.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Popular hardware cryptocurrency wallet vendor Trezor
The Take: A subset of 66,000 users who have interacted with Trezor Support since December 2021 may have had their names or usernames, and email addresses exposed to an unauthorized party.
The Vector: Trezor has already confirmed 41 cases where exposed data has been exploited, with the attackers approaching users to trick them into giving away their recovery seeds - a string of words that contain all the information required for gaining access to a wallet.
As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.
Forbes: Of all the headlines in 2023, perhaps none captured our collective imagination last year like the high-profile AI breakthroughs typified by ChatGPT.
PR Newswire: M|C Partners, a digital infrastructure and tech services private equity firm, has made a strategic growth investment in Consortium Networks, a national cybersecurity organization.
The Guardian: Artificial intelligence will make it difficult to spot whether emails are genuine or sent by scammers and malicious actors, including messages that ask computer users to reset their passwords, the UK’s cybersecurity agency has warned.
Dark Reading: Experts have welcomed the creation of a new artificial intelligence (AI) council in Abu Dhabi as a key move toward strengthening national cybersecurity.
TechCrunch: Torq, a self-described “hyperautomation” cybersecurity startup, today announced that it raised $42 million in an extension to its Series B funding round from investors, including Bessemer Venture Partners, GGV Capital, Insight Partners, Greenfield Partners and Evolution Equity Partners.
Bleeping Computer: The U.S. Securities and Exchange Commission confirmed that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account.
Cybersecurity Dive: Security researchers and other analysts say the attack raises serious questions about the security of Microsoft products and whether the company is employing the same practices internally that it demands of customers.
The Target: Liquipedia is an encyclopedia on various video games, covering everything from history to tactics. The platform was founded and is run by Team Liquid, a Netherlands-based professional e-sports organization owned by aXiomatic Gaming, an e-sports and gaming enabler.
The Take: A part of the exposed information was contained in a user collection weighing 77MB, containing data on nearly 119,000 users. The exposed Liquipedia user details include: User IDs, User emails, email verification status, two-factor authentication status and account creation dates.
The Vector: Researchers surmised that secrets and private RSA keys were used to authenticate admin access to Liquipedia’s Reddit, Discord, Twitch, and X accounts.
This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
City A.M: The boss of one of the world’s biggest cybersecurity companies has said he expects a surge in M&A activity in the sector in 2024. Nick Schneider, the chief executive of Arctic Wolf, which is valued at $4.3bn, told City A.M. that many potential buyers are “opportunistically” scouring the market.
Forbes: The short breach notification timeline attached to the SEC’s new cybersecurity disclosure rule is loud and clear: C-Suite leaders and boards have important work to do in ensuring their organizations can quickly identify, understand and publicly disclose material cybersecurity events and impacts.
Crunchbase: Just two years ago venture funding to cybersecurity was on fire, with more than $23 billion flooding the sector. In 2023, cyber startups saw only about a third of that, as venture funding dipped to its lowest total since 2018.
BNN Bloomberg: Governments and businesses are not prepared for the havoc quantum computers will sow in cybersecurity by the end of the decade, according to an International Business Machines Corp. executive.
Forbes: In the current digital landscape, data integrity and security have taken center stage, especially as businesses and institutions continue to depend on digital data.
Business Wire: Cyber incidents such as ransomware attacks, data breaches, and IT disruptions are the biggest worry for companies globally in 2024, according to the Allianz Risk Barometer.
TechCrunch: Thomvest Ventures is popping into 2024 with a new $250 million fund and the promotion of Umesh Padval and Nima Wedlake to the role of managing directors.
The Target: HMG Healthcare is headquartered in The Woodlands, Texas, and provides a range of services, including memory care, rehabilitation and assisted living. HMG’s website says it employs more than 4,100 people and serves approximately 3,500 patients, generating more than $150 million in annual revenues.
The Take: HMG said the stolen information “likely contained” personal information, including names, dates of birth, contact information, Social Security numbers and records related to employment; as well as medical records, general health information and information regarding medical treatment, according to the notice.
The Vector: In a notice published on its website, HMG chief executive Derek Prince confirmed that hackers in August accessed a server storing “unencrypted files” containing sensitive information belonging to patients, employees, and their dependents. HMG said it learned of the breach months later in November.
As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.
BNN Bloomberg: The Canadian government is joining forces with the cybersecurity ratings firm SecurityScorecard Inc. to bolster defenses for the country’s critical infrastructure.
SecurityWeek: Pinpoint’s 2023 annual cybersecurity funding report shows that there were a total of 437 funding and M&A transactions last year, including 346 funding rounds and 91 M&A deals.
US News: The hack of the U.S. Securities and Exchange Commission's official account on X renewed concerns about the social media platform's security since its takeover by billionaire Elon Musk in 2022.
Yahoo News: Advances in artificial intelligence may facilitate hacking, scamming and money laundering by reducing the technical know-how required to carry out such crimes, top U.S. law enforcement and intelligence officials said
Mint: Venture capital investors are scaling their cyber security investments on the back of advancements in artificial intelligence (AI) and rising instances of data security breaches.
TechCrunch: SentinelOne’s deal to acquire PingSafe values the Peak XV-backed young startup at over $100 million, two sources familiar with the matter told TechCrunch, in one of the strongest and fastest exits emerging from India.
Forbes: Remember when the cyberattack on SolarWinds broke through the coverage of Covid-19 and dominated headlines? That was around three years ago, and the story lingered for a while as a kind of cautionary tale.
The Target: Orrick, Herrington & Sutcliffe, a popular San Francisco-based international law firm.
The Take: The stolen data encompassed a vast array of information, including names, dates of birth, addresses, email addresses, and government-issued identification numbers like Social Security, passport, driver’s license, and tax identification numbers.
The Vector: The intrusion into Orrick’s network compromised a file share, revealing personal information and sensitive health data of victims.
This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
The Post: A New Zealand cyber-security firm that has the ear of many media organisations around the world has called for a complete ban on paying off ransomware attackers, arguing it is the only way to get on top of the crime.
Yahoo Finance: Atos SE shares fell after the company’s announcement that it was in early talks to sell its big data and cybersecurity business to Airbus SE for as much as €1.8 billion ($2 billion) disappointed investors.
TechCrunch: While most of Europe was still knuckle deep in the holiday chocolate selection box late last month, ChatGPT maker OpenAI was busy firing out an email with details of an incoming update to its terms that looks intended to shrink its regulatory risk in the European Union.
Security Boulevard: As the New Year dawns, a cybersecurity report from Google Cloud suggests that while there are many challenges ahead, it will also become simpler for cybersecurity teams to leverage artificial intelligence (AI) to better defend IT environments.
TechCrunch: Countdown Capital, an early-stage venture capital firm focused on hard tech industrial startups, will shut down by the end of March and return uninvested capital, firm founder and solo general partner Jai Malik said in an annual letter.
SC Media: With two major actions in the last six months of 2023, the Securities and Exchange Commission (SEC) has made it clear that it plans to get tough on cybersecurity.
Bleeping Computer: In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy