.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Americold is the world’s largest publicly traded real estate investment trust focused on temperature-controlled warehouses. The company controls 250 warehouses across the world — most of which are used by food producers, distributors and retailers.
The Take: Names, addresses, Social Security numbers, driver’s license/state ID numbers, passport numbers, financial account information, and employment-related health insurance and medical information were leaked
The Vector: Americold confirmed that hackers had breached its systems on April 26 and accessed the information of current and former Americold employees as well as their dependents. While the company did not explicitly call it a ransomware attack, it said the cybersecurity incident “involved the deployment of malware on certain systems.”
As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.
Financial Conduct Authority (FCA): CBEST tests the cyber resilience of firms and financial market infrastructures (FMIs) through live testing that mimics the actions of cyber attackers.
CSO: Organizations globally are grappling with the impact of constant technological changes and the need to keep up with the ongoing evolution of cybersecurity capabilities.
BNN Bloomberg: Some public companies are still trying to figure out how to comply with new rules from the US Securities and Exchange Commission requiring speedy disclosure of significant cyberattacks.
The Record: One of the biggest apparel companies in the world reported a “material” cyberattack to the U.S. Securities and Exchange Commission (SEC) on the first day that a new cyber incident reporting rule went into effect.
SecurityWeek: Nearly 70% of Iran’s gas stations went out of service following possible sabotage — a reference to cyberattacks, Iranian state TV reported.
XM: Britain's National Grid NG.L has started removing components supplied by a unit of China-backed Nari Technology's 600406.SS from the electricity transmission network over cyber security fears, the Financial Times reported.
Yahoo Finance: The technology sector is set to outperform again in 2024, with cybersecurity and cloud networking stocks among those best positioned, according to Barclays. A major catalyst: artificial intelligence.
The Target: Toyota Financial Services is the finance arm of the Toyota Motor Corporation. It is a subsidiary of Toyota and provides a range of financial services to Toyota customers and dealerships worldwide.
The Take: Threat actors gained access to full names, residence addresses, contract information, lease-purchase details, and IBAN (International Bank Account Number).
The Vector: Threat actors likely exploited the vulnerability Citrix Bleed to gain initial access to the company’s network.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
Financial Newswire: Less than a week after the Australian Prudential Regulation Authority (APRA) imposed additional license conditions on NGS Super over a cyber breach, a new white paper is arguing that managing communications to members is key to minimizing reputational damage.
BNN Bloomberg: The Commodity Futures Trading Commission proposed new cybersecurity rules for brokerages and swaps dealers in response to this year’s highly disruptive ransomware attack on software company Ion Trading UK.
Forbes: Embarking upon the cyber frontier, this article aims to delve into the dynamic landscape of data privacy and cybersecurity, unveiling the intricate measures organizations adopt to stay at the forefront of digital defense.
CFO Dive: When Seth Cohen started his career in corporate finance as an analyst at Lehman Brothers, it was long before the internet exploded into a worldwide phenomenon.
PR Newswire: Bitsight, a leader in managing and monitoring cyber risk, announced the results of a joint study with Google analyzing how organizations perform across cybersecurity controls in the Minimum Viable Secure Product (MVSP) framework—a minimum security baseline for enterprise-ready products and services.
The Insurer: Since the launch of ChatGPT a year ago, the status of AI has rapidly evolved from headline-grabbing novelty to serious discipline. Preparedness for its impact on cybersecurity is also rapidly improving.
BNN Bloomberg: Taiwan’s financial system undergirds a $760 billion high-tech economy, but its vulnerability to advanced hacks has raised fears of a worst-case scenario: a full-blown cyberattack from China that sends its currency and markets into a tailspin.
The Target: HTC Global Services is a managed service provider offering technology and business services to the healthcare, automotive, manufacturing, and financial industries.
The Take: The leaked data includes passports, contact lists, emails, and confidential documents allegedly stolen during the attack.
The Vector: While little information about the attack on HTC is available, cybersecurity professional Kevin Beaumont believes the company was breached using the Citrix Bleed vulnerability. According to Beaumont, one of HTC's business units, CareTech, operated a vulnerable Citrix Netscaler device, which was exploited for initial access to the company's network.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Yahoo Finance: Blackstone Inc. has provided a more than $1 billion private credit loan package for BeyondTrust, a cybersecurity company, according to people with knowledge of the transaction.
CSO: While organizations are realizing the need for knowledgeable teams to address unknown threats, they are also looking to reduce their security headcount and infrastructure spending.
Forbes: Cybersecurity is an existential threat to the global economy. The World Economic Forum’s (WEF) Global Risks Report places cybercrime and cyber insecurity in the top 10 global risks over the next two- and 10-year periods.
Dark Reading: Foresite, announced a new partnership with CrowdStrike, a global leader in cloud-delivered protection of endpoints, cloud workloads, identity, and data protection.
MarketScreener: Lobby group Japan Association of New Economy has joined U.S. Big Tech to warn against proposed EU cybersecurity labelling rules that they said could hamper their access to the bloc's markets, according to a letter sent to the EU industry chief.
CSO: The United States is heading into a crucial election year, with a high-stakes presidential election that could determine the republic’s fate for decades. In addition, all 435 seats in the United States House of Representatives, 34 Senate seats, and 13 governorships are up for grabs, along with thousands of local government elections.
SecurityWeek: Collectively tracked as the Lazarus Group, the North Korean hackers specialize in cryptocurrency-related intrusions, mainly relying on spear-phishing emails to trick victims into authorizing malicious scripts and downloading malware.
The Target: General Electric (GE) is an American multinational company with divisions in power, renewable energy, and aerospace industries.
The Take: According to the threat actor, "data includes a lot of DARPA-related military information, files, SQL files, documents etc." As proof of the breach, the threat actor shared screenshots of what they claim is stolen GE data, including a database from GE Aviations that appears to contain information on military projects.
The Vector: The data was exposed through a server that was misconfigured so that it was accessible online.
This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
Forbes: The hyper-connected nature of our world, the growing use of cloud applications and the fact that data now resides anywhere are all contributing factors to the ubiquity of cyberattacks.
CNBC: The news sent shares down as much as 7% in pre-market trading, although the stock recovered after Okta posted earnings that beat estimates. The company had originally been expected to report earnings after the bell, but moved its report up to the morning shortly after it disclosed the expanded breach in a blog post filed with the SEC.
Forbes: On one hand, 63% of cybersecurity professionals complain that working conditions have become more difficult over the last two years owing to a heavy surge in cyberattacks, mounting data privacy concerns, overwhelming workloads, budget restrictions, staffing shortages and a complex regulatory environment.
US News: CrowdStrike Holdings on Tuesday forecast fourth-quarter revenue above Wall Street estimates, driven by resilient demand for its cybersecurity offerings in the wake of rising online threats.
Bleeping Computer: In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries.
CXOtoday: Cybersecurity is an integral part of Industry 4.0. In the current era of fast technological advancements and innovations, cybersecurity is the key to continued success and business longevity.
Yahoo Finance: Artificial intelligence and automation are reshaping the digital defense landscape. Companies are engaged in a relentless race to outpace cyber threats, with the effectiveness of their cybersecurity systems playing a pivotal role in determining market success moving forward.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy