The Target: Government services provider Maximus and 513 organizations impacted by the MOVEit hack.
The Take: According to Maximus, the attackers stole files containing personal information and protected health information, including Social Security numbers, “of at least 8 to 11 million individuals”.
The Vector: Disclosed at the end of May, the attack involved the exploitation of a zero-day vulnerability in the MOVEit Transfer managed file transfer (MFT) software, allowing cybercriminals to tap into the data transferred through the service.
A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched. This breach is a reminder of how regular vendor assessments are a key component in cybersecurity. The breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control but in third-party systems the firm relies upon as well.
Silicon Angle: Venture capital cash inflows in technology often happen in high-innovation areas. Given the expanding threat surface and financial incentive for attackers, cybersecurity is attracting a lot of that cash.
Business Wire: Absolute Software™, the only provider of self-healing, intelligent security solutions, today announced the successful completion of its acquisition by an affiliate of Crosspoint Capital Partners, LP, a leading private equity investment firm focused on the cybersecurity, privacy and infrastructure software markets.
Business Wire: SecurityScorecard today announced the release of a new report on the Digital Operational Resilience Act (DORA). The report analyzes 240 of the largest financial institutions in the European Union that must comply with the Digital Operational Resilience Act (DORA) by January 2025.
CNBC: The Securities and Exchange Commission wants corporate America to tell investors more about cybersecurity breaches and what’s being done to fight them. Much more.
The Target: Sixty-two clients of Big Four accounting firm Ernst & Young
The Take: 3 terabytes of critical information about Ernst & Young clients including financial reports and accounting documents in client folders, passport scans, Visa scans, risk and asset management documents, contracts and agreements, credit agreements, audit reports and account balances.
The Vector: The hacking campaign came to light after the Russian-speaking cybercrime group Clop began targeting a previously unknown vulnerability in MOVEit around May 27 and May 28.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Funds Tech: The increasing digitisation of the financial services sector has brought many benefits, including enhanced efficiency, improved data management and streamlined processes.
BNN Bloomberg: The head of the Canadian Centre for Cyber Security says ransomware attacks are getting more common and sophisticated, but there's a lot the country could do to better defend itself.
Best Stocks: TPG, a leading investment firm, has recently made significant strides in the healthcare IT and cybersecurity sectors. On July 19, 2023, TPG successfully acquired Nextech, a renowned provider of clinical and administrative healthcare technology solutions for specialty physician practices.
Forbes: For many years, artificial intelligence (AI) has been a vital cyber security tool, bolstering defenses and aiding analysts in their battle against ever-evolving threats.
Yahoo News: Shares in cyber security firm Darktrace have surged after it said a probe into its finances has closed, and as it reported a jump in customers amid the evolving “ChatGPT era”.
TechCrunch: After years of growth, funding for cybersecurity startups is beginning to slow down, a symptom of the broader economic malaise and — perhaps — market oversaturation.
Business Wire: SecurityWeek, a leading provider of cybersecurity news and information to global enterprises, published its analysis of cybersecurity merger and acquisition (M&A) activity for the first half of 2023.
The Target: U.S. healthcare giant HCA Healthcare, an American for-profit operator of healthcare facilities that was founded in 1968.
The Take: Patient names; address data, such as city, state and ZIP code; patient email addresses; phone numbers; dates of birth; gender; and patient service dates, such as locations, and details about next appointments.
The Vector: DataBreaches.net first reported the seller’s forum post on July 5, in which the seller claimed to have 27 million rows of information. Some of the column headers in the stolen file include data that HCA says was stolen, such as names, gender and dates of birth.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. In particular, the information exposed here is perfect for crafting highly believable phishing campaigns as it would allow push notifications.
Forbes: 2023 may go down in history as the year of artificial intelligence (AI)—or at least the year when business leaders and consumers alike became obsessed with generative AI tools like ChatGPT.
Business Wire: In the 2023 Cybersecurity Perspectives Survey from Scale Venture Partners, it is reported that security incidents, especially those involving cloud services, are escalating.
TechCrunch: It wasn't long ago when it seemed like the tide was beginning to turn on ransomware. But 2023 has shown us that’s not the case: We’re only halfway through the year, yet hackers are already claiming more victims than ever before, reaffirming the importance of cybersecurity for every business.
Crunchbase: In 2021, venture funding in the red-hot cybersecurity market topped $23 billion. Two years later, it seems like a security startup will be lucky to raise just one-third of that.
Yahoo News: The U.S. government accused a cybersecurity professional of hacking a cryptocurrency exchange and stealing around $9 million in cryptocurrency, in what looks like a case of an ethical hacker turning rogue, then trying to appear ethical again.
SecurityWeek: The Global Governments and Critical Infrastructure (G2CI) business, created in 2018 to serve as Forcepoint’s government cybersecurity unit, will be spun out as an independent entity pushing the company’s data-first SASE offering with new capabilities and third-party integrations.
CSO: Responding to a security crisis can be a challenge for most cybersecurity teams. It can be doubly so for a team with relatively new and inexperienced security professionals.
The Target: Senior Choice, Inc., which manages and does business as three (3) residential facilities, The Atrium (216 Main Street, Johnstown, PA 15901), Beacon Ridge (1515 Wayne Ave, Indiana, PA 15701), and The Patriot (495 W Patriot St, Somerset, PA 15501).
The Take: Personal information including names and dates of birth, medical information including diagnosis and treatment information.
The Vector: There is evidence that unauthorized actors accessed some internal systems used for business operations during the period between April 18, 2023, and April 24, 2023.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.
Dark Reading: With the chaos of the pandemic now in the rearview mirror, we are finally back to "business as usual." The return to normal operations may imply that chief information security officers (CISOs) can now breathe easier, but the opposite is true.
ETF Trends: As disruptive technologies grow and evolve, they often converge with other innovative fields. That’s certainly happening with artificial intelligence, which is converging with the likes of cloud computing, innovative health and many more.
Yahoo News: A rise in cyberattacks poses a vital risk to India’s economic ambitions, with industries from manufacturing to pharmaceuticals becoming more vulnerable as they digitize operations, according to a Google subsidiary.
CSO: The Biden administration's cybersecurity initiatives broadly aim to improve cybersecurity resilience, with recent regulations and other actions designed to foster a "defensible, resilient ecosystem."
BNN Bloomberg: British cybersecurity officials are investigating an alleged cyberattack on a group of hospitals in London that has led to the disclosure of confidential documents online.
Private Equity Wire: This transaction represents the first exit from the Development Capital pool within the IK SC III Fund, after a holding period of under two years. IK will be reinvesting alongside Carlyle and the management team.
CNBC: The need for strong cybersecurity programs is a vital part of doing business today, and a good reflection of that is adding security executives to boards.