Industry News: ESG5

The Target: Americold is the world’s largest publicly traded real estate investment trust focused on temperature-controlled warehouses. The company controls 250 warehouses across the world — most of which are used by food producers, distributors and retailers.

The Take: Names, addresses, Social Security numbers, driver’s license/state ID numbers, passport numbers, financial account information, and employment-related health insurance and medical information were leaked

The Vector: Americold confirmed that hackers had breached its systems on April 26 and accessed the information of current and former Americold employees as well as their dependents. While the company did not explicitly call it a ransomware attack, it said the cybersecurity incident “involved the deployment of malware on certain systems.”

As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.

Read more...

2023-12-19

Financial Conduct Authority (FCA): CBEST tests the cyber resilience of firms and financial market infrastructures (FMIs) through live testing that mimics the actions of cyber attackers.

Read more...

2023-12-19

CSO: Organizations globally are grappling with the impact of constant technological changes and the need to keep up with the ongoing evolution of cybersecurity capabilities.

Read more...

2023-12-18

BNN Bloomberg: Some public companies are still trying to figure out how to comply with new rules from the US Securities and Exchange Commission requiring speedy disclosure of significant cyberattacks.

Read more...

2023-12-18

The Record: One of the biggest apparel companies in the world reported a “material” cyberattack to the U.S. Securities and Exchange Commission (SEC) on the first day that a new cyber incident reporting rule went into effect.

Read more...

2023-12-18

SecurityWeek: Nearly 70% of Iran’s gas stations went out of service following possible sabotage — a reference to cyberattacks, Iranian state TV reported.

Read more...

2023-12-17

XM: Britain's National Grid NG.L has started removing components supplied by a unit of China-backed Nari Technology's 600406.SS from the electricity transmission network over cyber security fears, the Financial Times reported.

Read more...

2023-12-17

Yahoo Finance: The technology sector is set to outperform again in 2024, with cybersecurity and cloud networking stocks among those best positioned, according to Barclays. A major catalyst: artificial intelligence.

Read more...

The Target: Toyota Financial Services is the finance arm of the Toyota Motor Corporation. It is a subsidiary of Toyota and provides a range of financial services to Toyota customers and dealerships worldwide.

The Take: Threat actors gained access to full names, residence addresses, contract information, lease-purchase details, and IBAN (International Bank Account Number).

The Vector: Threat actors likely exploited the vulnerability Citrix Bleed to gain initial access to the company’s network.

This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

Read more...

2023-12-13

Financial Newswire: Less than a week after the Australian Prudential Regulation Authority (APRA) imposed additional license conditions on NGS Super over a cyber breach, a new white paper is arguing that managing communications to members is key to minimizing reputational damage.

Read more...