shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: SuperVPN

      The Target: SuperVPN, a popular free VPN service provider.

      The Take: Exposed database containing of 360,308,817 million records of wide-ranging sensitive information including: email addresses, original IP addresses, geolocation data, UUID numbers, operating systems, internet connection types, and VPN application versions.

      The Vector: A misconfigured database was left open and unsecured with no password, meaning anyone with an internet connection could have downloaded the data.

      This breach is a perfect example of a preventable cyber incident. Securing access to databases through rigorous password hygiene is an essential component of security. Furthermore, the data stolen in this attack can be used for crafting highly effective phishing attacks. Companies should take every measure necessary to secure customer data.

      Read more...

      Binance Aids US Law Enforcement in Seizing $4.4 Million Linked to North Korean Cybercrimes

      2023-05-25

      Blockchain News: Leading cryptocurrency exchange Binance has assisted US law enforcement in seizing $4.4 million and freezing accounts associated with North Korean organized crime. 

      Read more...

      New Veeam Research Finds 93% of Cyber Attacks Target Backup Storage to Force Ransom Payment

      2023-05-23

      Business Wire: Organizations of all sizes are increasingly falling victim to ransomware attacks and inadequately protecting against this rising cyberthreat.

      Read more...

      What Security Professionals Need to Know About Aggregate Cyber-Risk

      2023-05-23

      Dark Reading: Risk aggregation is not a new phenomenon. The insurance industry, for example, has long examined how shared assets and similarities between organizations in their books bundle potential risk. 

      Read more...

      Palo Alto Lifts Annual Forecasts on Resilient Cybersecurity Spending

      2023-05-23

      Yahoo Finance: Palo Alto Networks Inc. raised its annual forecasts for revenue and adjusted profit as enterprise customers shift to one-stop shops for their cybersecurity needs in a bid to reduce costs.

      Read more...

      16 Tips For Creating Effective Companywide Cybersecurity Initiatives

      2023-05-23

      Forbes: With ever-evolving attack strategies and a growing list of countries and states adding regulations, companies have no choice but to be more proactive about cybersecurity. 

      Read more...

      London AI Firm Bags $250m Injection Led By Qatari Sovereign Wealth Fund

      2023-05-23

      City AM: A London-based artificial intelligence firm has announced a $250m cash injection led by the Qatari sovereign wealth fund as investors rush to capitalise on a boom in AI technology.

      Read more...

      Cybersecurity Firms' Earnings Set to Benefit From Growing Threat of Hacks

      2023-05-22

      US News: Top U.S. cybersecurity companies are expected to report another quarter of strong growth as high-profile hacks and a shift in client preference for bigger players with better integrated offerings help support their businesses in a turbulent economy.

      Read more...

      Know Your Breach: Leverage EDU

      The Target: Leverage EDU, a software University Admission platform.

      The Take: Exposure of over 240,000 records of Personally Identifiable Information including: names, email addresses, passport scans, applications, bank statements and loan information.

      The Vector: A misconfigured database was left open and unsecured with no password, meaning anyone with an internet connection could have viewed and downloaded the trove of data.

      This shows how important authentication controls are and that they are purposefully and smartly deployed with security in mind. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.

      Read more...

      Compliance Managers Struggling to Manage Off-Channel Comms Risk

      2023-05-17

      Funds Tech: Despite the fact that the majority of financial firms have banned the use of social media platforms such as WhatsApp and WeChat, compliance officers are not convinced this will be effective in managing the risk of off-channel communications.

      Read more...

      Cybersecurity a Growing Concern for Investors

      2023-05-17

      Funds Tech: Recently published research has revealed that asset managers’ cybersecurity preparedness has become a key concern for institutional investors during the fundraising process.

      Read more...

      LexisNexis Risk Solutions Cybercrime Report Reveals 20% Annual Increase in Global Digital Attack Rate

      2023-05-17

      PR Newswire: LexisNexis® Risk Solutions today released the results of its annual Cybercrime Report, an analysis of data from 79.8 billion transactions processed through its LexisNexis® Digital Identity Network® throughout 2022.

      Read more...

      Cybersecurity Firm Huntress Raises a $60 million Series C After Doubling Revenue in 2021 and 2022

      2023-05-16

      Yahoo Finance: The rise in cyberattacks is bad news for business—but it has been good news for Huntress, a company that helps small and medium-sized businesses protect themselves against cyberattacks, and just raised its biggest round ever.

      Read more...

      Survey Reveals 71% of Asset Managers Dealt With Institutional Investor Concerns Around Cybersecurity in 2022

      2023-05-16

      Institutional Asset Manager: In a recent Crestbridge Alternative Managers’ Mood Index (CAMMI) survey, results highlighted the growing concern of investors in cybersecurity during the fundraising due diligence process in the fund management industry.

      Read more... 

      Customer Sues Equity Bank for Data Breach Dispute

      2023-05-15

      Business Daily: An Equity Bank customer has sued the lender for breach of data privacy after his confidential banking information was allegedly shared with a third party.

      Read more...

      Know Your Breach: NextGen Healthcare

      The Target: NextGen Healthcare, a U.S based maker of electronic records software and management services.

      The Take: Exposure of 1 Million records of Personally Identifiable Information including: names, addresses, dates of birth, and social security numbers.

      The Vector: An employee’s credentials were compromised through a credential stuffing attack. These breaches rely on employees reusing passwords between platforms, which allowed the attackers to login to NextGen systems.

      This breach is a stark reminder of how important authentication controls and password hygiene are in an overall robust cybersecurity posture. Regular social engineering, phishing awareness training, and in this case, tightly enforced password and identity management, are effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.

      Read more...

      Cyber-Attack to Cost Outsourcing Firm Capita up to £20m

      2023-05-10

      The Guardian: The outsourcing firm and government contractor Capita has revealed it will take a hit of up to £20m from a recent cyber-attack in which some customer, supplier and staff data was accessed by hackers.

      Read more...

      Australia's TechnologyOne Halts Trading After Being Hit By Cyber Attack

      2023-05-10

      XM: Australia's TechnologyOne Ltd TNE.AX said it had detected an unauthorised third-party access to its back-office systems, becoming the latest target in a series of cyber attacks that has bogged companies in the country since last year.

      Read more...

      Fighting Hackers a Potential Growth Industry for ETFs

      2023-05-09

      Investment Executive: With economic activity increasingly taking place online, cyberattacks are an ever-present threat. That’s why cybersecurity companies — often referred to as the utilities segment of the digital world — continue to grow rapidly even in a sluggish economy.

      Read more...

      2023 Hedge Fund Survey Shows Rising Costs and High Staff Turnover are Forcing Hedge Funds to Rethink Their Approach to IT Management

      2023-05-09

      Yahoo Finance: Agio, a leading managed IT and cybersecurity provider for financial services firms, published its annual 2023 Hedge Fund Managed IT Trends Report. 

      Read more...

      The Layers Of Cybersecurity: Is Your Company Covered?

      2023-05-09

      Forbes: Cybersecurity is not one thing but a layering of security tools and processes to protect your data. The two most common layers people think of are the firewall and antivirus solutions.

      Read more...

      Who’s Acquiring Who? Cybersecurity-Related Private Equity Deal Activity in the Technology Industry Decreased by 47% in Q1 2023

      2023-05-08

      Verdict: Analysis of the key themes driving private equity deal activity reveals that cybersecurity accounted for 18 technology deals announced in Q1 2023, worth a total value of $2.1 billion.

      Read more...

      ChatGPT and the New AI Are Wreaking Havoc on Cybersecurity in Exciting and Frightening Ways

      2023-05-07

      ZDNet: Generative artificial intelligence is transforming cybersecurity, aiding both attackers and defenders. Cybercriminals are harnessing AI to launch sophisticated and novel attacks at large scale.

      Read more...

      Know Your Breach: Brightline

      The Target: Brightline, a pediatric mental and behavioural health provider.

      The Take: Exposure of Personally Identifiable Information including: full names, physical addresses, dates of birth, member identification numbers, date of health plan coverage and employer names.

      The Vector: A zero-day exploit was used to breach a third-party vendor, Fortra, of Brightline’s, targeting their file transfer software which let the attackers gain access to sets of files throughout the third-party vendor’s systems.

      This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

      Read more...

      Is the SEC Targeting Crypto Trading With New Reporting Requirements?

      2023-05-04

      BeinCrypto: Over the past few years, the SEC has tightened its regulatory oversight of cryptocurrency private funds. Admittedly, the SEC is responsible for regulating securities and investments in the United States.

      Read more...

      Cybersecurity Still Finding Its Place In New AI Era

      2023-05-03

      Crunchbase: It is difficult nowadays to talk to investors in any tech sector without AI coming up in the conversation — and that is certainly true in cybersecurity.

      Read more...

      FCA Urges Capita Clients to Ascertain if Data Was Compromised in Cyber-Attack

      2023-05-03

      The Guardian: The City regulator has contacted Capita’s corporate clients urging them to ascertain whether their customers’ data has been compromised after a cyber-attack on the outsourcer in March.

      Read more...

      4 Ways Leaders Should Reevaluate Their Cybersecurity's Focus

      2023-05-02

      Forbes: Despite business leaders' growing awareness of cybercrime—and the rapid adaptations offered by new cybersecurity architectures—criminals continue to successfully exploit weaknesses created by these evolving business infrastructures. 

      Read more...

      Singapore, US Run Cross-Border Cybersecurity Drills To Test Banks' Resilience

      2023-05-02

      ZDNet: Singapore and the U.S. have conducted drills to assess how well banks operating in their respective markets respond to cybersecurity threats. 

      Read more...

      FBI Seizes 9 Crypto Exchanges Used To Launder Ransomware Payments

      2023-05-02

      Bleeping Computer: The FBI and Ukrainian police have seized nine cryptocurrency exchange websites that facilitated money laundering for scammers and cybercriminals, including ransomware actors.

      Read more...

      FBI Focuses on Cybersecurity With $90M Budget Request

      2023-05-01

      Dark Reading: The FBI is requesting more than $63 million in new funding to fight cyber threats in 2024. On April 27, FBI Director Christopher Wray presented before the House Committee on Appropriations Subcommittee on Commerce, Justice, Science. 

      Read more...

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates