.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Toyota Italy, one of the world’s largest vehicle manufacturers.
The Take: Exposure of Personally Identifiable Information belonging to Toyota’s clients including: phone numbers and email addresses.
The Vector: Unsecured and exposed marketing tools, namely APIs for Salesforce and Mapbox, were able to be accessed publicly on Toyota Italy’s website. This allowed attackers to access employee credentials to the third-party platforms and exfiltrate client data.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. In particular, the information exposed here is perfect for crafting highly believable phishing campaigns as it would allow push notifications. Access monitoring and testing for every public-facing webpage is a key strategy to mitigate these kinds of breaches to protect a firm’s customer base.
Fox Business: While tech firms are firing, the cybersecurity segment is hiring. Technology firms have shed more than 300,000 jobs in the past two years with more on the way. Electronic Arts announced a restructuring plan that includes a 6% workforce reduction to prioritize "growth opportunities."
DarkReading: Financial activity in the cybersecurity industry declined sharply in the first quarter of 2023 compared to the same period in 2022, and analysts tracking the sector expect little improvement until at least the second half of the year.
McKinsey & Company: Private equity (PE) investments in software—500-plus deals of more than $100 billion in value last year—have outperformed other investments made by the asset class for upward of a decade.
GlobeNewswire: In 2021, according to Eurostat, the expanding penetration of internet users, 95% of young people (aged 16-29 years) in the European region, and the adoption of cloud-based services and Advanced Persistent Threats (APTs) presented an extensive chance for cyber vendors in the European cyber security market size.
Yahoo Finance: DigitalOcean Holdings, Inc., the cloud for startups and small-to-medium-sized businesses (SMBs), today announced the findings of a recent report on how SMBs feel about and are responding to cybersecurity threats.
BNN Bloomberg: Australia’s financial institutions must improve their resilience to cyberattacks, the head of the nation’s banking regulator said.
The Guardian: Latitude Financial has revealed that 14m customer records – including driver’s licence numbers, passport numbers and financial statements – were stolen from its system in a cyber-attack that was far worse than the company initially reported.
The Target: Lionsgate Play, a U.S based video-streaming platform.
The Take: Exposure of 30 Million records of User Data including: IP addresses, operating system, user search queries, and web browser information.
The Vector: A misconfigured Elasticsearch database was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data.
This shows how important authentication controls are, and even more critically, that they be purposefully and smartly deployed with security in mind. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.
Private Equity Wire: Arlington Capital Partners has launched Eqlipse Technologies, (Eqlipse) a new platform company formed from firms focused on full-spectrum cyber and signals intelligence engineering, digital operations and identity management, and research and development.
Information Week: Despite all the conversations about diversity initiatives and efforts in the past few years to get more women in STEM careers, it often seems the needle is moving slowly. Too often, these conversations are just that -- talking points that sound good but aren’t connected to action-oriented strategies.
BNN Bloomberg: Ransomware gangs didn’t come out with any big new innovations last year, but “what 2022 lacked in innovation it made up for in volume,” according to a report by a financial services group.
Global Newswire: FS-ISAC, the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, announced the findings of its annual Global Intelligence Office report, Navigating Cyber 2023.
Financial Post: A mere 9% of organizations in Canada have the ‘Mature’ level of readiness needed to be resilient against today’s modern cybersecurity risks, according to Cisco’s NASDAQ: CSCO first-ever Cybersecurity Readiness Index released.
Dark Reading: Companies continue to value cybersecurity skills, but many have moved their focus from hiring cybersecurity professionals to training up in-house staff on needed cybersecurity skills.
BNN Bloomberg: Coalition Inc., a cyber-insurance provider that tries to curb digital risk, has designed technology that simulates large-scale attacks to help insurers identify potential weaknesses in their portfolios and prevent widespread losses.
The Target: Latitude Financial, an Australian-based consumer finance service company.
The Take: Documents and records belonging to 328,000 customers including Personally Identifiable Information such as Driver’s License details which have name, addresses, and dates-of-birth.
The Vector: An employee’s credentials were compromised, allowing the attacker pivot access to two different third-party vendors which contained the customer data.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. Regular social engineering, phishing awareness training, and in this case, tightly enforced password and identity management are effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.
Cybersecurity Dive: The banking crisis and nagging suspicion that hardship will spread, even to companies not directly linked to the failed banks, could have an ancillary effect on the cybersecurity market.
SEC: The Securities and Exchange Commission proposed requirements for broker-dealers, clearing agencies, major security-based swap participants, the Municipal Securities Rulemaking Board, national securities associations, national securities exchanges, security-based swap data repositories, security-based swap dealers, and transfer agents (collectively, “Market Entities”) to address their cybersecurity risks.
Financial Post: The former chief executive of Bulletproof, a cybersecurity firm with headquarters in Fredericton, New Brunswick, points to the rash of cyberattacks against organizations around the world that have been hacked and whose IT systems have been held for ransom by online bandits, including the attack on the City of Saint John, just an hour down the road.
Bleeping Computer: The collapse of the Silicon Valley Bank (SVB) on March 10, 2023, has sent ripples of turbulence throughout the global financial system, but for hackers, scammers, and phishing campaigns, it's becoming an excellent opportunity.
BNN Bloomberg: Decentralized lending protocol Euler Finance was hit by an attack that drained $197 million in cryptocurrencies from its platform, making it the largest hack in its corner of the digital-assets market this year.
Dark Reading: The stunning collapse of Silicon Valley Bank (SVB) could put a damper on the ability of venture-backed cybersecurity startups to secure vital capital for operations and strategic investments.
The Target: Community Health Systems, a U.S based multi-state hospital chain.
The Take: Exposure of 1 million records of Personally Identifiable Information including: full names, medical billing and insurance information, diagnoses, medication, date-of-birth, and social security numbers.
The Vector: A zero-day exploit was used to breach a third-party vendor, Fortra, of CHS, targeting their file transfer software which let the attackers gain access to sets of files throughout the third-party vendor’s systems.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
GlobeNewswire: The cyber security market growth includes increased number of data breaches across the globe, rising digitalization, and increased sophisticated cyber intrusions. Cyber threats are anticipated to evolve with the increase in usage of devices with intelligent and IoT technologies.
The Guardian: The cybersecurity firm Darktrace has warned that since the release of ChatGPT it has seen an increase in criminals using artificial intelligence to create more sophisticated scams to con employees and hack into businesses.
Dark Reading: The Biden administration's plans to introduce minimum cybersecurity requirements for organizations in critical infrastructure sectors could face challenges in a divided Congress.
BNN Bloomberg: Shares in BlackBerry Ltd. were down more than 10 per cent in early trading after the company lowered its fourth-quarter and full-year revenue expectations for its cybersecurity business. The dip in share price comes as the company said some large deals that were expected to close in the quarter were not completed in time.
Mondaq: Cybersecurity risk applies to businesses of all sizes and across all industries - it is a risk that cannot be ignored. In particular, cybersecurity risk can no longer be ignored in the deal lifecycle. Time and again, investors have seen value evaporate after an acquisition target or new portfolio company is breached by a threat actor.
Axios: Health systems buffeted by labor and supply chain costs and broader economic woes have another unwieldy financial problem: the soaring costs of cyber insurance.
ABC News: German police said Monday they have disrupted a ransomware cybercrime gang tied to Russia that has been blackmailing large companies and institutions for years, raking in millions of euros.
The Target: Animker, an all-in-one video marketing online platform company.
The Take: Exposure of 700,000 records of Personally Identifiable Information including: full names, device types, postal codes, IP addresses, mobile phone numbers, email addresses, profile details, and physical addresses.
The Vector: A misconfigured database was left open and unsecured, and notably, on its default settings, meaning anyone with an internet connection could have viewed and downloaded the data using the server maker’s basic setup guide.
This shows how important authentication controls are, and even more critically, that they be purposefully and smartly deployed with security in mind. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.
U.S News: The White House announced a new cybersecurity strategy in the latest effort by the U.S. government to bolster its cyber defenses amid a steady increase in hacking and digital crimes targeting the country.
The Guardian: The US Marshals service fell victim to a ransomware security breach this month that compromised sensitive law enforcement information, a spokesperson said.
CFTC: Commodity Futures Trading Commission Chairman Rostin Behnam today announced that longtime federal prosecutor Ian McGinley will serve as the agency’s Director of Enforcement. Mr. McGinley’s arrival supports the Chairman’s continued focus on aggressively monitoring and policing commodity markets at a time of heightened stress and volatility, emerging digital threats to financial markets, including cryptocurrency frauds, cyber-enabled financial fraud, and cyberattacks.
Yahoo News: Cybersecurity firm CrowdStrike’s latest Global Threat Report showed that the number of attacks using malware has dropped in the last year, with hackers instead using “hands-on keyboard activity” to breach organisations.
Tech Crunch: Cybersecurity continues to be a major area for investment among businesses — and VCs. While a decline from the previous year, venture capital funding in the cybersecurity sector totaled $18.5 billion in 2022, according to Momentum Cyber.
BNN Bloomberg: A senior US cybersecurity official described adoption of some of Microsoft Corp. and Twitter Inc.’s security protocols as “disappointing” as part of a broadside against large technology companies’ approach to protecting user accounts.
U.S News: The Australian government on Monday said it planned to overhaul its cyber security rules and set up an agency to oversee government investment in the field and help coordinate responses to hacker attacks.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy