shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: CNO Financial Group

      The Target: Washington National Insurance and Bankers Life, both subsidiaries of the CNO Financial Group

      The Take: Personal information including names, social security numbers, dates of birth, and policy numbers.

      The Vector: SIM-swapping attacks involve fraudsters tricking customer support staff at a cellphone operator into giving them control of someone else's phone number. This allows the fraudster to receive the victim's phone calls and SMS messages, including two-factor authentication tokens.

      This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

      Read more...

      Benefits And Cautions Of Aligning With Cybersecurity Frameworks

      2024-02-13

      Forbes: Enterprise security teams continually assess shifting security concerns and implement mitigating controls to reduce the organization's risk. However, with the pressing need to respond to threats, many organizations have implemented specific controls to mitigate single risks, creating the potential for dangerous gaps in coverage.

      Read more...

      Tech Companies Plan to Sign Accord to Combat AI-Generated Election Trickery

      2024-02-13

      SecurityWeek: At least six major technology companies are planning to sign an agreement this week that would guide how they try to put a stop to the use of artificial intelligence tools to disrupt democratic elections. The upcoming event at the Munich Security Conference in Germany comes as more than 50 countries are due to hold national elections in 2024.

      Read more...

      Prudential Says Hackers Gained Access to Its Computer Systems

      2024-02-13

      BNN Bloomberg: Prudential Financial Inc. said hackers it believes to be part of a cyber-crime group gained access to some of its information-technology systems and a small percentage of user accounts associated with employees and contractors.

      Read more...

      Ivanti Gets Poor Marks for Cyber Incident Response

      2024-02-13

      Dark Reading: Here's what's clear about the current cybersecurity state of Ivanti's VPN appliances — they have been widely vulnerable to cyberattack, and threat actors are onto the possibilities. It's up to enterprise cyber teams to decide what comes next.

      Read more...

      Willis Lease Finance Corp Discloses Cyberattack

      2024-02-13

      SecurityWeek: Aircraft parts dealer Willis Lease Finance Corporation (WLFC) has informed the US Securities and Exchange Commission (SEC) that it fell victim to a cyberattack. According to the SEC filing, the incident was flagged on January 31, when unauthorized activity was detected on portions of its systems.

      Read more...

      Bank of America Warns Customers Of Data Breach After Vendor Hack

      2024-02-12

      Bleeping Computer: Bank of America is warning customers of a data breach exposing their personal information after Infosys McCamish Systems (IMS), one of its service providers, was hacked last year.

      Read more...

      Banks Report an Increase in 'High Impact' Breaches as Federal Cybersecurity Bill Idles

      2024-02-12

      CBC: The number of  "high impact" cyber incidents reported by Canada's banks nearly tripled last year, according to the industry's watchdog. The increase comes as a federal bill meant to protect Canada's critical systems — including financial systems — has been sitting idle in parliamentary limbo for months.

      Read more...

      Know Your Breach: Verizon

      The Target: Verizon is an American telecommunications and mass media company providing cable TV, telecommunications, and internet services to over 150 million subscribers across the U.S.

      The Take: The data that was exposed varies per employee but could include: full name, physical address, social security number (SSN), National ID, gender, union affiliation, date of birth, compensation information.

      The Vector: A data breach notification shared with the Office of the Maine Attorney General revealed that a Verizon employee gained unauthorized access to a file containing sensitive employee information on September 21, 2023.

      This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

      Read more...

      Ransomware Payments Reached Record $1.1 Billion In 2023

      2024-02-07

      Bleeping Computer: Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs.

      Read more...

      Endpoint Security Startup NinjaOne Lands $231.5 Million at $1.9 Billion valuation

      2024-02-07

      Yahoo Finance: Just two years ago, VC funding to cybersecurity startups was on fire. Indeed, $23 billion flooded the sector, per Crunchbase. But in 2023, cybersecurity upstarts only saw a third of that -- the result of the exceptional surge in 2021, bloated valuations and investors wary of market instability.

      Read more...

      Fortinet Beats Q4 Profit on Cybersecurity Demand, Shares Jump

      2024-02-06

      US News: Fortinet reported fourth-quarter profit above analysts' estimates, as enterprises spent more to safeguard their digitized operations against the rising risk of attacks, sending the cybersecurity company's shares up 10.4% in extended trading.

      Read more...

      The Impact Of AI On Post-Quantum Cybersecurity

      2024-02-06

      Forbes: These days, major debates are happening around artificial intelligence (AI) and the future of the human race. Whether you believe that advanced AI will better humanity or force us off the planet, I would propose that we have a more pressing problem.

      Read more...

      ZeroFox Holdings To Be Acquired By Haveli Investments For About $350 Mln

      2024-02-06

      Nasdaq: ZeroFox Holdings, Inc., a provider of external cybersecurity, said it has agreed to be acquired by Haveli Investments, a technology-focused private equity firm, in an all-cash transaction with an enterprise value of about $350 million.

      Read more...

      Britain, France Lead 35 Nation Agreement on Controlling Spyware, Mercenary Hackers

      2024-02-06

      US News: Countries led by Britain, France and the United States and tech firms including Google, Microsoft and Meta signed a joint statement recognising the need for more action to tackle malicious use of cyber spying tools.

      Read more...

      Deepfake-Generating Apps Explode, Allowing Multimillion-Dollar Corporate Heists

      2024-02-05

      Dark Reading: Deepfake creation software is proliferating on the Dark Web, enabling scammers to carry out artificial intelligence (AI)-assisted financial fraud with previously unheard of creativity and scope.

      Read more...

      Know Your Breach: Direct Trading Technologies

      The Target: Direct Trading Technologies (DTT) is an international fintech company offering trading platforms for stocks, forex, precious metals, energies, indices, Contracts for Difference (CFDs), and cryptocurrencies.

      The Take: The leaked data included the trading activity of over 300,000 users spanning the past six years, along with names, email addresses, emails sent by the company, and IP addresses.

      The Vector: In October 2023, a research team discovered a misconfigured web server with backups and development code references allegedly belonging to the fintech company Direct Trading Technologies. The discovered directory included multiple database backups, each holding a significant amount of sensitive information about the company’s users and partners.

      With the fintech industry experiencing rapid growth, this leak stands as a clear reminder of the critical role of robust cybersecurity measures. Fintech companies manage and store exceptionally sensitive customer data. This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

      Read more...

      US Disrupted Chinese Hacking Operation That Targeted Routers

      2024-01-31

      BNN Bloomberg: A US operation disrupted a Chinese state-sponsored hacking effort in which spies hijacked a large network of devices to target water facilities and the power grid, among other targets, officials from the Federal Bureau of Investigation and the Department of Justice said. 

      Read more...

      US Sanctions Two ISIS-Affiliated ‘Cybersecurity Experts’

      2024-01-31

      SecurityWeek: The sanctioned individuals are both Egyptian nationals. One of them is Mu’min Al-Mawji Mahmud Salim, the creator of a platform named Electronic Horizons Foundation (EHF), which provides cybersecurity training and guidance to ISIS supporters.

      Read more...

      Cyber Crime Damage Costs Firms Up To $5 Million Annually, Says Barracuda

      2024-01-31

      Security Brief: The annual cost of recouping from cyber crime for businesses can reach as much as $5 million, according to a new Cybernomics 101 report from Barracuda Networks, a leading provider of cloud-first security solutions.

      Read more...

      New SEC Cyber Disclosure Rules Will Force Companies to Develop Incident Response Plans

      2024-01-31

      CPO Magazine: To many, the new SEC rules that require public companies to disclose “material” cybersecurity incidents within four days of determining their materiality may seem like a challenging, if not unreasonable, demand. 

      Read more...

      20 Essential Factors To Consider When Vetting Cybersecurity Platforms

      2024-01-30

      Forbes: In an increasingly digital work world, companies across industries collect and manage sensitive data. And just as companies are finding new and sophisticated ways to leverage that data, hackers are finding new and sophisticated ways to breach cyber defenses.

      Read more...

      SolarWinds Files Motion to Dismiss SEC Lawsuit

      2024-01-29

      Dark Reading: In a new filing with the US Southern District Court of New York, SolarWinds argued that the Securities and Exchange Commission was outside of its depth of expertise as well as its scope of authority in charging SolarWinds and its chief information security officer with mishandling the now-infamous, 2020, Russian-backed cyber espionage attack on its Orion platform.

      Read more...

      Canada Wakes Up To China, Russia, Iran Threat To Intellectual Property

      2024-01-29

      CSO Online: It is as if a light went on within the Canadian government this month as it took steps to tighten control over the risk presented by China, Russia, and Iran to sensitive research being funded by the federal government.

      Read more...

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates