shutterstock_490960141-1

Industry News: ESG5

    Know Your Breach: Okta

    The Target: Okta is a San Fransisco-based cloud identity and access management solutions provider whose Single Sign-On (SSO), multi-factor authentication (MFA), and API access management services are used by thousands of organizations worldwide.

    The Take: The leaked data includes user IDs, full names, company names, office addresses, phone numbers, email addresses, positions/roles, and other information.

    The Vector: In October 2023, Okta warned that its support system was breached by hackers using stolen credentials, allowing attackers to steal cookies and authentication for some customers.

    This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

    Read more...

    Atos Shares Sink as Airbus Ends Talks to Buy BDS Cybersecurity Arm

    2024-03-20

    MSN: Airbus has called off talks to buy the BDS cybersecurity unit of France's Atos, sending shares in the software company tumbling by more than a fifth.

    Read more...

    Meet America’s Most Cybersecure Banks 2024

    2024-03-19

    Forbes: Choosing a bank means more than just giving it money. Consumers must trust the institution to protect not only their financial assets, but also keep their Social Security numbers, passwords, dates of birth, and other sensitive data away from hackers. 

    Read more...

    FTC Warns Acammers are Impersonating its Employees to Steal Money

    2024-03-19

    Bleeping Computer: The U.S. Federal Trade Commission (FTC) warned today that scammers are impersonating its employees to steal thousands of dollars from Americans.

    Read more...

    Cybersecurity Investments Need to be Doubled in Next Mandate, EU Official Says

    2024-03-19

    Euronews: Cybersecurity investments will have to be doubled under the next European Commission mandate in order to ensure the bloc’s resilience to counter attacks, a senior EU official said.

    Read more...

    Cybersecurity Firm Cato Networks Hires Banks For 2025 IPO, Sources Say

    2024-03-19

    US News: Israeli cybersecurity firm Cato Networks, which was valued at more than $3 billion in a private funding round last year, has hired underwriters for an initial public offering in New York, according to people familiar with the matter.

    Read more...

    Investment Advisers Pay $400K To Settle ‘AI Washing’ Charges

    2024-03-18

    Bleeping Computer: The U.S. Securities and Exchange Commission (SEC) announced that two investment advisers, Delphia (USA) and Global Predictions, have settled charges of making misleading statements regarding the use of artificial intelligence (AI) technology in their products.

    Read more...

    Cisco Completes $28 Billion Acquisition of Splunk

    2024-03-18

    SecurityWeek: The networking giant paid $157 per share in cash for Splunk, a powerhouse in data analysis, security and observability tools, in a deal first announced in September 2023.

    Read more...

    Know Your Breach: Paysign

    The Target: Financial services firm Paysign. Paysign brought in a revenue of about $12 million last quarter through its prepaid card programs, payment processing systems and digital banking services.

    The Take: 1,242,575 records containing the full names of customers, addresses, dates of birth, phone numbers and account balances.

    The Vector: A cybercriminal with the name “emo” claimed to have taken the data and leaked it on to a hacking forum. The company declined to provide any further information regarding how the attack occurred.

    With the fintech industry experiencing rapid growth, this leak stands as a clear reminder of the critical role of robust cybersecurity measures. Fintech companies manage and store exceptionally sensitive customer data. This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

    Read more...

    Nozomi Networks Secures $100 Million Investment to Accelerate Mission to Defend the World's Critical Infrastructure from Cyber Threats

    2024-03-13

    PR Newswire: Nozomi Networks Inc., the worldwide leader in OT and IoT security, announced a $100 million Series E funding round to help accelerate innovative cyber defenses and expand cost-efficient go-to-market expansion globally.

    Read more...

    CFRs, CE and Cybersecurity Among CIRO’s Priorities for 2024

    2024-03-13

    Investment Executive: The Canadian Investment Regulatory Organization (CIRO) is updating its exam timeline for mutual fund dealers and sharing what its areas of focus will be during upcoming exams for all dealers.

    Read more...

    How Advances in AI Are Impacting Business Cybersecurity

    2024-03-12

    Help Net Security: From a security point of view, it always pays to think one step ahead and about what might be coming next. One of the latest breakthroughs in AI technology is “interactive AI”.

    Read more...

    J.P. Morgan Growth Leads $39 Million Investment in Eye Security

    2024-03-12

    SecurityWeek: The new investment round was led by J.P. Morgan Growth Equity Partners, with additional funding from existing investors Bessemer Venture Partners and TIN Capital.

    Read more...

    Cybersecurity for Critical Infrastructure in the Financial Sector Market to Reach $17,465.33 Million, by 2032 at 6.9% CAGR

    2024-03-11

    GlobeNewswire: According to a recent report published by Allied Market Research, the global cybersecurity for critical infrastructure in the financial sector industry generated $9,012.96 million in 2022, and is anticipated to generate $17,465.33 million by 2032, witnessing a CAGR of 6.9% from 2023 to 2032.  

    Read more...

    Ivanti Breach Prompts CISA To Take Systems Offline

    2024-03-11

    Dark Reading: According to officials, threat actors breached the Cybersecurity and Infrastructure Security Agency's (CISA) systems using Ivanti product vulnerabilities back in February.

    Read more...

    Equilend Warns Employees Their Data Was Stolen By Ransomware Gang

    2024-03-11

    Bleeping Computer: New York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was stolen in a January ransomware attack.

    Read more...

    Know Your Breach: Houser LLP

    The Target: Houser LLP, a U.S. law firm that specializes in serving high-profile financial institutions.

    The Take: The data included names and one or more of Social Security number, driver’s license number, individual tax identification number, financial account information, and medical information.

    The Vector: The company said certain files were encrypted during the incident and were “copied and taken from the network.”

    This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

    Read more...

    Super Funds Urge Against Escalating Minor Cyber Incidents To APRA

    2024-03-07

    Financial Newswire: While at least one industry superannuation fund continues to deal with APRA over a cyber-security incident a year ago, the Association of Superannuation Funds of Australia (ASFA) has made clear to the Government that its member funds do not want minor security incidents being automatically escalated to APRA.

    Read more...

    CrowdStrike Stock Jumps As Forecast Signals Strong Cybersecurity Demand

    2024-03-06

    Yahoo Finance: CrowdStrike surged 10% and sparked a rally in cybersecurity stocks after the company's upbeat annual forecasts signaled robust demand for the one-stop platform for a variety of tools amid a rise in artificial intelligence-led sophisticated attacks.

    Read more...

    KKR Appoints Ruchir Swarup as Chief Information Officer

    2024-03-05

    Business Wire: KKR announced the appointment of Ruchir Swarup as a Partner and Chief Information Officer, effective immediately. In this role, Mr. Swarup will be responsible for driving KKR’s technology strategy and vision. 

    Read more...

    Fidelity Customers' Financial Info Feared Stolen In Suspected Ransomware Attack

    2023-03-05

    The Register: Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers' personal and financial information — including bank account and routing numbers, credit card numbers and security or access codes — after breaking into Infosys' IT systems in the fall.

    Read more...

    Cybersecurity Startup Axonius Raises $200 Million From Returning Investors

    2024-03-05

    US News: Axonius, a startup which help companies manage their cybersecurity infrastructure, said it has raised $200 million at a $2.6 billion valuation, a sizable funding amount in a relatively muted market for growth and late-stage startups.

    Read more...

    What Cybersecurity Chiefs Need From Their CEOs

    2024-03-04

    Dark Reading: It seems obvious: CEOs and their chief information security officers (CISOs) should be natural partners. With the persistent rise in cyber threats, most CEOs recognize the importance of having a strong security leader to protect the company's data, not to mention its reputation.

    Read more...

    How GenAI Empowers Businesses To Stay Ahead In The Cybersecurity Race

    2024-03-04

    Forbes: Be it a tech giant or a startup, the threats to any company's security are relentless, sophisticated and constantly evolving. Hackers are weaponizing new tools, data breaches dominate headlines daily and the potential consequences of an attack are more devastating than ever.

    Read more...

    Know Your Breach: LoanDepot

    The Target: Giant loan and mortgage company LoanDepot

    The Take: The stolen LoanDepot customer data includes names, dates of birth, email and postal addresses, financial account numbers, and phone numbers. The stolen data also includes Social Security numbers, which LoanDepot collected from customers.

    The Vector: LoanDepot was hit by a cyberattack around January 4 that it described at the time as involving the “encryption of data,” or a ransomware attack. It’s not known if LoanDepot paid a ransom.

    This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

    Read more...

    Julius Baer Suffered Tech Crash That Left Bank Offline

    2024-03-01

    SWI swissinfo.ch: Julius Baer Group AG suffered a crash of its core banking systems on Feb. 16 that left Switzerland’s second-largest listed wealth manager offline for some time, according to people familiar with the matter. 

    Read more...

    How Open Source Is Disrupting Enterprise Security: Startup Filigran Shows The Way With Collaborative Threat Defense

    2024-02-28

    VentureBeat: Open-source models and platforms are proving valuable in solving one of the most urgent paradoxes all cybersecurity startups face: balancing the need to deliver reliable apps at scale and low cost while being open enough to integrate across existing IT infrastructure. 

    Read more...

    What Companies & CISOs Should Know About Rising Legal Threats

    2024-02-27

    Dark Reading: A new era of litigation is threatening the cybersecurity community. In addition to corporate and government enforcement, companies are being served with class-action lawsuits for data breaches. 

    Read more...

    Energy Department Invests $45 Million in 16 Projects to Improve Cybersecurity

    2024-02-27

    SecurityWeek: Managed by the Office of Cybersecurity, Energy Security, and Emergency Response (CESER), the projects are aimed at developing new tools to reduce cyber risks and improve the resilience of energy systems, including the power grid, utilities, pipelines, and renewable energy sources.

    Read more...

    NIST Releases Expanded 2.0 Version Of The Cybersecurity Framework

    2024-02-27

    CSO Online: After two years of work, the US National Institute of Standards and Technology (NIST) has issued the 2.0 version of its widely referenced Cybersecurity Framework (CSF), expanding upon the draft 2.0 version it issued in September.

    Read more...

    What's Stopping Cybersecurity From Being AI-Driven?

    2024-02-26

    Forbes: The buzz surrounding artificial intelligence (AI) has reached a fever pitch, with virtually every industry exploring the potential benefits or drawbacks, of using generative AI (GAI) and large language models (LLMs) like ChatGPT or Google Bard to improve their efficiency.

    Read more...

    China to Increase Protections Against Hacking for Key Industries

    2024-02-26

    US News: China's ministry of industry and information technology (MIIT) unveiled a plan that aims to improve data security in China's industrial sector and effectively contain "major risks" by the end of 2026.

    Read more...

    About Castle Hall Diligence

    Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

    Subscribe to Cyber Updates