.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: California’s Public Employees' Retirement System, the largest public pension fund in the U.S., managing more than $477 billion in assets for over 1.5 million public employees, retirees, and their families in California.
The Take: First and last names; dates of birth; and social security numbers. It could have also included the names of former or current employers, spouse or domestic partner, and child or children.
The Vector: The organization said that it was informed on June 6 by a third-party vendor – PBI Research Services/Berwyn Group – that data was accessed by hackers exploiting the MOVEit file transfer tool.
This breach serves as a reminder of the risks associated with third-party vendors and highlights the need for stringent security measures and oversight when handling sensitive customer information.
Forbes: The rapid growth of artificial intelligence (AI) has invented a new wave of challenges and concerns. Newer technologies such as ChatGPT, robotic surgeries, threat analytics and cybersecurity automation create relationships where protection and harm collectively operate.
Yahoo Finance: BlackBerry posted a surprise profit for the first quarter as its cybersecurity business benefited from higher client spending, while its enterprise software continued to gain traction in automotive sector.
CSO: Research suggests UK banks are lagging on email cybersecurity measures exposing customers, staff, and stakeholders to increased risk of email-based impersonation attacks.
Yahoo News: A trend accelerated by the mass move to digital during the pandemic, enterprises are having to handle an increasing amount of proprietary data.
Middle Market Growth: The exponential increase in both frequency and severity of cybersecurity breaches over the past few years has prompted the U.S. Securities and Exchange Commission (SEC) to propose significant new cybersecurity rules.
Central Western Daily: Medibank says it will have no problems complying with orders to carry an additional $250 million in capital after a catastrophic data breach.
BNN Bloomberg: Suncor Energy Inc. falling victim to a cyberattack may be the most significant cybersecurity breach of an oil and gas company thus far in Canadian history, experts say.
The Target: Intellihartx, a company providing patient balance resolution services to hospitals.
The Take: Personal information of roughly 490,000 individuals, including names, addresses, insurance data and medical billing, diagnosis and medication information, birth dates, and Social Security numbers.
The Vector: The cyberattack exploited a zero-day vulnerability in Fortra’s GoAnywhere managed file transfer software. Tracked as CVE-2023-0669 and leading to remote code execution, the flaw had been exploited starting January 28.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
Forbes: The escalating frequency and severity of cyberattacks has made it clear that organizations must fortify their defenses to safeguard sensitive information and maintain the trust of customers and stakeholders.
Financial Standard: The California Public Employees' Retirement System (CalPERS) is alerting its retired members and their relevant family members that some of their personal information was downloaded in an attack on one of its third-party providers' systems.
US News: Australian Perpetual confirmed an extended tech outage over an IT security incident, affecting some of its funds, though the fund manager reaffirmed that all its client investments and its own systems were unaffected and secure.
Yahoo Finance: Artificial Intelligence is a doubt-edged sword for cybersecurity. For example, a key talking point at the RSA Conference 2023, as cited on techtarget.com, was the multifaceted impact of OpenAI's GPT-4 on cybersecurity.
Dark Reading: The cyber landscape continues to evolve as its economy grows. Ransomware attacks already account for trillions of dollars in damages to enterprises each year and standardized and sophisticated offerings such as ransomware-as-a-service and phishing-as-a service will soon become commonplace.
The Record: James Babbage, the head of the United Kingdom’s National Cyber Force (NCF), is to leave his role commanding the nation’s elite hacking capabilities later this month to take the reins at the National Crime Agency’s (NCA) directorate for economic and organized crime threats.
MSN: The European Investment Bank (EIB) has been hit by a cyber attack suspected to have been orchestrated by Russian hackers, days after threats to bring down the Western financial system.
The Target: Scranton Cardiology
The Take: Exposure of Personally Identifiable Information including: full names, physical addresses, dates of birth, social security numbers, driver’s license, passport numbers, credit card and bank number details, and some medical information.
The Vector: The breach occurred through a “brute-force” attack where the threat actor uses a program to sequentially try every combination to a password protected system.
This breach is a critical reminder of standards and processes around password hygiene. Length and complexity for passwords, no matter where in a firm’s system they are set, is crucial for a robust overall cyber-security posture. When attackers gain access to legitimate employee credentials, they can act with all the permissions and privileges belong to the user.
OpenPR: Cybersecurity-as-a-Service is a cloud-based approach to outsourcing cybersecurity, where security services are provided on a subscription basis and hosted by cloud providers.
Forbes: Given the speed and scope of digital transformation and related technologies, our vision of what these innovations can achieve encompasses what is possible today and the endless possibilities of tomorrow.
CoinDesk: Floating Point Group (FPG), an institutional trading desk specializing in cryptocurrencies, suffered a cyber attack on Sunday, June 11, which resulted in a loss of between $15 million and $20 million in crypto, a spokesman for the firm told CoinDesk.
Bleeping Computer: U.S. and international cybersecurity authorities said in a joint LockBit ransomware advisory that the gang successfully extorted roughly $91 million following approximately 1,700 attacks against U.S. organizations since 2020.
CNBC: China’s cyber-espionage and sabotage capacities are an “epoch-defining threat,” the top U.S. cybersecurity official said, warning that in the event of open warfare “aggressive cyber operations” would threaten critical U.S. transportation infrastructure “to induce societal panic.”
IT World Canada: It can take Canadian organizations up to 48 days to detect and recover from a cyber attack, according to a new survey of infosec professionals.
BNN Bloomberg: Demand for cybersecurity remains front and centre for companies looking to keep up in the tech era, which is why one analyst says she is bullish on stocks within the sector.
The Target: Neho, a Swiss-based online real estate agency.
The Take: Exposure of sensitive login credentials to Neho’s systems, potentially allowing attackers full access to databases, source-code, configuration profiles and more.
The Vector: A misconfiguration on Neho’s website exposed login credentials to their systems to the public, allowing anyone with internet access who obtained these credentials to login as an authenticated Neho user.
This breach is a critical reminder of how important access control is for overall cybersecurity. If an attacker obtains access to vetted credentials, they can pivot their movements into possibly every system belonging to the firm, making the attack an order of magnitude more deadly. Safe and secure storage of login credentials is essential to protecting a firm and their customers.
Forbes: As automation increases, so does the extent of systematic cyber risk. Cybersecurity measures are thus prudent since it is only by looking through the lens of the hacker can one avail a progressive insight as to the best means of securing and protecting data.
SecurityWeek: A decentralized cryptocurrency wallet service with roughly five million users, Atomic is available on all major operating systems, including Windows, macOS, Linux, Android, and iOS.
Plan Adviser: Commenters replying to the Securities and Exchange Commission’s three cybersecurity proposals requested additional flexibility and two years to comply with anything the regulator adopts, based on responses submitted through the deadline.
PR Newswire: Demand for cybersecurity talent continues to outpace supply, according to the latest data from CyberSeek, the joint initiative of the National Institute of Standards and Technology's (NIST) NICE program, Lightcast and CompTIA.
CSO: Microsoft revealed on May 24 that the Chinese threat group Volt Typhoon attempted to gain access to communications systems in the United States, including Navy infrastructure on Guam.
Dark Reading: Researchers investigating a supply chain attack disclosed by 3CX in March found it had an unusual and alarming origin: another company's supply chain attack.
Yahoo Finance: Rubrik Inc, a U.S. cybersecurity software startup backed by Microsoft Corp and valued at $4 billion in a fundraising round two years ago, has hired banks for an initial public offering, four people familiar with the matter said.
The Target: Toyota, a Japanese car manufacturer
The Take: Two cloud databases exposed Personally Identifiable Information including: physical address, name, phone number, email address, customer ID, vehicle registration number, and vehicle identification numbers.
The Vector: Several misconfigured cloud databases were left open and unsecured with no password, meaning anyone with an internet connection could have downloaded the data.
Securing access to databases through rigorous password hygiene is an essential component of security, and cloud databases are no exception. Furthermore, the data stolen in this attack can be used for crafting highly effective automotive-based phishing attacks. Regular security compliance reviews can help prevent these breaches.
Business Wire: Galvanick, the cybersecurity solution for protecting industrial infrastructure against cyber attacks, announced its $10 million seed round.
Yahoo Finance: EC-Council, the global leader in cybersecurity education and training, released its Certified Chief Information Security Officer Hall of Fame Report, honouring the top 50 Certified CISOs globally.
Dark Reading: Despite a more cautious approach to financing, investors continue to scour the country for the next generation of cybersecurity startups that can aid enterprises in the never-ending quest to safeguard critical IT systems.
Investment Executive: The recent data breach that affected customers of Toronto-based InvestorCOM Inc. has reminded large financial services firms of the importance of cybersecurity preparation.
PR Newswire: Governments worldwide are becoming increasingly digital, leading to more prevalent and more diverse cyberattacks.
Mondaq: Recent enforcement actions highlight the increased regulatory scrutiny that private funds may face with respect to internal cybersecurity protocols and responses to cyber-crimes and cyber incidents under new and updated cybersecurity laws.
The Guardian: About 90 organizations have reported breaches of personal information held by Capita after the outsourcing group suffered a cyber-attack, Britain’s data watchdog has said.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy