.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Cencora, formerly AmerisourceBergen, is a pharmaceutical services provider specializing in drug distribution, specialty pharmacy, consulting, and clinical trial support.
The Take: Cencora's internal investigation, which concluded on April 10, 2024, confirmed that the following information had been exposed: full name, address, health diagnosis, medications, and prescriptions.
The Vector: In February 2024, Cencora disclosed a data breach in a Form 8-K filing with the SEC, stating that unauthorized parties gained access to its information systems and exfiltrated personal data.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
Forbes: Cybersecurity has evolved into an indispensable foundation for doing business. The past several years have seen the rise of a permanent hybrid workforce that uses software to connect to their corporate networks.
MSN: The EU's top cybersecurity official has said there has been a "significant increase" in disruptive cyber attacks, many of which can be traced to Russia-backed groups, in recent months.
MSN: Cybersecurity stocks are selling off as investors prepare for more earnings reports within the industry. Okta Inc. PagerDuty Inc. and Zscaler Inc. are all due to post results, and Rosenblatt analyst Catharine Trebnick weighed in cautiously on the latter.
Yahoo Finance/Reuters: OpenAI has formed a Safety and Security Committee that will be led by board members, including CEO Sam Altman, as it begins training its next artificial intelligence model, the AI startup said.
Dark Reading: The advent of generative AI is surfacing new risks, significantly raising the stakes for businesses around the globe and for marketplace stability.
Cointelegraph: The Bank for International Settlements (BIS) believes in the potential for widespread adoption of generative artificial intelligence (AI), an area in which many central banks have developed a strong interest.
CNBC: A growing wave of deepfake scams has looted millions of dollars from companies worldwide, and cybersecurity experts warn it could get worse as criminals exploit generative AI for fraud.
The Target: Santander, the euro zone's second-biggest bank by market value.
The Take: The bank said in a statement that the data was from customers in Spain, Chile and Uruguay, as well as all current and some former employees. No data on transactions, nor any credentials that would allow to perform transactions were stored in the database, it said.
The Vector: The bank said it recently became aware of unauthorized access to one of its databases hosted by a third-party provider.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
U.S. Securities & Exchange Commission: The Securities and Exchange Commission announced that The Intercontinental Exchange, Inc. (ICE) agreed to pay a $10 million penalty to settle charges that it caused the failure of nine wholly-owned subsidiaries, including the New York Stock Exchange, to timely inform the SEC of a cyber intrusion as required by Regulation Systems Compliance and Integrity.
Yahoo News: The federal government has unfurled a new cybersecurity strategy aimed at protecting its vast array of computer systems and information banks against a growing variety of threats.
Spiceworks: The US SEC has announced an update to its rules regarding how Wall Street organizations respond to the theft of customer data. The changes apply to data security rules adopted in 2000.
PR Newswire: Trend Micro Incorporated, a global cybersecurity leader, today revealed that four-fifths (79%) of global cybersecurity leaders have felt boardroom pressure to downplay the severity of cyber risks facing their organisation.
MSN: Palo Alto Networks' fourth-quarter billings forecast disappointed investors, a sign of tight corporate spending on cybersecurity solutions, sending its shares down more than 8% in aftermarket trading.
Dark Reading: ZeroRisk Cybersecurity is thrilled to announce the launch of its U.S. operations including the opening of its first U.S. office, marking a significant milestone in the company's global expansion strategy.
Yahoo Finance: CyberArk Software Ltd. agreed to buy Venafi, a cybersecurity company backed by private equity firm Thoma Bravo, for $1.54 billion.
The Target: Firstmac is a significant player in Australia's financial services industry, focusing primarily on mortgage lending, investment management, and securitization services.
The Take: From the investigation that followed, assisted by external cybersecurity experts, Firstmac determined that the following information was compromised: First name, Residential address, Email address, Phone number, Date of birth, External bank account information, Driver’s license number.
The Vector: Firstmac experienced a cyber incident where an unauthorised third party accessed a part of their IT system.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
Yahoo Finance: Private equity giant Thoma Bravo has announced that its security information and event management (SIEM) company LogRhythm will be merging with Exabeam, a rival cybersecurity company backed by the likes of Cisco and Lightspeed Venture Partners.
TechReport: A prominent crypto hedge fund, BlockTower Capital, has emerged as the last firm to suffer a major blow from hackers. According to reports, hackers infiltrated the company’s system, carting away a hefty sum from its assets under management (AUM).
Dark Reading: Lawmakers in Singapore updated the nation's cybersecurity regulations on May 7, giving more power to the agency responsible for enforcing the rules, adopting definitions of computer systems that include cloud infrastructure, and requiring that critical information infrastructure (CII) operators report any cybersecurity incident to the government.
Yahoo Finance: Spanish bank Santander said some customer and employee data in a database hosted by an outside provider was accessed by an unauthorized party, but that the bank's own operations and systems have not been affected.
Forbes: When listening to industry watchers extolling the promises of AI, you'd expect cybersecurity experts to soon be obsolete. AI will securely configure systems, detect abnormal behavior and react faster than any human ever can.
TechCrunch: Early-stage rounds continue to account for the majority of investments in the European startup market, and one of the biggest firms in the region announced a new fund to bolster that trend.
Yahoo News: Australia's Iress Ltd over the weekend detected and contained an unauthorized access of the firm's space on a third-party platform which is used to manage its pre-production software code, the financial software firm said.
The Target: University System of Georgia is a state government agency that operates 26 public colleges and universities in Georgia with over 340,000 students.
The Take: The cybercriminals accessed: Full or partial (last four digits) of Social Security Number, Date of Birth, Bank account number(s), Federal income tax documents with Tax ID number.
The Vector: The Clop ransomware gang leveraged a zero-day vulnerability in Progress Software MOVEit Secure File Transfer solution in late May 2023 to conduct a massive worldwide data theft campaign.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
Business Wire: Prevalent Inc. published its 2024 Third-Party Risk Management Study, finding that 61% of companies experienced a third-party data breach or cybersecurity incident last year. Breaches rose 20 points — or 49% — year over year, increasing threefold since 2021.
Dark Reading: Microsoft will make organizational changes and hold senior leadership directly accountable for cybersecurity as part of an expanded initiative to bolster security across its products and services.
Forbes: In today's interconnected digital landscape, cybersecurity isn't only about intricate coding, firewalls and endpoint detection and response software. It transcends technical prowess, encompassing an entire governance ecosystem to ensure an alignment between security programs and business objectives.
Yahoo Finance: Generative AI has become a double-edged sword for the security of connected networks. On one hand, generative AI can speed up cybersecurity problems, making it easier and cheaper for bad actors to conduct identity attacks.
CSO Online: The US government is doing everything it can to manage the cybersecurity challenges of quantum computing, cloud strategies, and generative AI and trying to secure sensitive technology hardware, Secretary of State Anthony Blinken said.
Yahoo Finance: Chip-design company Synopsys Inc. is selling its software integrity business to two private equity firms for as much as $2.1 billion in cash. Clearlake Capital and Francisco Partners are buying the cybersecurity-focused business and will run it as a new, as-yet unnamed independent company, according to a statement.
PR Newswire: Widespread concerns are growing among US employees about escalating cybersecurity threats in the workplace, with 53% worried their organization will be the target of a cyber attack and a third (34%) worried that they may be the ones leaving their organization vulnerable due to their actions, according to new data from Ernst & Young LLP.
The Target: The OWASP (Open Web Application Security Project) Foundation is a nonprofit organization focused on improving the security of software. It provides freely available resources, tools, and documentation to help organizations develop, deploy, and maintain secure software applications.
The Take: The incident impacted OWASP members from 2006 to around 2014 who provided their resumes as part of joining OWASP. Exposed resumes contained names, email addresses, phone numbers, physical addresses, and other personally identifiable information.
The Vector: In late February 2024, the Foundation received a few support requests and became aware of a misconfiguration of OWASP’s old Wiki web server. The misconfiguration led to a data breach involving old member resumes.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Crunchbase: Cybersecurity venture funding saw a small bounce back in the first quarter of the year and a couple of large raises may indicate that trend continuing.
Yahoo Finance: In April 2024, UK cybersecurity company Darktrace agreed to be bought by US private equity (PE) company Thoma Bravo in a $5.3bn deal.
Business Wire: Small and medium-sized business (SMB) leaders report that they are investing more time, attention, and budget on cybersecurity, but human factors are getting in the way – including lack of awareness, training and inconsistent policy adherence.
PR Newswire: BlackSwan Cyber, a leading M&A Cybersecurity Advisor, has announced the release of its Cyber Maturity Assessment Platform.
BNN Bloomberg: A new study warns that cybersecurity measures must be prioritized amidst an increasingly sophisticated threat of artificial intelligence (AI).
CSO Online: The UK’s Investigatory Powers (Amendment) Act (IPAA) received royal assent, making it law and broadening the government’s ability to collect bulk communications data.
The Record: As the chief executive of one of the largest banks in the world, Bill Winters is constantly identifying, evaluating and taking steps to mitigate risks.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy