.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Software bug-tracking company Rollbar
The Take: Sensitive customer information, including usernames and email addresses, account names, and project information, such as environment names and service link configuration.
The Vector: The security breach was discovered by Rollbar on September 6 when reviewing data warehouse logs showing that a service account was used to log into the cloud-based bug monitoring platform. Once inside Rollbar's systems, the threat actors searched the company's data for cloud credentials and Bitcoin wallets.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.
CNBC: Cisco is acquiring cybersecurity software company Splunk for $157 per share in a cash deal worth about $28 billion, the company said in its largest acquisition ever.
PR Newswire: Evolution Equity Partners, a leading cybersecurity-focused venture capital firm, is pleased to announce its partnership with Women Who Code, a global nonprofit organization dedicated to empowering diverse women to excel in technology careers.
TechCrunch: HiddenLayer, a security startup focused on protecting AI systems from adversarial attacks, announced that it raised $50 million in a funding round co-led by M12 and Moore Strategic Ventures with participation from Booz Allen Hamilton, IBM, Capital One and TenEleven.
BNN Bloomberg: The Department of Homeland Security wants Congress and other federal agencies to help it streamline 52 different cyber reporting requirements to protect critical infrastructure and ease regulatory burdens on hacking victims.
Cybersecurity Dive: The Securities and Exchange Commission introduced new requirements for disclosing material cybersecurity incidents on Sept. 5, placing pressure on organizations to adopt robust reporting mechanisms.
Forbes: Recently, research firm Cybersecurity Ventures shared its “Top 10 Cybersecurity Predictions And Statistics For 2023,” which unveiled the alarming fact that global cybercrime financial damage will reach $8 trillion in 2023 and $10.5 trillion by 2025.
Cointelegraph: Bankrupt cryptocurrency exchange FTX has restored its customer claims portal with tighter security protocols, which was previously shut down due to a cyberattack.
The Target: The European aerospace giant Airbus
The Take: The hacker claimed to have details on thousands of Airbus vendors, including names, addresses, phone numbers and emails.
The Vector: Hackers breached an “IT account associated with an Airbus customer” and the company then investigated the incident. This account was used to download business documents dedicated to this customer from an Airbus web portal, the company said.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
Crunchbase: Israel has long taken pride in its blossoming tech startup scene, which has birthed large companies such as Check Point Software, CyberArk and Imperva, and trails only the U.S. in terms of cybersecurity funding.
CSO: More half of the UK population would be supportive of the UK government and its allies breaking international cybersecurity law, under the right circumstances.
Bleeping Computer: Global cryptocurrency exchange CoinEX announced that someone hacked its hot wallets and stole large amounts of digital assets that were used to support the platform's operations.
The Hill: A long overdue policy change to improve corporate governance on cybersecurity is taking effect. These companies are drivers of innovation and critical to the strength of the U.S. economy.
Cybersecurity Dive: MGM Resorts officially disclosed a “cybersecurity issue” with the Securities and Exchange Commission in an 8-K filing, after taking its systems offline earlier.
Forbes: Gone are the days of calling in your stock trades from your local coffee shop and U.S. Postal Service-delivered bank statements. The finance industry of today is accessible at the touch of a button.
Business Standard: Almost half of security chiefs at the world’s biggest companies expect to increase their budgets significantly in the next year as they see economic and social unrest driving more cases of theft, fraud and the leaking of sensitive information.
The Target: Curaçao-headquartered Stake.com offers casino and sports betting for players using cryptocurrency.
The Take: Over $40m in cryptocurrency.
The Vector: In crypto, hot wallets are less secure than cold wallets because public and private keys can be reached from the internet, enabling remote access and unauthorized activity. This appears to be what happened to Stake.com, although the firm has revealed few other details.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.
BNN Bloomberg: China-linked hackers breached the corporate account of a Microsoft Corp. engineer and are suspected of using that access to steal a valuable key that enabled the hack of senior US officials’ email accounts, the company said in a blog post.
SecurityWeek: Upwind, which describes itself as a runtime-powered Cloud-Native Application Protection Platform (CNAPP), has raised a total of $80 million in just 10 months as investors continue to pour cash into startups in the cloud and data security categories.
The Guardian: The Electoral Commission has admitted it failed a cybersecurity test in the same year that hackers successfully attacked the organization.
Yahoo Finance: Verizon Business Network Services, a unit of the telecom giant , agreed to pay $4.1 million to resolve U.S. allegations that it failed to follow required cybersecurity standards, the U.S. Justice Department said.
PR Newswire: Dataprise, a premier provider of managed IT, cybersecurity and cloud solutions, announced that it has completed an acquisition of clients and employees of Cohere, a security-first managed services provider headquartered in New York City.
Bleeping Computer: The German Federal Financial Supervisory Authority (BaFin) announced that an ongoing distributed denial-of-service (DDoS) attack has been impacting its website.
CSO: The Australian federal government has approved amendments to the Protective Security Policy Framework (PSPF) to mandate non-corporate Commonwealth entities to appoint a CISO to be responsible for cyber security leadership in the entity.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy