Industry News: ESG5

The Target: Firstmac is a significant player in Australia's financial services industry, focusing primarily on mortgage lending, investment management, and securitization services.

The Take: From the investigation that followed, assisted by external cybersecurity experts, Firstmac determined that the following information was compromised: First name, Residential address, Email address, Phone number, Date of birth, External bank account information, Driver’s license number.

The Vector: Firstmac experienced a cyber incident where an unauthorised third party accessed a part of their IT system.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

2024-05-16

Yahoo Finance: Private equity giant Thoma Bravo has announced that its security information and event management (SIEM) company LogRhythm will be merging with Exabeam, a rival cybersecurity company backed by the likes of Cisco and Lightspeed Venture Partners.

Read more...

2024-05-15

TechReport: A prominent crypto hedge fund, BlockTower Capital, has emerged as the last firm to suffer a major blow from hackers. According to reports, hackers infiltrated the company’s system, carting away a hefty sum from its assets under management (AUM).  

Read more...

2024-05-14

Dark Reading: Lawmakers in Singapore updated the nation's cybersecurity regulations on May 7, giving more power to the agency responsible for enforcing the rules, adopting definitions of computer systems that include cloud infrastructure, and requiring that critical information infrastructure (CII) operators report any cybersecurity incident to the government.

Read more...

2024-05-14

Yahoo Finance: Spanish bank Santander said some customer and employee data in a database hosted by an outside provider was accessed by an unauthorized party, but that the bank's own operations and systems have not been affected.

Read more...

2024-05-13

Forbes: When listening to industry watchers extolling the promises of AI, you'd expect cybersecurity experts to soon be obsolete. AI will securely configure systems, detect abnormal behavior and react faster than any human ever can.

Read more...

2024-05-13

TechCrunch: Early-stage rounds continue to account for the majority of investments in the European startup market, and one of the biggest firms in the region announced a new fund to bolster that trend.

Read more...

2024-05-12

Yahoo News: Australia's Iress Ltd over the weekend detected and contained an unauthorized access of the firm's space on a third-party platform which is used to manage its pre-production software code, the financial software firm said.

Read more...

The Target: University System of Georgia is a state government agency that operates 26 public colleges and universities in Georgia with over 340,000 students.

The Take: The cybercriminals accessed: Full or partial (last four digits) of Social Security Number, Date of Birth, Bank account number(s), Federal income tax documents with Tax ID number.

The Vector: The Clop ransomware gang leveraged a zero-day vulnerability in Progress Software MOVEit Secure File Transfer solution in late May 2023 to conduct a massive worldwide data theft campaign.

This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

Read more...

2024-05-08

Business Wire: Prevalent Inc. published its 2024 Third-Party Risk Management Study, finding that 61% of companies experienced a third-party data breach or cybersecurity incident last year. Breaches rose 20 points — or 49% — year over year, increasing threefold since 2021.

Read more...