.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Finastra provides software and services to roughly 8,000 financial institutions worldwide, including 45 of the top 50 banks. Based in London, the company has offices in 42 countries.
The Take: A threat actor using the moniker ‘abyss0’ announced on a dark web cybercrime forum that they were selling 400 gigabytes of data allegedly stolen in the attack and belonging to the fintech giant’s customers.
The Vector: The security incident occurred on November 7, 2024, when an attacker used compromised credentials to access one of Finastra's Secure File Transfer Platform (SFTP) systems.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
Dark Reading: Though funding for cybersecurity startups began slowing globally in late 2022, Israeli startups continue to win significant cybersecurity investments, even with the nation's ongoing military operation in Gaza and escalating regional tensions.
BNN Bloomberg: CrowdStrike Holdings Inc. fell in early trading after the cybersecurity company issued a weaker-than-expected earnings forecast, disappointing investors who have been watching for signs that it has recovered from a flawed update that crashed computers around the world.
Bleeping Computer: A Kansas City man has been indicted for allegedly hacking into computer networks and using this access to promote his cybersecurity services.
BNN Bloomberg: Cybersecurity startup Halcyon Tech Inc. is the industry’s latest unicorn, reaching $1 billion valuation in a deal to raise $100 million as it aims to combat the rise of ransomware attacks.
The Target: Maxar Space Systems is a major player in the American aerospace industry, considered an expert in building communication and Earth observation satellites.
The Take: Maxar Space Systems says that the attacker likely has access to a system that contained the following employee information: name, home address, social security number, business contact information, gender, employment status, employee number, job title, hire/job termination start dates, supervisor, department.
The Vector: The information security team discovered that a hacker using a Hong Kong-based IP address targeted and accessed a Maxar system containing certain files with employee personal data.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
TechCrunch: Wiz, one of the most talked-about names in the world of cybersecurity, is making a significant acquisition to expand its product reach in cloud security, particularly with developers.
SecurityWeek: The US government’s cybersecurity agency CISA on Tuesday confirmed that director Jen Easterly and deputy Nitin Natarajan will depart on January 20, clearing the way for a leadership overhaul by the incoming administration.
CFO Dive: The SEC this year blunted requirements of a rule focused on climate risk disclosure before putting the regulation on hold in the face of legal challenges. Companies would be required to disclose the impact of climate change on their finances, operations and business strategy.
The Target: Retail giant Hot Topic, which has more than 640 stores across the U.S.
The Take: The stolen data includes email addresses, physical addresses, phone numbers, purchases, genders, and dates of birth. Partial credit card data was also included in the breach, including credit card type, expiry dates, and the last four digits of the card number.
The Vector: The breach occurred on October 19 and was claimed by a threat actor operating under the alias “Satanic” on October 21. In a post on the cybercrime forum BreachForums, Satanic claimed to have stolen 350 million user records from Hot Topic and its affiliated brands, Box Lunch and Torrid.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Prague
2nd Floor, The Park
V Parku 8
Chodov, Praha, 148 00
Czech Republic
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy