shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: Maximus

      The Target: Government services provider Maximus and 513 organizations impacted by the MOVEit hack.

      The Take: According to Maximus, the attackers stole files containing personal information and protected health information, including Social Security numbers, “of at least 8 to 11 million individuals”.

      The Vector: Disclosed at the end of May, the attack involved the exploitation of a zero-day vulnerability in the MOVEit Transfer managed file transfer (MFT) software, allowing cybercriminals to tap into the data transferred through the service.

      zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched. This breach is a reminder of how regular vendor assessments are a key component in cybersecurity. The breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control but in third-party systems the firm relies upon as well.

      Read more...

      Startups Ramp Up Innovation as Cloud Cybersecurity Race Intensifies

      2023-07-28

      Silicon Angle: Venture capital cash inflows in technology often happen in high-innovation areas. Given the expanding threat surface and financial incentive for attackers, cybersecurity is attracting a lot of that cash.

      Read more...

      Absolute Software Announces Completion of Acquisition by Crosspoint Capital Partners

      2023-07-27

      Business Wire: Absolute Software™, the only provider of self-healing, intelligent security solutions, today announced the successful completion of its acquisition by an affiliate of Crosspoint Capital Partners, LP, a leading private equity investment firm focused on the cybersecurity, privacy and infrastructure software markets.

      Read more...

      SecurityScorecard Research Reveals 78% of Europe’s Largest Financial Institutions Experienced a Third-Party Breach in the Past Year

      2023-07-26

      Business Wire: SecurityScorecard today announced the release of a new report on the Digital Operational Resilience Act (DORA). The report analyzes 240 of the largest financial institutions in the European Union that must comply with the Digital Operational Resilience Act (DORA) by January 2025.

      Read more...

      The SEC Wants Corporate America to Tell Investors More About Cybersecurity Breaches

      2023-07-26

      CNBC: The Securities and Exchange Commission wants corporate America to tell investors more about cybersecurity breaches and what’s being done to fight them. Much more. 

      Read more...

      Thales Enters App Security Market With $3.6B Imperva Acquisition

      2023-07-25

      Tech Crunch: French aerospace and defense group Thales is procuring cybersecurity company Imperva from Thoma Bravo in a deal worth $3.6 billion.

      Read more...

      Why Cyber Security Should Be Part of Your ESG Strategy

      2023-07-24

      Computer Weekly: Organisations need to consider cyber security risks in their overall environmental, social, and governance (ESG) strategy amid growing cyber threats and regulatory scrutiny, according to a cyber security expert.

      Read more...

      Know Your Breach: Ernst & Young

      The Target: Sixty-two clients of Big Four accounting firm Ernst & Young

      The Take: 3 terabytes of critical information about Ernst & Young clients including financial reports and accounting documents in client folders, passport scans, Visa scans, risk and asset management documents, contracts and agreements, credit agreements, audit reports and account balances.

      The Vector: The hacking campaign came to light after the Russian-speaking cybercrime group Clop began targeting a previously unknown vulnerability in MOVEit around May 27 and May 28.

      This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

      Read more...

      Cybersecurity is Top Investor Concern, According to Fund Managers in CAMMI Survey

      2023-07-20

      Funds Tech: The increasing digitisation of the financial services sector has brought many benefits, including enhanced efficiency, improved data management and streamlined processes. 

      Read more...

      Ransomware Attackers Getting More Sophisticated: Canadian Centre for Cyber Security

      2023-07-19

      BNN Bloomberg: The head of the Canadian Centre for Cyber Security says ransomware attacks are getting more common and sophisticated, but there's a lot the country could do to better defend itself.

      Read more...

      TPG Expands Presence in Healthcare IT and Cybersecurity through Major Acquisitions

      2023-07-19

      Best Stocks: TPG, a leading investment firm, has recently made significant strides in the healthcare IT and cybersecurity sectors. On July 19, 2023, TPG successfully acquired Nextech, a renowned provider of clinical and administrative healthcare technology solutions for specialty physician practices.

      Read more...

      Artificial Intelligence Continues To Revolutionize Cybersecurity

      2023-07-19

      Forbes: For many years, artificial intelligence (AI) has been a vital cyber security tool, bolstering defenses and aiding analysts in their battle against ever-evolving threats.

      Read more...

      Darktrace Shares Surge After Probe Into Finances Closes

      2023-07-18

      Yahoo News: Shares in cyber security firm Darktrace have surged after it said a probe into its finances has closed, and as it reported a jump in customers amid the evolving “ChatGPT era”.

      Read more...

      Cybersecurity Firm Netcraft Lands $100M Investment

      2023-07-18

      TechCrunch: After years of growth, funding for cybersecurity startups is beginning to slow down, a symptom of the broader economic malaise and — perhaps — market oversaturation.

      Read more...

      SecurityWeek Analysis: Over 210 Cybersecurity M&A Deals Announced in First Half of 2023

      2023-07-17

      Business Wire: SecurityWeek, a leading provider of cybersecurity news and information to global enterprises, published its analysis of cybersecurity merger and acquisition (M&A) activity for the first half of 2023.

      Read more...

      Know Your Breach: HCA Healthcare

      The Target: U.S. healthcare giant HCA Healthcare, an American for-profit operator of healthcare facilities that was founded in 1968.

