.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Orange Group, a leading French telecommunications operator and digital service provider.
The Take: According to the threat actor, who uses the alias Rey and is a member of the HellCat ransomware group, the stolen data is mostly from the Romanian branch of the company and includes 380,000 unique email addresses, source code, invoices, contracts, customer and employee information.
The Vector: The threat actor compromised Orange’s systems by exploiting compromised credentials, and vulnerabilities in the company’s Jira software for bug/issue tracking, and internal portals.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Yahoo Finance: Global cybersecurity spending is projected to surge in coming years as artificial intelligence tools like chatbots and agents proliferate, creating new risks that force enterprises to shore up their information technology defenses, according to Bloomberg Intelligence analysts.
CSO Online: Attacks against operational technology (OT) networks are on the rise, fueled by geopolitical tensions and conflicts, as OT security fast becomes a mainstream concern.
Crunchbase: NinjaOne, which provides endpoint management, security and monitoring, raised $500 million in Series C extensions at a $5 billion valuation — more than doubling its value from just 12 months ago.
Investment Executive: Advocis faces its fourth legal claim in just over a year, this one arising from a cybersecurity contract the association allegedly terminated after naming its new CEO last fall.
Forbes: Amid rising concerns about data breaches, identity theft and privacy violations, cybersecurity has become more than just an IT and business operations necessity—it has become a brand differentiator.
Funds Europe: Private equity investment in security technology is accelerating, driven by rising geopolitical instability and increased government defence spending, according to research.
Wealth Professional: Bybit, one of the largest cryptocurrency exchanges, suffered a US$1.5bn security breach that has since triggered US$5.5bn in outflows.
The Target: Globe Life is an American financial services holding company.
The Take: The information potentially exposed includes names, email addresses, phone numbers, and postal addresses. In some cases, Social Security numbers, health-related data, and other personal details may also have been involved.
The Vector: The ongoing review indicated that the breach may have involved information linked to its American Life Insurance Co. subsidiary. In a new SEC filing on Jan. 30, Globe Life reported that customer information compromised in the attack was traced to databases maintained by a limited number of independent agency owners.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Cybersecurity Dive: Insight Partners suffered a data breach in January stemming from what it described as “a sophisticated social engineering attack.” In a statement the private equity and venture capital firm said it initially detected unauthorized access to “certain Insight information systems” on Jan. 16.
Forbes: As a cybersecurity leader dedicated to safeguarding small- and medium-sized enterprises (SMEs) from cyber threats, the shifting sands of the cybersecurity landscape are always top-of-mind.
Insurance Journal: Dream, an artificial intelligence company that provides cybersecurity services to governments and critical infrastructure operators such as hospitals and utilities, has raised $100 million at a $1.1 billion valuation.
Tech Monitor: Cybersecurity vulnerabilities continue to pose significant risks to major corporations, with 96% of S&P 500 companies experiencing data breaches, according to the latest findings from the Cybernews Business Digital Index.
Cybersecurity Dive: Palo Alto Networks confirmed that a high severity vulnerability, listed as CVE-2025-0108, in its PAN-OS management web interface was being exploited by attackers in the wild.
Funds Europe: Cybersecurity has emerged as a top priority for investors during fundraising due diligence, with 27% of investors now focusing on digital security risks, according to the Core Alternative Managers’ Mood Index (Cammi) report by Gen II Fund Services.
Bleeping Computer: Financial technology giant Finastra is notifying victims of a data breach after their personal information was stolen by unknown attackers who first breached its systems in October 2024.
The Target: Hewlett Packard Enterprise, an American multinational information technology company.
The Take: A breach notification filing with the state of Massachusetts indicated that Social Security numbers, driver’s license numbers and credit/debit card numbers were compromised in the attack.
The Vector: HPE was notified on Dec. 12, 2023, that a suspected nation-state threat group had breached its Office 365 email environment. An investigation revealed that starting in May 2023, Midnight Blizzard actors accessed emails and pilfered data from mailboxes “belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions.”
As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.
Yahoo Finance/Reuters: Thoma Bravo-backed cybersecurity firm SailPoint will start trading on the Nasdaq, returning to the U.S. stock market more than two years after it went private.
Cybersecurity Dive: Huntress found that ransomware gangs are broadly using the kinds of advanced tactics and techniques that were first tested on large organizations, such as tampering or disabling cybersecurity products.
Yahoo Finance/Reuters: Bain Capital, Advent International and EQT AB are among the private equity firms competing to acquire Japanese cybersecurity firm Trend Micro, which has a market value of 1.32 trillion yen ($8.54 billion), according to people familiar with the matter.
CFO: In an time where deepfakes, synthetic identity fraud and fake documents pose an increasing threat to businesses, audit committees are ramping up cybersecurity oversight — yet financial and nonfinancial firms are taking vastly different approaches.
Cybersecurity Dive: President Donald Trump plans to nominate Sean Cairncross, a former official at the Republican National Committee, as the next national cyber director, according to a list of planned nominees obtained by Cybersecurity Dive.
MSN: The Reserve Bank of India (RBI) is set to introduce exclusive internet domains for financial sector participants, including banks and non-banking entities, to enhance cybersecurity.
SecurityWeek: Turn/River Capital is prepared to pay roughly $4.4 billion in cash for SolarWinds — $18.50 per share, which represents a 35% premium to the stock’s closing price over a period of 90 days prior to the deal being announced.
The Target: Food delivery company GrubHub.
The Take: GrubHub said that, depending on the affected individual, the attackers gained access to names, email addresses, and phone numbers, as well as partial payment card information (including card type and last four digits of the card number) for some campus diners.
The Vector: The investigation found that the intrusion originated with an account belonging to a third-party service provider that provided support services to Grubhub.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
CSO Online: CISOs are increasingly getting caught between business pressures and regulatory obligations, leaving them struggling to balance corporate loyalty and legal accountability.
Cybersecurity Dive: Employees attempting to use a company device to access Chinese tech startup DeepSeek’s wildly popular artificial intelligence app could inadvertently be exposing their organization to threats such as cyberespionage, experts warned.
Dark Reading: Many cybersecurity leaders kick off each new year with predictions for the year to come. You may have seen a deluge of them over the last month or so: "Cyberattacks will continue to be a problem." "This certain country will ban ransom payments."
Private Equity Wire: The report indicates that 27% of investors now prioritise cybersecurity in operational due diligence conversations, reflecting heightened awareness of digital threats in the private capital industry.
Cybersecurity Dive: Cryptocurrency ransomware payments fell from a record $1.25 billion in 2023 to nearly $814 million in 2024, a report released by Chainalysis showed.
MSN/Reuters: SailPoint said it was targeting a valuation of up to $11.5 billion in its New York flotation, as the cybersecurity firm looks to go public again in the United States after more than two years.
Forbes: It stands to reason that as organizations grow, their footprint becomes more distributed. While this enables them to remain closer to their customers and other stakeholders, it also means their network environments become more complex.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Prague
V Parku 8, 148 00 Praha 11,
Czech Republic
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy