.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: University System of Georgia is a state government agency that operates 26 public colleges and universities in Georgia with over 340,000 students.
The Take: The cybercriminals accessed: Full or partial (last four digits) of Social Security Number, Date of Birth, Bank account number(s), Federal income tax documents with Tax ID number.
The Vector: The Clop ransomware gang leveraged a zero-day vulnerability in Progress Software MOVEit Secure File Transfer solution in late May 2023 to conduct a massive worldwide data theft campaign.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
Business Wire: Prevalent Inc. published its 2024 Third-Party Risk Management Study, finding that 61% of companies experienced a third-party data breach or cybersecurity incident last year. Breaches rose 20 points — or 49% — year over year, increasing threefold since 2021.
Dark Reading: Microsoft will make organizational changes and hold senior leadership directly accountable for cybersecurity as part of an expanded initiative to bolster security across its products and services.
Forbes: In today's interconnected digital landscape, cybersecurity isn't only about intricate coding, firewalls and endpoint detection and response software. It transcends technical prowess, encompassing an entire governance ecosystem to ensure an alignment between security programs and business objectives.
Yahoo Finance: Generative AI has become a double-edged sword for the security of connected networks. On one hand, generative AI can speed up cybersecurity problems, making it easier and cheaper for bad actors to conduct identity attacks.
CSO Online: The US government is doing everything it can to manage the cybersecurity challenges of quantum computing, cloud strategies, and generative AI and trying to secure sensitive technology hardware, Secretary of State Anthony Blinken said.
Yahoo Finance: Chip-design company Synopsys Inc. is selling its software integrity business to two private equity firms for as much as $2.1 billion in cash. Clearlake Capital and Francisco Partners are buying the cybersecurity-focused business and will run it as a new, as-yet unnamed independent company, according to a statement.
PR Newswire: Widespread concerns are growing among US employees about escalating cybersecurity threats in the workplace, with 53% worried their organization will be the target of a cyber attack and a third (34%) worried that they may be the ones leaving their organization vulnerable due to their actions, according to new data from Ernst & Young LLP.
The Target: The OWASP (Open Web Application Security Project) Foundation is a nonprofit organization focused on improving the security of software. It provides freely available resources, tools, and documentation to help organizations develop, deploy, and maintain secure software applications.
The Take: The incident impacted OWASP members from 2006 to around 2014 who provided their resumes as part of joining OWASP. Exposed resumes contained names, email addresses, phone numbers, physical addresses, and other personally identifiable information.
The Vector: In late February 2024, the Foundation received a few support requests and became aware of a misconfiguration of OWASP’s old Wiki web server. The misconfiguration led to a data breach involving old member resumes.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Crunchbase: Cybersecurity venture funding saw a small bounce back in the first quarter of the year and a couple of large raises may indicate that trend continuing.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Prague
2nd Floor, The Park
V Parku 8
Chodov, Praha, 148 00
Czech Republic
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy