Industry News: ESG5

The Target: Toyota Financial Services is the finance arm of the Toyota Motor Corporation. It is a subsidiary of Toyota and provides a range of financial services to Toyota customers and dealerships worldwide.

The Take: Threat actors gained access to full names, residence addresses, contract information, lease-purchase details, and IBAN (International Bank Account Number).

The Vector: Threat actors likely exploited the vulnerability Citrix Bleed to gain initial access to the company’s network.

This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

Read more...

2023-12-13

Financial Newswire: Less than a week after the Australian Prudential Regulation Authority (APRA) imposed additional license conditions on NGS Super over a cyber breach, a new white paper is arguing that managing communications to members is key to minimizing reputational damage.

Read more...

2023-12-13

BNN Bloomberg: The Commodity Futures Trading Commission proposed new cybersecurity rules for brokerages and swaps dealers in response to this year’s highly disruptive ransomware attack on software company Ion Trading UK. 

Read more...

2023-12-13

Forbes: Embarking upon the cyber frontier, this article aims to delve into the dynamic landscape of data privacy and cybersecurity, unveiling the intricate measures organizations adopt to stay at the forefront of digital defense.

Read more...

2023-12-12

CFO Dive: When Seth Cohen started his career in corporate finance as an analyst at Lehman Brothers, it was long before the internet exploded into a worldwide phenomenon.

Read more...

2023-12-12

PR Newswire: Bitsight, a leader in managing and monitoring cyber risk, announced the results of a joint study with Google analyzing how organizations perform across cybersecurity controls in the Minimum Viable Secure Product (MVSP) framework—a minimum security baseline for enterprise-ready products and services.

Read more...

2023-12-12

The Insurer: Since the launch of ChatGPT a year ago, the status of AI has rapidly evolved from headline-grabbing novelty to serious discipline. Preparedness for its impact on cybersecurity is also rapidly improving.

Read more...

2023-12-11

BNN Bloomberg: Taiwan’s financial system undergirds a $760 billion high-tech economy, but its vulnerability to advanced hacks has raised fears of a worst-case scenario: a full-blown cyberattack from China that sends its currency and markets into a tailspin.

Read more...

The Target: HTC Global Services is a managed service provider offering technology and business services to the healthcare, automotive, manufacturing, and financial industries.

The Take: The leaked data includes passports, contact lists, emails, and confidential documents allegedly stolen during the attack.

The Vector: While little information about the attack on HTC is available, cybersecurity professional Kevin Beaumont believes the company was breached using the Citrix Bleed vulnerability. According to Beaumont, one of HTC's business units, CareTech, operated a vulnerable Citrix Netscaler device, which was exploited for initial access to the company's network.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

2023-12-07

Yahoo Finance: Blackstone Inc. has provided a more than $1 billion private credit loan package for BeyondTrust, a cybersecurity company, according to people with knowledge of the transaction.

Read more...