target: The European aerospace giant Airbus
The Take: The hacker claimed to have details on thousands of Airbus vendors, including names, addresses, phone numbers and emails.
The Vector: Hackers breached an “IT account associated with an Airbus customer” and the company then investigated the incident. This account was used to download business documents dedicated to this customer from an Airbus web portal, the company said.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
Crunchbase: Israel has long taken pride in its blossoming tech startup scene, which has birthed large companies such as Check Point Software, CyberArk and Imperva, and trails only the U.S. in terms of cybersecurity funding.