      The Take: Patient names; address data, such as city, state and ZIP code; patient email addresses; phone numbers; dates of birth; gender; and patient service dates, such as locations, and details about next appointments.

      The Vector: DataBreaches.net first reported the seller’s forum post on July 5, in which the seller claimed to have 27 million rows of information. Some of the column headers in the stolen file include data that HCA says was stolen, such as names, gender and dates of birth.

      This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. In particular, the information exposed here is perfect for crafting highly believable phishing campaigns as it would allow push notifications. 

      Read more...

      Unveiling The Power Of AI In Cybersecurity: Three Questions CISOs Should Be Asking

      2023-07-13

      Forbes: 2023 may go down in history as the year of artificial intelligence (AI)—or at least the year when business leaders and consumers alike became obsessed with generative AI tools like ChatGPT. 

      Read more...

      With Cloud Service Attacks on the Rise, Only 48% of Enterprise Security Leaders Say Their Threat Defenses Are Effective

      2023-07-13

      Business Wire: In the 2023 Cybersecurity Perspectives Survey from Scale Venture Partners, it is reported that security incidents, especially those involving cloud services, are escalating.

      Read more...

      8 VCs Explain Why There’s Good Reason To Be Optimistic About Cybersecurity

      2023-07-12

      TechCrunch: It wasn't long ago when it seemed like the tide was beginning to turn on ransomware. But 2023 has shown us that’s not the case: We’re only halfway through the year, yet hackers are already claiming more victims than ever before, reaffirming the importance of cybersecurity for every business.

      Read more...

      Cyber Leak? Cybersecurity Funding Falls 63% In Q2

      2023-07-11

      Crunchbase: In 2021, venture funding in the red-hot cybersecurity market topped $23 billion. Two years later, it seems like a security startup will be lucky to raise just one-third of that.

      Read more...

      Cybersecurity Professional Accused of Stealing $9M in Crypto

      2023-07-11

      Yahoo News: The U.S. government accused a cybersecurity professional of hacking a cryptocurrency exchange and stealing around $9 million in cryptocurrency, in what looks like a case of an ethical hacker turning rogue, then trying to appear ethical again.

      Read more...

      TPG to Acquire Forcepoint’s Government Cybersecurity Business Unit

      2023-07-10

      SecurityWeek: The Global Governments and Critical Infrastructure (G2CI) business, created in 2018 to serve as Forcepoint’s government cybersecurity unit, will be spun out as an independent entity pushing the company’s data-first SASE offering with new capabilities and third-party integrations.

      Read more...

      5 Ways to Prepare a New Cybersecurity Team For a Crisis

      2023-07-10

      CSO: Responding to a security crisis can be a challenge for most cybersecurity teams. It can be doubly so for a team with relatively new and inexperienced security professionals.

      Read more...

      Know Your Breach: Senior Choice, Inc.

      The Target: Senior Choice, Inc., which manages and does business as three (3) residential facilities, The Atrium (216 Main Street, Johnstown, PA 15901), Beacon Ridge (1515 Wayne Ave, Indiana, PA 15701), and The Patriot (495 W Patriot St, Somerset, PA 15501).

      The Take: Personal information including names and dates of birth, medical information including diagnosis and treatment information.

      The Vector: There is evidence that unauthorized actors accessed some internal systems used for business operations during the period between April 18, 2023, and April 24, 2023.

      This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data. 

      Read more...

      CISOs Find 'Business as Usual' Shows the Harsh Realities of Cyber-Risk

      2023-07-06

      Dark Reading: With the chaos of the pandemic now in the rearview mirror, we are finally back to "business as usual." The return to normal operations may imply that chief information security officers (CISOs) can now breathe easier, but the opposite is true.

      Read more...

      AI, Cybersecurity Intersection Could Propel These ETFs

      2023-07-06

      ETF Trends: As disruptive technologies grow and evolve, they often converge with other innovative fields. That’s certainly happening with artificial intelligence, which is converging with the likes of cloud computing, innovative health and many more.

      Read more...

      Companies Play Catch-up as Cybersecurity Attacks Rise in Digital India

      2023-05-07

      Yahoo News: A rise in cyberattacks poses a vital risk to India’s economic ambitions, with industries from manufacturing to pharmaceuticals becoming more vulnerable as they digitize operations, according to a Google subsidiary.

      Read more...

      Resilience at the Core of the Current and Future Biden Administration Cybersecurity Plans

      2023-07-05

      CSO: The Biden administration's cybersecurity initiatives broadly aim to improve cybersecurity resilience, with recent regulations and other actions designed to foster a "defensible, resilient ecosystem."

      Read more...

      UK Cybersecurity Officials Investigating Breach Affecting London Hospitals

      2023-07-05

      BNN Bloomberg: British cybersecurity officials are investigating an alleged cyberattack on a group of hospitals in London that has led to the disclosure of confidential documents online.

      Read more...

      IK Sells Stake in Cybersecurity Specialist Pr0ph3cy to Carlyle

      2023-07-04

      Private Equity Wire: This transaction represents the first exit from the Development Capital pool within the IK SC III Fund, after a holding period of under two years. IK will be reinvesting alongside Carlyle and the management team. 

      Read more...

      Cybersecurity Experts Have Become Targets For Board Seats

      2023-07-03

      CNBC: The need for strong cybersecurity programs is a vital part of doing business today, and a good reflection of that is adding security executives to boards.

      Read more...

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates