shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: TMX Finance Corporate Services

      The Target: TMX Finance Corporate Services, the parent company of lender TitleMax. TMX, which also operates the brands TitleBucks, InstaLoan and EquityAuto Loan, has more than 1,000 locations in 18 U.S. states.

      The Take: A revised data breach notification sent to victims by TMX stated that beyond the raft of personal information that it previously stated had been stolen - including passport and Social Security numbers - attackers may have also stolen their credit/debit card number in combination with security code, access code, password or PIN for the account.

      The Vector: TMX previously reported detecting suspicious activity on their systems on Feb. 13. A third-party incident response firm called in to investigate found the intrusion appeared to have started in early December 2022.

      This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.

      Read more...

      UK Cybersecurity Agency Warns Of Chatbot ‘Prompt Injection’ Attacks

      2023-08-30

      The Guardian: The UK’s cybersecurity agency has warned that chatbots can be manipulated by hackers to cause scary real-world consequences.

      Read more...

      AI In Cybersecurity: Harmful Or Helpful?

      2023-08-29

      Forbes: By now, it’s common knowledge that the pandemic accelerated the digital transformation of our work world. Remote and hybrid work environments and anytime-anywhere collaboration became the norm, and the adoption of cloud services increased substantially

      Read more...

      Addressing Cybersecurity's Talent Shortage & Its Impact on CISOs

      2023-08-29

      Dark Reading: The cybersecurity sector continues to face a dire talent shortage as the threat landscape evolves, according to recent research from ISC2, and the skill gap is only growing. 

      Read more...

      Sebi Brings Guidelines to Boost Cybersecurity Framework for Exchanges

      2023-08-29

      Business Standard: Capital markets regulator Sebi came out with guidelines to strengthen the existing cyber security and cyber resilience framework for stock exchanges and other market infrastructure institutions (MIIs).

      Read more...

      FTX Customers Hit by 'Withdrawal' Phishing Mails After SIM Swap Attack

      2023-08-29

      CoinDesk: FTX customers continue to be plagued by issues several months after the exchange shut down, blocking millions of users from accessing billions in capital stored on the disgraced exchange.

      Read more...

      Why Companies Should Invest in Cybersecurity During a Recession

      2023-08-29

      Security Boulevard: Economic downturns often trigger cost-cutting and layoffs. And while it may appear counterintuitive to advocate for new business investments, the reality is that recessions don’t stop cybercrime and data leaks.  

      Read more...

      How International Cybersecurity Frameworks Can Help CISOs

      2023-08-28

      CSO: Laws and standards around cybersecurity are plenty and to make matters worse they often vary within countries. 

      Read more...

      Know Your Breach: The German Federal Bar (BRAK) Association

      The Target: The German Federal Bar (BRAK) Association, an umbrella organization overseeing 28 regional bars across Germany and representing about 166,000 lawyers nationally and internationally.

      The Take: The organization is still trying to figure out how much information was taken involving communications from people contacting the Brussels office.

      The Vector: The hackers encrypted BRAK’s mail server and exfiltrated 160 gigabytes of data.

      This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.

      Read more...

      Business Lobby Struggles to Thwart SEC Cybersecurity Disclosure Rules

      2023-08-23

      BNN Bloomberg: Business lobbyists are struggling to soften new US Securities and Exchange Commission rules that require publicly traded companies to quickly disclose cybersecurity breaches.

      Read more...

      Cybersecurity Companies Report Surge in Ransomware Attacks

      2023-08-23

      SecurityWeek: Ransomware attacks continue to be highly profitable for cybercrime groups and the recent reports released by various cybersecurity firms show that they are increasing both in terms of volume and sophistication. 

      Read more...

      Balancing Risk and Compliance: Implications Of The SEC’s New Cybersecurity Regulations

      2023-08-22

      CSO: Corporate cybersecurity is becoming a non-negotiable priority. How companies prepare for and defend themselves against cyber intrusions has profound implications for their operations, reputation, and bottom line.

      Read more...

      Commitment To Cybersecurity Must Come From The Top

      2023-08-22

      Forbes: As the complexities of cybersecurity evolve daily, it remains essential to grasp some fundamental principles. It can take time to figure out where to start. 

      Read more...

      Palo Alto Networks CEO Warns Companies Need Modern, Integrated Cybersecurity: ‘The Bad Actors Are Moving Faster’

      2023-08-21

      CNBC: Arora said the problem isn’t that companies lack cybersecurity vendors. Rather, their security infrastructure may consist of a complicated assortment of vendors, some of which are outdated.

      Read more...

      Less Noise, Better Signals: Why XDR and AI Are The Future of Cybersecurity

      2023-08-21

      VentureBeat: Capitalizing on malware-free tradecraft to launch undetectable breaches, attackers rely on legitimate system tools and living-off-the-land (LOTL) techniques to breach endpoints undetected.

      Read more...

      Cybersecurity Firm SentinelOne Explores Sale

      2023-08-21

      Yahoo Finance: SentinelOne Inc, a cybersecurity company with a market value of about $5 billion, has been exploring options that could include a sale, according to people familiar with the matter.

      Read more...

      Know Your Breach: Discord.io

      The Target: Discord.io is not an official Discord site but a third-party service allowing server owners to create custom invites to their channels. Most of the community was built around the service's Discord server, with over 14,000 members.

      The Take: The most sensitive information in the breach is a member's username, email address, billing address (small number of people), salted and hashed password (small number of people), and Discord ID.

      The Vector: A person known as 'Akhirah' began offering the Discord.io database for sale on the new Breached hacking forums. As proof of the theft, the threat actor shared four user records from the database.

      This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. In particular, the information exposed here is perfect for crafting highly believable phishing campaigns as it would allow push notifications. Access monitoring and testing for every public-facing webpage is a key strategy to mitigate these kinds of breaches to protect a firm’s customer base.

      Read more...

      Cyber Defenders Lead the AI Arms Race for Now

      2023-08-17

      Dark Reading: Cyber defenders so far are winning the war over artificial intelligence: AI tools have yet to be meaningfully integrated into cyberattacks, while defenders have been using them to greater effect.

      Read more...

      Cybersecurity As A Strategic Investment: How ROI Optimization Can Lead To A More Secure Future

      2023-08-16

      Forbes: In the ever-changing landscape of cybersecurity, chief information security officers (CISOs) play a crucial role in safeguarding organizations against evolving threats. 

      Read more...

      Canadian Financial Sector Faces Rising Cybersecurity Challenges: Report

      2023-08-16

      Advisor's Edge: The Canadian financial services industry is seeing a surge in cybercrime and fraud, according to new data from LexisNexis Risk Solutions.

      Read more...

      SecureWorks Laying Off 15% of Employees

      2023-08-15

      SecurityWeek: The plans were announced in an SEC filing, with employees being notified starting August 14. In addition, the company revealed that it’s implementing “certain real estate‑related cost optimization actions”.

      Read more...

      AI’s Impact on Fintech: Do the Benefits Outweigh the Risks?

      2023-08-15

      Traders Magazine: Artificial Intelligence has considerably impacted the financial services industry in recent years, especially since the advent of OpenAI in late 2022.

      Read more...

      Why Finance Leaders In Midsize Businesses Are Stepping Up Cybersecurity Efforts

      2023-08-14

      Forbes: Finance organizations within midsize businesses have more on their minds than the traditional risks in credit, operational budgets, investments, and regulatory compliance.

      Read more...

      Adapting to the Cloud Era of Cybersecurity: How CISO’s Priorities Are Evolving

      2023-08-14

      Network Computing: Cybersecurity has been rapidly moving to the cloud, driving organizations to cloud-based solutions from third-party vendors instead of self-owned and maintained network security devices and software. 

      Read more...

      Know Your Breach: Salesforce

      The Target: Salesforce, Inc., an American cloud-based software company headquartered in San Francisco, California

      The Take: The goal of the phishing kit employed in this campaign was to steal Facebook account credentials, even featuring two-factor authentication bypassing mechanisms.

      The Vector: The attackers chained a flaw dubbed "PhishForce," to bypass Salesforce's sender verification safeguards and quirks in Facebook's web games platform to mass-send phishing emails.

      As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.

      Read more...

      A Global Law Firm Separates From Its Chinese Partner, Citing Cybersecurity and Data Rules

      2023-08-10

      US News: One of the world’s biggest law firms said it is separating from the Chinese firm that was part of its global network for eight years, citing changes in cybersecurity and other rules that have rattled foreign companies.

      Read more...

      Hackers to Compete For Nearly $20 Million in Prizes by Using A.I. For Cybersecurity, Biden Administration Announces

      2023-08-09

      CNBC: Hackers will have the chance to compete for millions of dollars in prizes by using artificial intelligence to protect critical U.S. infrastructure from cybersecurity risks, the Biden administration announced.

      Read more...

      Cybersecurity Giant Rapid7 Announces Sweeping Layoffs as Losses Mount

      2023-08-09

      TechCrunch: U.S. cybersecurity giant Rapid7 has announced plans to lay off 18% of its workforce, affecting more than 400 global employees.

      Read more...

      PE Cybersecurity Investment Relatively Robust in Europe, Plummets in US

      2023-08-08

      Yahoo Finance: Private equity investors have piled $4.7 billion into European cybersecurity companies so far this year, putting deal value on course to outperform 2022, when the total reached $7.6 billion.

      Read more...

      The Problem With Cybersecurity (and AI Security) Regulation

      2023-08-08

      Dark Reading: With the emergence of generative models, and large language models (LLMs) in particular, and the meteoric rise in the popularity of ChatGPT, there once again are calls for more security regulation. 

      Read more...

      Crypto Heavyweights Back New Cybersecurity Standards After Nearly $4 Billion Was Lost to Hacks in 2022

      2023-08-08

      Yahoo Finance: Amid the crypto industry's myriad obstacles, hacks still rank at the top of the list. Despite the bear market, last year saw a historic spike, with nearly $4 billion stolen by cybercriminals, according to the analytics firm Chainalysis.

      Read more...

      Securing The Future: Embracing Cloud-Centric Cybersecurity Strategies

      2023-08-08

      Forbes: We live in an age in which technology promises to shape the future. The near-constant flow of innovation makes it challenging for many business leaders to keep up.

      Read more...

      Know Your Breach: Hot Topic

      The Target: American retail chain Hot Topic.

      The Take: A threat actor obtained the valid account credentials for Hot Topic Rewards accounts from an unknown third party.

      The Vector: The series of breaches that occurred between Feb. 7 and June 21 was the result of automated credential stuffing attacks against the company’s website and mobile application. 

      This breach is a reminder of how authentication controls are an important part of an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.

      Read more...

      These Are the Top Five Cloud Security Risks, Qualys Says

      2023-08-03

      Security Week: The five key risk areas are misconfigurations, external-facing vulnerabilities, weaponized vulnerabilities, malware inside a cloud environment, and remediation lag (that is, delays in patching).

      Read more...

      Cybersecurity Vendor Funding, M&A Down from 2022

      2023-08-03

      Channel Futures: Cybersecurity vendor funding fell last month, continuing a decline during the second quarter compared to the year-ago quarter. That’s according to Pinpoint Search Group. It releases monthly reports on cybersecurity vendor funding and M&A.

      Read more...

      Data Breaches Grow Nearly Three Times, With US Accounts Most Compromised

      2023-08-03

      ZD Net: Some 110.8 million user accounts were breached in the second quarter of 2023, with the US accounting for almost 45% of the global figure. Worldwide, data breaches grew 2.6 times compared to the first quarter, with an average of 855 accounts leaked every minute in the second quarter.  

      Read more...

      Jericho Security Uses AI to Fight AI in New Frontier of Cybersecurity

      2023-08-03

      Venture Beat: Cybersecurity startup Jericho Security announced it has raised $3 million in pre-seed funding to build solutions using artificial intelligence (AI) to combat increasingly sophisticated phishing attacks generated by AI systems.

      Read more...

      EU’s Financial Institutions Face Cyber Resilience Crisis

      2023-08-01

      Help Net Security: 78% of Europe’s largest financial institutions experienced a third-party breach in the past year, according to SecurityScorecard. In the wake of attacks such as MOVEit and SolarWinds, cybersecurity regulations are increasing the need for comprehensive approaches to manage vendor risk and ensure compliance.

      Read more...

      Bankrupt Crypto Lender Voyager Digital Reports Possible Breach

      2023-08-01

      PYMNTS: Bankrupt crypto lender Voyager Digital Holdings has reported a possible breach, revealing the difficulties of protecting customers from online scammers.

      Read more...

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates