shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: Prisma Finance

      The Target: Prisma Finance, a popular decentralized finance (DeFi) platform.

      The Take: The Munchables blockchain-based game said it was attacked, and several security firms said about $62 million worth of cryptocurrency was stolen from the game. That incident was followed by another when a hacker stole about $11.6 million from Prisma Finance.

      The Vector: The theft occurred as a result of a flash loan attack. Flash loan attacks involve hackers borrowing funds that do not require collateral, buying a significant amount of a cryptocurrency to artificially raise its price and then offloading the coins. The loan is paid back and the borrower keeps any profit. The report said that once the first person had exploited the vulnerability in the platform, two others copied the same method.

      This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

      Read more...

      Cisco Debuts New AI-Focused Security System After $28 Billion Deal To Buy Splunk

      2024-04-18

      CNBC: Enterprise technology titan Cisco Systems unveiled a new security architecture product aimed at securing data centers, clouds, and other IT environments with the help of AI.

      Read more...

      Cyber Startup Armis Makes Second Acquisition in Two Months

      2024-04-17

      BNN Bloomberg: Armis, the multibillion-dollar cybersecurity startup that has been positioning itself for a public listing, has bought the platform Silk Security for $150 million, marking its second acquisition in a matter of months.

      Read more...

      73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert

      2024-04-17

      Yahoo Finance: Coro, the leading cybersecurity platform for small and medium-sized enterprises (SMEs), announced the results of its 2024 SME Security Workload Impact Report, revealing that cybersecurity professionals are overwhelmed by the complexity and demands of managing multiple tools in their security stack.

      Read more...

      Evolution Equity Partners Raises $1.1 Billion For New Cybersecurity and AI Fund

      2024-04-16

      TechCrunch: Cybersecurity has had a rough go of it lately, with investment in the sector dropping a precipitous 40% compared to the year prior. But there are promising early, even preliminary, signs of a recovery.

      Read more...

      Cybersecurity Funding Shows Resilience In Q1

      2024-04-16

      Crunchbase: Venture funding overall was still sluggish, but cybersecurity startups saw some love from investors in the first quarter of 2024. To be sure, this is not the salad days of 2021 — cybersecurity funding was still down year to year — but the sector saw its best funding quarter in three quarters.

      Read more...

      US Supreme Court Ruling Suggests Change In Cybersecurity Disclosure Process

      2024-04-16

      CSO Online: The United States Supreme Court unanimous ruling on an SEC disclosure case on Friday could have direct consequences on how security executives report cybersecurity incidents. 

      Read more...

      Vote on EU Cybersecurity Label Delayed to May, Sources Say

      2024-04-16

      Yahoo Finance: National cybersecurity experts have shelved a vote on a draft EU cybersecurity label allowing Amazon, Alphabet's Google and Microsoft to bid for highly sensitive EU cloud computing contracts to May, people familiar with the matter said.

      Read more...

      Know Your Breach: PandaBuy

      The Target: The PandaBuy online shopping platform.

      The Take: The data contained approximately 1.5 million unique UserIds, First Name, Last Name, Phone Numbers, Emails, and Login IPs.

      The Vector: "The data was stolen by exploiting several critical vulnerabilities in the platform's API and other bugs were identified allowing access to the internal service of the website," the threat actor said.

      This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

      Read more...

      UK's Darktrace Raises Annual Forecasts For Third Time This Year

      2024-04-11

      Yahoo Finance: Darktrace raised its annual revenue and margin forecasts for the third time this year after the British cybersecurity company's third-quarter revenue jumped nearly 27%.

      Read more...

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates