Industry News: Cyber

Know Your Breach: Firstmac Limited

The Target: Firstmac is a significant player in Australia's financial services industry, focusing primarily on mortgage lending, investment management, and securitization services.

The Take: From the investigation that followed, assisted by external cybersecurity experts, Firstmac determined that the following information was compromised: First name, Residential address, Email address, Phone number, Date of birth, External bank account information, Driver’s license number.

The Vector: Firstmac experienced a cyber incident where an unauthorised third party accessed a part of their IT system.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Thoma Bravo's LogRhythm Merges With Exabeam In More Cybersecurity Consolidation

2024-05-16

Yahoo Finance: Private equity giant Thoma Bravo has announced that its security information and event management (SIEM) company LogRhythm will be merging with Exabeam, a rival cybersecurity company backed by the likes of Cisco and Lightspeed Venture Partners.

Crypto Hedge Fund BlockTower Suffers A Major Exploit, But How?

2024-05-15

TechReport: A prominent crypto hedge fund, BlockTower Capital, has emerged as the last firm to suffer a major blow from hackers. According to reports, hackers infiltrated the company’s system, carting away a hefty sum from its assets under management (AUM).

Singapore Cybersecurity Update Puts Cloud Providers on Notice

2024-05-14

Dark Reading: Lawmakers in Singapore updated the nation's cybersecurity regulations on May 7, giving more power to the agency responsible for enforcing the rules, adopting definitions of computer systems that include cloud infrastructure, and requiring that critical information infrastructure (CII) operators report any cybersecurity incident to the government.

Santander Reports Customer, Employee Data Breach In Spain, Chile, Uruguay

2024-05-14

Yahoo Finance: Spanish bank Santander said some customer and employee data in a database hosted by an outside provider was accessed by an unauthorized party, but that the bank's own operations and systems have not been affected.

Why AI Will Boost Demand For Cybersecurity Talent

2024-05-13

Forbes: When listening to industry watchers extolling the promises of AI, you'd expect cybersecurity experts to soon be obsolete. AI will securely configure systems, detect abnormal behavior and react faster than any human ever can.

Accel Has a Fresh $650 Million to Back European Early-Stage Startups

2024-05-13

TechCrunch: Early-stage rounds continue to account for the majority of investments in the European startup market, and one of the biggest firms in the region announced a new fund to bolster that trend.

Aussie Software Firm Iress Flags Data Breach At Third-Party Platform

2024-05-12

Yahoo News: Australia's Iress Ltd over the weekend detected and contained an unauthorized access of the firm's space on a third-party platform which is used to manage its pre-production software code, the financial software firm said.

Know Your Breach: University System of Georgia

The Target: University System of Georgia is a state government agency that operates 26 public colleges and universities in Georgia with over 340,000 students.

The Take: The cybercriminals accessed: Full or partial (last four digits) of Social Security Number, Date of Birth, Bank account number(s), Federal income tax documents with Tax ID number.

The Vector: The Clop ransomware gang leveraged a zero-day vulnerability in Progress Software MOVEit Secure File Transfer solution in late May 2023 to conduct a massive worldwide data theft campaign.

This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

Third-Party Data Breaches Rose 49% in 2023, Reaching Record Level, New Prevalent Study Finds

2024-05-08

Business Wire: Prevalent Inc. published its 2024 Third-Party Risk Management Study, finding that 61% of companies experienced a third-party data breach or cybersecurity incident last year. Breaches rose 20 points — or 49% — year over year, increasing threefold since 2021.

Microsoft Will Hold Executives Accountable for Cybersecurity

2024-05-08

Dark Reading: Microsoft will make organizational changes and hold senior leadership directly accountable for cybersecurity as part of an expanded initiative to bolster security across its products and services.

The Art Of Cybersecurity Governance: Safeguarding Beyond Code

2024-05-08

Forbes: In today's interconnected digital landscape, cybersecurity isn't only about intricate coding, firewalls and endpoint detection and response software. It transcends technical prowess, encompassing an entire governance ecosystem to ensure an alignment between security programs and business objectives.

Cybersecurity Professionals Say Generative AI Can Be Exploited in Cyberattacks — But It Can Also Be a Powerful Defense

2024-05-08

Yahoo Finance: Generative AI has become a double-edged sword for the security of connected networks. On one hand, generative AI can speed up cybersecurity problems, making it easier and cheaper for bad actors to conduct identity attacks.

US Deploys Commerce and Communications Against Cyber Threats, Blinken Says

2024-05-07

CSO Online: The US government is doing everything it can to manage the cybersecurity challenges of quantum computing, cloud strategies, and generative AI and trying to secure sensitive technology hardware, Secretary of State Anthony Blinken said.

Synopsys to Sell Unit for as Much as $2.1 Billion to Private Equity Firms

2024-05-06

Yahoo Finance: Chip-design company Synopsys Inc. is selling its software integrity business to two private equity firms for as much as $2.1 billion in cash. Clearlake Capital and Francisco Partners are buying the cybersecurity-focused business and will run it as a new, as-yet unnamed independent company, according to a statement.

New EY Research Reveals Cybersecurity Fears are on the Rise Among US Workers, With a Vast Majority Concerned About AI in cybersecurity

2024-05-06

PR Newswire: Widespread concerns are growing among US employees about escalating cybersecurity threats in the workplace, with 53% worried their organization will be the target of a cyber attack and a third (34%) worried that they may be the ones leaving their organization vulnerable due to their actions, according to new data from Ernst & Young LLP.

Know Your Breach: OWASP

The Target: The OWASP (Open Web Application Security Project) Foundation is a nonprofit organization focused on improving the security of software. It provides freely available resources, tools, and documentation to help organizations develop, deploy, and maintain secure software applications.

The Take: The incident impacted OWASP members from 2006 to around 2014 who provided their resumes as part of joining OWASP. Exposed resumes contained names, email addresses, phone numbers, physical addresses, and other personally identifiable information.

The Vector: In late February 2024, the Foundation received a few support requests and became aware of a misconfiguration of OWASP’s old Wiki web server. The misconfiguration led to a data breach involving old member resumes.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Cyber Firms Island, Corelight Raise Big

2024-04-30

Crunchbase: Cybersecurity venture funding saw a small bounce back in the first quarter of the year and a couple of large raises may indicate that trend continuing.

US Merger Rules May Rein In Private Equity Cybersecurity Spending

2024-04-30

Yahoo Finance: In April 2024, UK cybersecurity company Darktrace agreed to be bought by US private equity (PE) company Thoma Bravo in a $5.3bn deal.

Survey: Human Factors Create Significant Cybersecurity Risks for Small and Medium-Sized Businesses, Despite Increased Technology Investment

2024-04-30

Business Wire: Small and medium-sized business (SMB) leaders report that they are investing more time, attention, and budget on cybersecurity, but human factors are getting in the way – including lack of awareness, training and inconsistent policy adherence.

Private Equity Firms Gain Enhanced Cyber Due Diligence and Portfolio Assessments with New Tool from BlackSwan Cyber

2024-04-30

PR Newswire: BlackSwan Cyber, a leading M&A Cybersecurity Advisor, has announced the release of its Cyber Maturity Assessment Platform.

AI Increases Cybersecurity Threats Amidst IT Budget Cuts, Study Warns

2024-04-29

BNN Bloomberg: A new study warns that cybersecurity measures must be prioritized amidst an increasingly sophisticated threat of artificial intelligence (AI).

UK’s Revamped Surveillance Rules Become Law Despite Industry Opposition

2024-04-29

CSO Online: The UK’s Investigatory Powers (Amendment) Act (IPAA) received royal assent, making it law and broadening the government’s ability to collect bulk communications data.

Standard Chartered CEO on Why Cybersecurity Has Become a 'Disproportionately Huge Topic' at Board Meetings

2024-04-28

The Record: As the chief executive of one of the largest banks in the world, Bill Winters is constantly identifying, evaluating and taking steps to mitigate risks.