.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Japanese electronics manufacturer Casio.
The Take: The exposed data includes customer names, email addresses, countries of residence, service usage details, and purchase information such as payment methods, license codes, and order specifics.
The Vector: Casio detected the incident on Wednesday, October 11, 2023, following the failure of a ClassPad database within the company's development environment. Evidence suggests that the attacker accessed customers' personal information a day later, on October 12, 2023.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
CSO: Whether a specific requirement or not, companies must either educate their board of directors in cybersecurity and risk management or look to recruit directors with specific cybersecurity experience to improve organizations response and decision-making.
Business Wire: The focus of this next vintage will be on seizing European opportunities and supporting companies with significant global B2B scalability potential. It aims to invest ticket sizes ranging from €10 million to €50 million, including reinvestments, thus offering the potential for substantial backing to companies poised to redefine the cybersecurity landscape.
Bleeping Computer: Ransomware activity in September reached unprecedented levels following a relative lull in August that was still way above regular standards for summer months.
TechCrunch: Investments in cybersecurity companies are beginning to turn a corner, seemingly. After a brutal summer, VC funding to security startups saw a slight (12%) uptick from Q3, according to Crunchbase — reaching nearly $1.9 billion compared to $1.7 billion in the second quarter.
The Guardian: Microsoft says it will invest an additional $5 billion in Australia over the next two years to expand hyperscale cloud computing capacity while collaborating with the Australian Signals Directorate (ASD) to boost domestic protection from cyber threats.
CNBC: Okta has shed more than $2 billion from its market valuation since the company disclosed a hack of its support systems. The high-profile incident is the latest in a string of incidents that have been tied to Okta or its products, including a spate of intrusions at casinos that crippled Las Vegas hotel rooms for days.
Chief Investment Officer: Mitigating cybersecurity threats requires organizations to reassess their approach to technical vulnerability, advised an internet security expert and author at the “Cybersecurity Threats and Concerns: An Overview” session of CIO’s Cybersecurity livestream on October 12.
The Target: The District of Columbia Board of Elections (DCBOE) operates as an autonomous agency within the District of Columbia Government and is entrusted with overseeing elections, managing ballot access, and handling voter registration processes.
The Take: This dataset includes the individual's name, registration ID, voter ID, partial Social Security number, driver's license number, date of birth, phone number, email, and more.
The Vector: DCBOE’s investigation into the claims has revealed that the attackers accessed the information through the web server of DataNet, the hosting provider for Washington D.C.'s election authority.
This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.
PR Newswire: Measured Analytics and Insurance, the AI-powered cyber insurance provider to small and midsize enterprises (SMEs), introduced its latest white paper, "Cybersecurity in the Cloud Era: Financial and Operational Impacts Decoded."
Crunchbase: Venture funding to cybersecurity startups in the third quarter saw a slight uptick from Q2, but was still down 30% year to year. According to Crunchbase data, cybersecurity startups raised nearly $1.9 billion through 153 deals announced in Q3, a 12% increase from the $1.7 billion raised in 181 deals the previous quarter.
Verdict: Cybersecurity software-as-a-service (SaaS) company SecureW2 has raised $80m in funding from Insight Partners. SecureW2 is engaged in offering a suite of passwordless security software solutions, with headquarters in the Netherlands and regional hubs in the US and India.
PR Newswire: In today's digital age, the threat of cybercrime looms large over businesses and individuals alike. The need for robust cybersecurity solutions has never been more critical as the world becomes increasingly interconnected.
Dark Reading: The US Treasury Department and the Cyber Security Council of the United Arab Emirates have agreed to share more information on cybersecurity threats and incidents affecting the financial services industry.
Security Boulevard: An analysis published by CSC found 43% of Forbes Global 2000 companies do not have control over their branded artificial intelligence (.AI) domain names that have instead been registered by third parties.
Forbes: Ever since OpenAI released ChatGPT last year and DALL-E the year before, there has not only been an explosion in the amount of AI tools available for general consumption, but AI also transitioned from being perceived as largely academic or some magic employed by Big Tech to a family dinner conversation topic.
The Target: DNA testing company 23andMe.
The Take: The information obtained may have included users’ display name, profile photo, profile sex, birth year, location, predicted relationships to their match, the percent DNA match and number of shared genetic segments and portions of their genetic ancestry results, including haplogroups, which provide information about ancestry.
The Vector: The company said its preliminary investigation indicated that an attacker may have compiled login credentials leaked from other platforms and then recycled these credentials to access the accounts of 23andMe customers who had used the same username and password combination.
This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
GlobeNewswire: Sage, the leader in accounting, financial, HR and payroll technology for small and mid-sized businesses (SMBs), released a new report, Cybersecurity for SMBs: Navigating Complexity and Building Resilience.
Help Net Security: 60% of CEOs said their organizations don’t incorporate cybersecurity into business strategies, services or products from the outset, and 44% believe cybersecurity requires episodic intervention rather than ongoing attention.
SecurityWeek: The new Seed Fund I brings the firm’s total assets under management to more than $600 million. The final closing is expected for later this quarter.
CSO: The ongoing economic challenges are severely impacting CISOs, many of whom are struggling to get any salary hikes at all while new job postings for the role are on a decline, according to an IANS study.
Forbes: In the fight to keep hackers out of your network and applications, a robust cybersecurity program focuses a lot on access management and authorization.
TechCrunch: Arctic Wolf, a cybersecurity company that’s raised hundreds of millions of dollars in debt and equity, announced that it plans to acquire Revelstoke, a company developing a security orchestration, automation and response (SOAR) platform, for an undisclosed amount.
Venture Beat: Emerging from stealth today with one of cybersecurity’s largest-ever seed rounds of $51 million, startup Gutsy’s vision is to revolutionize security governance through process mining.
The Target: Cloud customer relationship management (CRM) software provider Really Simple Systems.
The Take: Personally identifiable information (PII), including medical records, identification documents, real estate contracts, credit reports, legal documents, tax documents, and non-disclosure agreements.
The Vector: Cybersecurity Researcher, Jeremiah Fowler, discovered and promptly notified Really Simple Systems about a non-password-protected database that contained over 3 million records. The documents appeared to be associated with internal invoices, communications, and customer’s stored CRM files.
While some immediate corrective actions were implemented, specific folders remained open for an extended duration before their access was limited. This incident highlights the pressing requirement for strong password encryption measures to protect customer data and thwart unauthorized access to sensitive information.
Business Wire: Three-quarters (74%) of CEOs are concerned about their organizations’ ability to avert or minimize damage to the business from a cyberattack—despite the fact that 96% of CEOs said that cybersecurity is critical to organizational growth and stability, according to a new report from Accenture (NYSE: ACN).
BNN Bloomberg: BlackBerry Ltd., wrapping up a strategic review of its options, plans to hold an initial public offering for the company’s Internet of Things division, separating the business from its main cybersecurity operations.
Chief Investment Officer: Cybersecurity breaches reported by British financial services companies more than tripled in the 12-month period ending June 30, with the pension sector reporting the biggest increase at 4,000%, according to research from international law firm Reynolds Porter Chamberlain.
PR Newswire: Following the Securities and Exchange Commission's (SEC) adoption of new rules for cybersecurity risk management, strategy, governance, and incident disclosure by public companies, 64.8% of public company executives say their organizations will strengthen their cybersecurity programs, according to a new Deloitte poll.
PR Newswire: Strategic Cyber Ventures, a leading cybersecurity-focused venture capital firm, is excited to announce a $1 million dollar investment into Evo Security's latest funding round. Evo Security builds enterprise-grade identity and access management products tailored for IT Managed Service Providers (MSPs).
Business Wire: Global security leader Forcepoint today announced the completed acquisition of the company’s Global Governments and Critical Infrastructure (G2CI) cybersecurity business by TPG, a global alternative asset management firm.
Chief Investment Officer: Cybersecurity risks are omnipresent. September’s hack of MGM Resorts International and Caesars Entertainment showed just how vulnerable companies can be, no matter how large or small.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy