.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Synnovis, a pathology services provider for the National Health Service (NHS) in the U.K.
The Take: The leaked data includes patient names, dates of birth, NHS numbers, and descriptions of blood tests, as reported by the BBC. The extent of the data breach and whether test results are included remains unclear.
The Vector: Synnovis was hit by the ransomware attack earlier this month, creating disruptions at major London hospitals. The leak saw almost 400GB of private information published on the darknet.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
Dark Reading: Optiv, the cyber advisory and solutions leader, has published its 2024 Threat and Risk Management Report, which examines how organizations’ cybersecurity investments and governance priorities are keeping up with the evolving threat landscape.
GlobeNewswire: Sophos, a global leader of innovative security solutions for defeating cyberattacks, today released findings from its survey, “Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders.”
U.S. News: Central banks should embrace the benefits of artificial intelligence (AI) the Bank for International Settlements (BIS)has said, but stressed the technology should not replace humans when it comes to setting interest rates.
Help Net Security: Alethea closed a $20 million Series B funding round led by GV, with participation from Ballistic Ventures, who led Alethea’s Series A funding in 2022. Also participating in the round is Hakluyt Capital, which invests alongside leading venture capital funds, targeting companies with high growth potential and international ambitions.
SecurityWeek: Cryptocurrency portfolio manager CoinStats resumed activity recently after hackers drained over $2 million in virtual assets from 1,590 wallets. The incident prompted CoinStats to shut down its application to mitigate the attack.
PR Newswire: As per SkyQuest, the Global Cyber Security Market was valued at USD 150.02 Billion in 2022 and is poised to grow from USD 168.04 Billion in 2023 to USD 452.08 Billion by 2031, growing at a CAGR of 13.38% during the forecast period (2024-2031).
The Record: Several large car-dealership companies in the U.S. filed notices with regulators in relation to a ransomware attack on CDK Global that has stymied work at thousands of dealers across North America over the last week.
The Target: Printed circuit board assembly (PCBA) manufacturing firm Keytronic.
The Take: The cybergang claimed to have stolen financial documents, engineering data, human resources information, corporate data, and other types of data.
The Vector: The investigation into the attack, Keytronic said, has determined that limited data was accessed and exfiltrated from its environment, including personally identifiable information. The incident, the company said in a filing with the US Securities and Exchange Commission, occurred on May 6, and resulted in network disruptions.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
FinTech Global: According to ACA Group, companies with fewer than 1,000 employees bear the brunt of up to 82% of ransomware attacks, painting a target on PortCos due to their typically nascent cybersecurity measures and constrained resources to combat breaches.
Crunchbase: Maryland-based Huntress became the newest cybersecurity unicorn after it raised a $150 million Series D at a $1.5 billion-plus valuation. The new round was led by Kleiner Perkins, Meritech Capital and existing investor Sapphire Ventures.
SecurityWeek: Non-human Identity (NHI) lifecycle firm Entro Security has raised $18 million in a Series A funding round led by Dell Technologies Capital and including angel investors. The funds will be used to scale the firm’s global operations.
U.S. Securities and Exchange Commission: The Securities and Exchange Commission announced that R.R. Donnelley & Sons Company (RRD), a global provider of business communication and marketing services, agreed to pay over $2.1 million to settle disclosure and internal control failure charges relating to cybersecurity incidents and alerts in late 2021.
The Record: Two federal contractors have paid a total of $11.3 million in civil penalties to the U.S. government after admitting they failed to properly test the cybersecurity of a system for providing financial assistance to low-income people in New York during the COVID-19 pandemic.
Yahoo Finance: A proposed cybersecurity certification scheme (EUCS) for cloud services should not discriminate against Amazon, Alphabet's Google and Microsoft, 26 industry groups across Europe warned.
Yahoo Finance: Cybersecurity software firm Magenta Buyer is in talks with creditor Elliott Investment Management to provide it with fresh money as revenue falls and liquidity thins, according to people familiar with the situation.
The Target: Frontier is a leading U.S. communications provider that provides gigabit Internet speeds over a fiber-optic network to millions of consumers and businesses across 25 states.
The Take: Full names and Social Security Numbers (SSNs) were confirmed as breached for 751895 customers.
The Vector: The telecommunications provider says it suffered a cyberattack in mid-April 2024, allowing hackers to access customers' personal information stored on its systems.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
Help Net Security: NetSPI announced its acquisition of Hubble, a Northern Virginia-based cyber asset attack surface management (CAASM) and cybersecurity posture management solution.
Business Wire: H.I.G. Capital (“H.I.G.”), is pleased to announce that an affiliate has signed a definitive agreement to sell its portfolio company, DGS S.p.A. (“DGS” or the “Group”), to DGS Co-Founders and management team in partnership with ICG, a global alternative asset manager.
Yahoo Finance: Shares of the cybersecurity firm Rubrik Inc. rose in late trading after its inaugural earnings results exceeded Wall Street’s expectations.
CSO Online: When a large company announces the acquisition of another organization, it’s often perceived as just being a financial transaction.
Dark Reading: Over 40% of security leaders cite enhancing and optimizing technology and processes in the security operations center (SOC) as a top priority for improving defenses against the rise of AI powered threats according to the Darktrace State of AI Cybersecurity 2024 report.
BizTech Magazine: At least $5 million. Perhaps as much as $10 million. That was the economic damage done to the majority of the financial institutions that experienced a data breach in the past five years and were able to estimate a cost.
GlobeNewswire: Fortinet®, the global cybersecurity leader driving the convergence of networking and security, announced that it has entered into a definitive agreement to acquire Lacework, the data-driven cloud security company.
The Target: Ticketmaster, the world’s leading online ticketing platform owned by Live Nation.
The Take: The stolen data trove reportedly includes names, addresses, phone numbers, and partial credit card information.
The Vector: While the specific circumstances of the breaches—including exactly what information was stolen and how it was accessed—remain unclear, the incidents may be linked to attacks against company accounts with cloud hosting provider Snowflake.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Dark Reading: Notable Capital, a global venture capital firm, announced the inaugural launch of "Rising in Cyber," an independent list recognizing the 30 most promising cybersecurity companies as selected by Chief Information Security Officers (CISOs), security leaders, and startup investors.
Yahoo Finance/Reuters: CrowdStrike Holdings Inc forecast second-quarter revenue above market estimates, helped by strong demand for its cybersecurity offerings in the wake of growing online challenges spurred by the use of artificial intelligence (AI).
SecurityWeek: Over 200,000 more cybersecurity workers are needed in the United States to close the talent gap, according to data from CyberSeek. CyberSeek, a joint initiative of NIST’s NICE program, CompTIA, and Lightcast, aims to provide detailed and actionable data on the cybersecurity job market.
Coindesk: Web3 cybersecurity company GoPlus has raised $10 million in a private financing round with participation from a host of heavyweight crypto investors including OKX Ventures, HashKey Capital and Animoca Brands, according to an emailed announcement shared with CoinDesk.
MSN: The ransomware business is booming in Canada. Recent victims have included large corporations such as retailer London Drugs, as well as the City of Hamilton, Ont., and the government of Newfoundland and Labrador.
Yahoo Finance: Cybersecurity is the practice of protecting computer systems, networks, programs, and data from unauthorized access, attacks, damage, or any form of unauthorized manipulation.
Australian Prudential Regulation Authority: The Australian Prudential Regulation Authority (APRA) has written to all APRA-regulated entities emphasising the critical role of data backups in cyber resilience.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy