shutterstock_490960141-1

Industry News: ESG5

    Know Your Breach: Firstmac Limited

    The Target: Firstmac is a significant player in Australia's financial services industry, focusing primarily on mortgage lending, investment management, and securitization services.

    The Take: From the investigation that followed, assisted by external cybersecurity experts, Firstmac determined that the following information was compromised: First name, Residential address, Email address, Phone number, Date of birth, External bank account information, Driver’s license number.

    The Vector: Firstmac experienced a cyber incident where an unauthorised third party accessed a part of their IT system.

    This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

    Read more...

    Thoma Bravo's LogRhythm Merges With Exabeam In More Cybersecurity Consolidation

    2024-05-16

    Yahoo Finance: Private equity giant Thoma Bravo has announced that its security information and event management (SIEM) company LogRhythm will be merging with Exabeam, a rival cybersecurity company backed by the likes of Cisco and Lightspeed Venture Partners.

    Read more...

    Crypto Hedge Fund BlockTower Suffers A Major Exploit, But How?

    2024-05-15

    TechReport: A prominent crypto hedge fund, BlockTower Capital, has emerged as the last firm to suffer a major blow from hackers. According to reports, hackers infiltrated the company’s system, carting away a hefty sum from its assets under management (AUM).  

    Read more...

    Singapore Cybersecurity Update Puts Cloud Providers on Notice

    2024-05-14

    Dark Reading: Lawmakers in Singapore updated the nation's cybersecurity regulations on May 7, giving more power to the agency responsible for enforcing the rules, adopting definitions of computer systems that include cloud infrastructure, and requiring that critical information infrastructure (CII) operators report any cybersecurity incident to the government.

    Read more...

    Santander Reports Customer, Employee Data Breach In Spain, Chile, Uruguay

    2024-05-14

    Yahoo Finance: Spanish bank Santander said some customer and employee data in a database hosted by an outside provider was accessed by an unauthorized party, but that the bank's own operations and systems have not been affected.

    Read more...

    Why AI Will Boost Demand For Cybersecurity Talent

    2024-05-13

    Forbes: When listening to industry watchers extolling the promises of AI, you'd expect cybersecurity experts to soon be obsolete. AI will securely configure systems, detect abnormal behavior and react faster than any human ever can.

    Read more...

    Accel Has a Fresh $650 Million to Back European Early-Stage Startups

    2024-05-13

    TechCrunch: Early-stage rounds continue to account for the majority of investments in the European startup market, and one of the biggest firms in the region announced a new fund to bolster that trend.

    Read more...

    Aussie Software Firm Iress Flags Data Breach At Third-Party Platform

    2024-05-12

    Yahoo News: Australia's Iress Ltd over the weekend detected and contained an unauthorized access of the firm's space on a third-party platform which is used to manage its pre-production software code, the financial software firm said.

    Read more...

    Know Your Breach: University System of Georgia

    The Target: University System of Georgia is a state government agency that operates 26 public colleges and universities in Georgia with over 340,000 students.

    The Take: The cybercriminals accessed: Full or partial (last four digits) of Social Security Number, Date of Birth, Bank account number(s), Federal income tax documents with Tax ID number.

    The Vector: The Clop ransomware gang leveraged a zero-day vulnerability in Progress Software MOVEit Secure File Transfer solution in late May 2023 to conduct a massive worldwide data theft campaign.

    This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

    Read more...

    Third-Party Data Breaches Rose 49% in 2023, Reaching Record Level, New Prevalent Study Finds

    2024-05-08

    Business Wire: Prevalent Inc. published its 2024 Third-Party Risk Management Study, finding that 61% of companies experienced a third-party data breach or cybersecurity incident last year. Breaches rose 20 points — or 49% — year over year, increasing threefold since 2021.

    Read more...

    About Castle Hall Diligence

    Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

    Subscribe to Cyber Updates