shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: MediSecure

      The Target: MediSecure, an Australian electronic prescription provider.

      The Take: The impacted data included personal information including full names, titles, dates of birth, gender, email addresses, phone numbers, and individual healthcare identifiers (IHI).

      The Vector: An early forensic investigation by the company into the relevant impact of the incident indicated that 6.5TB of data stored on a database server was likely exfiltrated by a malicious third-party actor, although, encrypted servers couldn’t be examined for further details.

      This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

      Read more...

      CrowdStrike Blames Defect in Content Update for Epic IT Crash

      2024-07-24

      BNN Bloomberg: CrowdStrike Holdings Inc., the cybersecurity company at the center of massive global IT outages, said that a bug in a safety mechanism allowed flawed data to go out to customers in a botched update, causing last week’s meltdown.

      Read more...

      Female-Led Cybersecurity Startup Protexxa secures $10 Million in Funding

      2024-07-24

      Tech Funding News: Protexxa, one of the fastest-growing cybersecurity companies in Canada has closed a $10 million Series A funding round. 

      Read more...

      Optiv Report Shows Nearly 60% of Respondents Surveyed Increased Security Budgets as Most Organizations Report Cyber Breaches and Incidents

      2024-07-24

      Yahoo Finance: Optiv, the cyber advisory and solutions leader, has published its 2024 Threat and Risk Management Report, which examines how organizations' cybersecurity investments and governance priorities are keeping up with the evolving threat landscape.

      Read more...

      Cybersecurity Firm Wiz Rejects $23 Billion Bid From Google Parent Alphabet

      2024-07-23

      The Guardian: The cybersecurity firm Wiz has turned down a $23bn (£18bn) takeover bid from Google’s parent, Alphabet, spurning what would have been the tech company’s biggest ever acquisition and seeking a stock market flotation instead.

      Read more...

      Judge Deals Major Blow to SEC’s Cybersecurity Enforcement Stance

      2024-07-23

      CFO Dive: A recent ruling in the Securities Exchange Commission’s lawsuit against Austin, Texas-based software provider SolarWinds has dealt a significant blow to the agency’s aggressive cybersecurity enforcement posture, legal analysts said.

      Read more...

      Hackers Leak Documents From Pentagon IT Services Provider Leidos, Bloomberg News Reports

      2024-07-23

      Yahoo Finance/Reuters: Hackers have leaked internal documents stolen from Leidos Holdings Inc, one of the largest IT services providers to the U.S. government, Bloomberg News reported, citing a person familiar with the matter.

      Read more...

      Shocked, Devastated, Stuck: Cybersecurity Pros Open Up About Their Layoffs

      2024-07-23

      Dark Reading: Tony Bradley, a seasoned communications professional in the cybersecurity industry, was blindsided when he was recently laid off from his role as a marketing director.

      Read more...

      Know Your Breach: Trello

      The Target: Trello is an online project management tool owned by Atlassian. Businesses commonly use it to organize data and tasks into boards, cards, and lists.

      The Take: The leaked data includes email addresses and public Trello account information, including the user's full name.

      The Vector: While Atlassian, the owner of Trello, did not confirm at the time how the data was stolen, emo (the threat actor) said it was collected using an unsecured REST API that allowed developers to query for public information about a profile based on users' Trello ID, username, or email address.

      As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.

      Read more...

      New UK Government Unveils Bills for AI, Cybersecurity and Resilience to Boost Tech Outlook

      2024-07-18

      Tech Radar: The King has unveiled the newly-elected Labour government’s first drafted bills and legislation to the UK Parliament, including several pieces relating to technology.

      Read more...

      Orgs Are Finally Making Moves to Mitigate GenAI Risks

      2024-07-17

      Dark Reading: A new analysis by Netskope of anonymized AI app usage data from customer environments showed substantially more organizations have begun using blocking controls, data loss prevention (DLP) tools, live coaching, and other mechanisms to mitigate risk.

      Read more...

      London Cyber Firm CultureAI Raises £8 Million to Double Workforce and ‘Fix Human Error’

      2024-07-17

      City A.M: London-based tech company CultureAI has secured $10m (£7.7m) in a Series A funding round, co-led by Mercia Ventures and Smedvig Ventures. The investment is set to propel CultureAI’s product development, double its workforce and support its expansion into the US market.

      Read more...

      Cybersecurity Funding Jumps 144% In Q2

      2024-07-17

      Crunchbase: Venture funding to cybersecurity startups had its best quarter since Q1 2022 — surging 144% year to year — and seemingly building off a strong start to the year.

      Read more...

      Kaspersky Lab Shuts Down US Operations in Wake of National Security Ban

      2024-07-16

      CSO Online: Russian security firm Kaspersky Lab has informed its employees in the United States that the company will begin winding down its US operations starting July 20, according to a report from Zero Day.

      Read more...

      The Cybersecurity Industry is Projected to Boom. These ETFs Aim to Cash in on That

      2024-07-16

      Advisor.ca: Ticketmaster’s recent data security incident, which potentially compromised the personal information of millions of people, is a poignant reminder of the need for individuals, organizations and companies to take cybersecurity seriously, says Raj Lala, president and CEO of Evolve Funds Group Inc. in Toronto.

      Read more...

      Google Nears $23 Billion Deal for Cybersecurity Firm Wiz, WSJ Reports

      2024-07-14

      BNN Bloomberg: Google parent Alphabet Inc. is in advanced talks to buy cybersecurity startup Wiz in a deal that could fetch $23 billion, the Wall Street Journal reported, citing people with knowledge of the matter.

      Read more...

      Know Your Breach: Twilio

      The Target: U.S. messaging giant Twilio.

      The Take: Data associated with Authy accounts, including 33 million phone numbers.

      The Vector: Twilio detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint.

       This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

      Read more...

      Almost 60% of Corporate Cybersecurity Budgets are Higher This Year: Report

      2024-07-03

      CFO Dive: The findings come as businesses grapple with escalating cybersecurity threats. Sixty-one percent of organizations represented in the research had a data breach or cybersecurity incident in the past two years. More than half of respondents (55%) said their organization has experienced more than four to five of such incidents.

      Read more...

      India Cenbank Governor Pushes for Stronger Governance, Cybersecurity in Banks

      2024-07-03

      Yahoo Finance: Indian lenders must strengthen their governance standards and ensure robust cybersecurity controls to curb digital frauds, the governor of the Reserve Bank of India (RBI) told bank chiefs.

      Read more...

      Saudi Arabia Cybersecurity Market Set to Attain Valuation of USD 10.5 Billion By 2032

      2024-07-03

      GlobeNewswire: According to the latest Astute Analytica research, the Saudi Arabia cybersecurity market was valued at US$ 3.6 billion in 2023 and is anticipated to reach US$ 10.5 billion by 2032 at a CAGR of 12.98% during the forecast period 2024–2032.

      Read more...

      The Future Of The Cybersecurity Profession With The Rise Of AI

      2024-07-03

      Forbes: From healthcare to manufacturing to agriculture and beyond, artificial intelligence (AI) is revamping business models and creating new opportunities for organizations to innovate.

      Read more...

      US Supreme Court Ruling Will Likely Cause Cyber Regulation Chaos

      2024-07-02

      CSO Online: The US Supreme Court has issued a decision that could upend all federal cybersecurity regulations, moving ultimate regulatory approval to the courts and away from regulatory agencies.

      Read more...

      Evolve Bank Shares Data Breach Details as Fintech Firms Report Being Hit

      2024-07-02

      SecurityWeek: The notorious ransomware group LockBit recently threatened to leak data allegedly stolen from the US Federal Reserve. The cybercriminals did leak data on June 26, but it turned out that the files actually originated from an Arkansas-based financial organization, Evolve Bank & Trust.

      Read more...

      Cyber Insurance Rates Fall As Businesses Improve Security, Report Says

      2024-07-02

      MSN: Cyber insurance premiums are falling globally as businesses become more adept in curbing their losses from cyber crime, even as ransomware attacks are rising, broker Howden said in a report.

      Read more...

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates