.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Okta is a San Fransisco-based cloud identity and access management solutions provider whose Single Sign-On (SSO), multi-factor authentication (MFA), and API access management services are used by thousands of organizations worldwide.
The Take: The leaked data includes user IDs, full names, company names, office addresses, phone numbers, email addresses, positions/roles, and other information.
The Vector: In October 2023, Okta warned that its support system was breached by hackers using stolen credentials, allowing attackers to steal cookies and authentication for some customers.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
MSN: Airbus has called off talks to buy the BDS cybersecurity unit of France's Atos, sending shares in the software company tumbling by more than a fifth.
Forbes: Choosing a bank means more than just giving it money. Consumers must trust the institution to protect not only their financial assets, but also keep their Social Security numbers, passwords, dates of birth, and other sensitive data away from hackers.
Bleeping Computer: The U.S. Federal Trade Commission (FTC) warned today that scammers are impersonating its employees to steal thousands of dollars from Americans.
Euronews: Cybersecurity investments will have to be doubled under the next European Commission mandate in order to ensure the bloc’s resilience to counter attacks, a senior EU official said.
US News: Israeli cybersecurity firm Cato Networks, which was valued at more than $3 billion in a private funding round last year, has hired underwriters for an initial public offering in New York, according to people familiar with the matter.
Bleeping Computer: The U.S. Securities and Exchange Commission (SEC) announced that two investment advisers, Delphia (USA) and Global Predictions, have settled charges of making misleading statements regarding the use of artificial intelligence (AI) technology in their products.
SecurityWeek: The networking giant paid $157 per share in cash for Splunk, a powerhouse in data analysis, security and observability tools, in a deal first announced in September 2023.
The Target: Financial services firm Paysign. Paysign brought in a revenue of about $12 million last quarter through its prepaid card programs, payment processing systems and digital banking services.
The Take: 1,242,575 records containing the full names of customers, addresses, dates of birth, phone numbers and account balances.
The Vector: A cybercriminal with the name “emo” claimed to have taken the data and leaked it on to a hacking forum. The company declined to provide any further information regarding how the attack occurred.
With the fintech industry experiencing rapid growth, this leak stands as a clear reminder of the critical role of robust cybersecurity measures. Fintech companies manage and store exceptionally sensitive customer data. This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
PR Newswire: Nozomi Networks Inc., the worldwide leader in OT and IoT security, announced a $100 million Series E funding round to help accelerate innovative cyber defenses and expand cost-efficient go-to-market expansion globally.
Investment Executive: The Canadian Investment Regulatory Organization (CIRO) is updating its exam timeline for mutual fund dealers and sharing what its areas of focus will be during upcoming exams for all dealers.
Help Net Security: From a security point of view, it always pays to think one step ahead and about what might be coming next. One of the latest breakthroughs in AI technology is “interactive AI”.
SecurityWeek: The new investment round was led by J.P. Morgan Growth Equity Partners, with additional funding from existing investors Bessemer Venture Partners and TIN Capital.
GlobeNewswire: According to a recent report published by Allied Market Research, the global cybersecurity for critical infrastructure in the financial sector industry generated $9,012.96 million in 2022, and is anticipated to generate $17,465.33 million by 2032, witnessing a CAGR of 6.9% from 2023 to 2032.
Dark Reading: According to officials, threat actors breached the Cybersecurity and Infrastructure Security Agency's (CISA) systems using Ivanti product vulnerabilities back in February.
Bleeping Computer: New York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was stolen in a January ransomware attack.
The Target: Houser LLP, a U.S. law firm that specializes in serving high-profile financial institutions.
The Take: The data included names and one or more of Social Security number, driver’s license number, individual tax identification number, financial account information, and medical information.
The Vector: The company said certain files were encrypted during the incident and were “copied and taken from the network.”
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Financial Newswire: While at least one industry superannuation fund continues to deal with APRA over a cyber-security incident a year ago, the Association of Superannuation Funds of Australia (ASFA) has made clear to the Government that its member funds do not want minor security incidents being automatically escalated to APRA.
Yahoo Finance: CrowdStrike surged 10% and sparked a rally in cybersecurity stocks after the company's upbeat annual forecasts signaled robust demand for the one-stop platform for a variety of tools amid a rise in artificial intelligence-led sophisticated attacks.
Business Wire: KKR announced the appointment of Ruchir Swarup as a Partner and Chief Information Officer, effective immediately. In this role, Mr. Swarup will be responsible for driving KKR’s technology strategy and vision.
The Register: Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers' personal and financial information — including bank account and routing numbers, credit card numbers and security or access codes — after breaking into Infosys' IT systems in the fall.
US News: Axonius, a startup which help companies manage their cybersecurity infrastructure, said it has raised $200 million at a $2.6 billion valuation, a sizable funding amount in a relatively muted market for growth and late-stage startups.
Dark Reading: It seems obvious: CEOs and their chief information security officers (CISOs) should be natural partners. With the persistent rise in cyber threats, most CEOs recognize the importance of having a strong security leader to protect the company's data, not to mention its reputation.
Forbes: Be it a tech giant or a startup, the threats to any company's security are relentless, sophisticated and constantly evolving. Hackers are weaponizing new tools, data breaches dominate headlines daily and the potential consequences of an attack are more devastating than ever.
The Target: Giant loan and mortgage company LoanDepot
The Take: The stolen LoanDepot customer data includes names, dates of birth, email and postal addresses, financial account numbers, and phone numbers. The stolen data also includes Social Security numbers, which LoanDepot collected from customers.
The Vector: LoanDepot was hit by a cyberattack around January 4 that it described at the time as involving the “encryption of data,” or a ransomware attack. It’s not known if LoanDepot paid a ransom.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
SWI swissinfo.ch: Julius Baer Group AG suffered a crash of its core banking systems on Feb. 16 that left Switzerland’s second-largest listed wealth manager offline for some time, according to people familiar with the matter.
VentureBeat: Open-source models and platforms are proving valuable in solving one of the most urgent paradoxes all cybersecurity startups face: balancing the need to deliver reliable apps at scale and low cost while being open enough to integrate across existing IT infrastructure.
Dark Reading: A new era of litigation is threatening the cybersecurity community. In addition to corporate and government enforcement, companies are being served with class-action lawsuits for data breaches.
SecurityWeek: Managed by the Office of Cybersecurity, Energy Security, and Emergency Response (CESER), the projects are aimed at developing new tools to reduce cyber risks and improve the resilience of energy systems, including the power grid, utilities, pipelines, and renewable energy sources.
CSO Online: After two years of work, the US National Institute of Standards and Technology (NIST) has issued the 2.0 version of its widely referenced Cybersecurity Framework (CSF), expanding upon the draft 2.0 version it issued in September.
Forbes: The buzz surrounding artificial intelligence (AI) has reached a fever pitch, with virtually every industry exploring the potential benefits or drawbacks, of using generative AI (GAI) and large language models (LLMs) like ChatGPT or Google Bard to improve their efficiency.
US News: China's ministry of industry and information technology (MIIT) unveiled a plan that aims to improve data security in China's industrial sector and effectively contain "major risks" by the end of 2026.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy