shutterstock_490960141-1

Industry News: ESG5

    Know Your Breach: PayPal

    The Target: Digital payments giant PayPal

    The Take: Hackers had access to names, addresses, Social Security numbers, individual tax identification numbers and dates of birth.

    The Vector: The threat actors behind the PayPal breach used a tactic called credential stuffing, where attackers use stolen username/password combinations from one data breach to attempt to log into other websites and services.

    This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

    Read more...

    Finra Reports Rising Risks From AI, Cybersecurity, Investment Fraud

    2025-01-30

    Investment News: The constantly evolving landscape of third-party risks that are seen by Finra staff have been highlighted in its 2025 Regulatory Oversight Report.

    Read more...

    88% of High-Uncertainty Firms Report Significant Cybersecurity Risks

    2025-01-30

    PYMNTS: Cybersecurity is a major concern for CFOs of middle-market firms, especially those facing high uncertainty due to fluctuating demand, supply chain disruptions, or macroeconomic volatility. These challenges create financial strain and long-term strategic setbacks.

    Read more...

    The Growing Complexity of Global Cybersecurity: Moving From Challenges to Action

    2025-01-29

    World Economic Forum: While the complexity of today's cyber environment is daunting, our focus at the World Economic Forum's Centre for Cybersecurity must be on translating this complexity into concrete actions that organizations can implement to enhance their resilience.

    Read more...

    Cyber Security Market Size to Reach $578.2 Billion, Globally, by 2033 at 10.4% CAGR: Allied Market Research

    2025-01-28

    GlobeNewswire: Rise in cyber threats and surge in remote work trends are the factors expected to propel the growth of the global cybersecurity market. However, factors such as high implementation costs and a shortage of skilled professionals are anticipated to hamper the growth of the global market. 

    Read more...

    5 Ways Boards Can Improve Their Cybersecurity Governance

    2025-01-28

    CSO Online: As chairman of the board for Cinturion Group, Richard Marshall is intimately involved in ensuring the security of the fiber optic network his company is constructing from India through the Middle East and on to Europe.

    Read more...

    DeepSeek Hit With Large-Scale Cyberattack, Says it’s Limiting Registrations

    2025-01-27

    CNBC: DeepSeek said it would temporarily limit user registrations “due to large-scale malicious attacks” on its services, though existing users will be able to log in as usual.

    Read more...

    India's central bank asks lenders to tighten cybersecurity oversight

    2025-01-27

    MarketScreener: India's central bank said its chief has urged banks to tighten their oversight on cybersecurity issues and to have systems in place that can prevent digital fraud.

    Read more...

    Know Your Breach: Otelier

    The Target: Otelier, previously known as MyDigitalOffice, is a cloud-based hotel management solution used by over 10,000 hotels worldwide to manage reservations, transactions, nightly reports, and invoicing.

    The Take: The small samples seen by BleepingComputer include a broad range of data, including hotel guest reservations, transactions, employee emails, and other internal data. Some of the personal information exposed includes hotel guests' names, addresses, phone numbers, and email addresses.

    The Vector: The threat actors behind the Otelier breach told BleepingComputer that they initially hacked the company's Atlassian server using an employee's login. These credentials were stolen through information-stealing malware, which has become the bane of corporate networks over the past few years.

    This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

    Read more...

    Automation and AI-Driven Firewall Policy Management Become Essential for Cybersecurity and Compliance

    2025-01-22

    Business Wire: As organizations expand their digital ecosystems, the complexity of managing firewall policies across hybrid and multi-cloud environments continues to rise.

    Read more...

    Security Chiefs Whose Companies Operate in the EU Should be Exploring DORA Now

    2024-01-22

    CSO Online: If your enterprise operates in Europe, you should care about the Digital Operational Resilience Act (DORA), which took effect on January 17. 

    Read more...

    Trump Fires Cyber Safety Board Investigating Salt Typhoon Hackers

    2025-01-21

    Dark Reading: In its first full day, the Trump administration axed all advisory committee members within the Department of Homeland Security, including the people that make up the Cybersecurity and Infrastructure Security Agency's (CISA) Cyber Safety Review Board (CSRB).

    Read more...

    Adoption of AI in Cybersecurity Grows, but Experts Say Risks Remain High

    2025-01-21

    PYMNTS: With scams, fraud and new ways for criminals to commit financial crimes springing up seemingly by the hour, the World Economic Forum 2025 in Davos, Switzerland, has placed cybersecurity front and center.

    Read more...

    A New Line of Defense: Cybersecurity Startup Zynap Raises €5.7 Million for Threat Intelligence

    2025-01-21

    EU Startups: Zynap, a Barcelona-based cybersecurity startup leveraging Gen-AI to fight cybercrime proactively by simulating cyber threat tactics, has announced its launch and close of their €5.7 million funding round to fuel their expansion plans.

    Read more...

    Cognizant and CrowdStrike Partner to Drive Enterprise Cybersecurity Transformation

    2025-01-21

    Yahoo Finance: Cognizant and CrowdStrike announced a strategic partnership to drive enterprise security transformation by delivering cybersecurity services, powered by the AI-native CrowdStrike Falcon® cybersecurity platform.

    Read more...

    President Trump Repeals Biden’s AI Executive Order

    2025-01-20

    TechCrunch: During his first day in office, President Donald Trump revoked a 2023 executive order signed by former President Joe Biden that sought to reduce the potential risks AI poses to consumers, workers, and national security.

    Read more...

    Know Your Breach: Casio

    The Target: Japanese electronics manufacturer Casio.

    The Take: For the nearly 6,500 employees impacted, basic information collected by human resources was accessed, including names, employee numbers, email addresses and departments. Some employees had other information like gender, date of birth and home address leaked while a small number of those affected had taxpayer ID numbers exposed.

    The Vector: An investigation conducted by an outside cybersecurity firm sourced the ransomware attack back to phishing emails that allowed the hackers into Casio’s servers.

    As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.

    Read more...

    Biden Administration Launches Cybersecurity Executive Order

    2025-01-16

    CNBC: The Biden administration announced an executive order on cybersecurity that imposes new standards for companies selling to the U.S. government and calls for greater disclosure from software providers.

    Read more...

    What The Response To SEC Cybersecurity Oversight Says About The Need For A New Security Paradigm

    2025-01-15

    Forbes: The Securities and Exchange Commission (SEC) implemented new rules governing the reporting of material data breaches in order to keep investors better informed about the cybersecurity risks public companies face. 

    Read more...

    L&G ETF Undergoes Cybersecurity Index Rebranding

    2025-01-15

    Investing.com: Legal & General UCITS ETF PLC, a prominent investment management company, has announced an upcoming change to one of its sub-funds, specifically the L&G Emerging Cyber Security ESG Exclusions UCITS ETF. 

    Read more...

    Cyber Disruptions Remain Top Business Risk Concern in US, Globally

    2025-01-15

    Cybersecurity Dive: Cybersecurity risk, including ransomware, data breaches and IT disruptions, remained the top business concern in the U.S. and worldwide over the past year, according to the Allianz Risk Barometer.

    Read more...

    Big Rounds Push Cybersecurity Comeback

    2025-01-15

    Crunchbase: Cybersecurity venture investment jumped 43% in 2024 from the previous year as big rounds came back strong. That was despite flat funding quarter to quarter in Q4 and a smaller number of deals during the year.

    Read more...

    CISA Unveils ‘Secure by Demand’ Guidelines to Bolster OT Security

    2025-01-15

    CSO Online: The US Cybersecurity and Infrastructure Security Agency (CISA), along with its international cybersecurity allies, has unveiled the "Secure by Demand" guidelines to safeguard operational technology (OT) environments. 

    Read more...

    Ashford Inc. to Settle Negligence-Based Charges for Misleading Investors Regarding a Cyber Incident

    2025-01-13

    U.S. Securities and Exchange Commission (SEC): The Securities and Exchange Commission filed settled charges against Ashford Inc. for materially false and misleading disclosures to investors regarding a cyber incident.

    Read more...

    Know Your Breach: PowerSchool

    The Target: PowerSchool is a cloud-based software solutions provider for K-12 schools and districts that supports over 60 million students and over 18,000 customers worldwide. The company offers a full range of services to help school districts operate, including platforms for enrollment, communication, attendance, staff management, learning systems, analytics, and finance.

    The Take: PowerSchool has confirmed that the stolen data primarily contains contact details such as names and addresses. However, for some districts, it could also include Social Security numbers, personally identifiable information, medical information, and grades.

    The Vector: After investigating the incident, it was determined that the threat actor gained access to the portal using compromised credentials and stole data using an "export data manager" customer support tool. Using this tool, the attacker exported the PowerSchool SIS 'Students' and 'Teachers' database tables to a CSV file, which was then stolen.

    This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

    Read more...

    Railpen and RLAM Issue Cybersecurity Guidance for Investors

    2025-01-08

    Funds Europe: Railpen, the pension manager of the UK rail industry, and Royal London Asset Management (RLAM) have jointly published a report to address the growing threat of cybersecurity risks in investment portfolios.

    Read more...

    Investors Narrow Scope of Cyber Funding Deals in 2024

    2025-01-08

    Cybersecurity Dive: The lookback on cybersecurity funding underscored a continuing trend toward larger deals in the sector. Total funding was up year over year while the number of rounds declined.

    Read more...

    Cybersecurity Funding Reached $9.5 Billion in 2024: Report

    2025-01-08

    SecurityWeek: Funding raised by cybersecurity firms increased to $9.5 billion last year amid a decrease in funding volume, a new report from cybersecurity recruitment firm Pinpoint Search Group shows.

    Read more...

    From Budget To Breach Prevention: Mastering Cybersecurity Investments

    2025-01-08

    Forbes: I was recently at an executive forum and engaged in a dialogue with roughly a dozen peers. The routine introductions broke the ice until I shared that I was in the cybersecurity field.

    Read more...

    90 Percent of Business Leaders Lack Faith in AI-driven Cybersecurity Solutions, Arelion Report Reveals

    2025-01-07

    PR Newswire: According to the findings of a new report from Arelion, a staggering 90 percent of decision makers believe that hackers are more likely to trick AI-based cybersecurity tools than those operated by humans - especially for 34 percent of US and 29 percent of UK business leaders.

    Read more...

    ‘We Have To Prioritize Cybersecurity’ Within Federal Budgets, Outgoing Cyber Czar Says

    2025-01-07

    The Record: The Trump administration shouldn’t abandon an effort to get federal agencies to set cybersecurity priorities as part of their annual budget requests, the nation’s outgoing cyber czar said.

    Read more...

    US Cyber Watchdog Says No Indication Breach At Treasury Hit Other Federal Agencies

    2025-01-06

    Yahoo News: The U.S. cyber watchdog agency CISA said there was "no indication" the recently reported breach at the U.S. Treasury Department had affected any other federal agency.

    Read more...

    About Castle Hall Diligence

    Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

    Subscribe to Cyber Updates