.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Investment management firm Ellington Management Group L.L.C.
The Take: Ellington determined that the following general categories of information may have been involved in the incident but are not relevant to every individual impacted: name, date of birth, Social Security number, medical information, and driver’s license number. In only three instances, non-Ellington financial account information may have been impacted.
The Vector: Ellington’s investigation determined that between July 18, 2023 and August 8, 2023, an unauthorized actor had access to a single Ellington email account for the demonstrated purpose of sending phishing emails. Ellington analyzed the email account and did not find any evidence of any data being downloaded, emails being forwarded, or the account being synced to other systems.
As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.
CSO: With the US Securities and Exchange Commission (SEC) having taken legal action against CISOs at both SolarWinds and Uber, security executives feel the pressure to be absolutely precise when writing up security incidents that the company has decided are material.
Forbes: Most of you have heard a lot in the past month about cybersecurity, hacking attacks and many words that are strange to us, like man in the middle ("MITM") phishing, spoofing, LifeLock, blueprinting, fingerprinting, crypto locker, VPN and so on, in the news and from media ads.
Yahoo Finance: A key reform proposed by the U.S. Securities and Exchange Commission to boost the use of central clearing for U.S. Treasuries could leave the market more exposed to cybersecurity risks, Barclays said, referring to the cyber hack of Industrial and Commercial Bank of China's U.S. broker-dealer.
TechCrunch: Vulcan Cyber, a company developing software to help enterprises detect vulnerabilities in their software stack, announced that it raised $55 million in equity financing led by Maor Investments and Ten Eleven Ventures with participation from Dawn Capital and Wipro Ventures.
Investing.com: OpenText, a global leader in information management, released its annual Cybersecurity Global Ransomware Survey, revealing significant trends in cybersecurity among small and medium-sized businesses (SMBs) and enterprises.
FundsTech: Europe’s main securities regulator has elevated cyber risk and digital resilience to the top of its supervisory authorities for the coming year.
CSO: A cybersecurity self-assessment of 697 Australian organizations revealed 58% have limited or no capability to protect confidential information adequately.
The Target: Hilb Group, a business that handles property, casualty, and employee benefits insurance and advisory services at more than 130 locations across 22 US states.
The Take: People's first and last names and sensitive financial data and credentials. Specifically, Financial Account Number or Credit/Debit Card Number (in combination with security code, access code, password or PIN for the account).
The Vector: Hilb says it discovered "suspicious activity" related to employee email accounts around January 10. After doing some digging, and bringing on a third-party incident response firm, the insurance brokerage determined someone broke into those inboxes between December 1, 2022 and January 12, 2023.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
BNN Bloomberg: OpenAI is grappling with “abnormal traffic” that suggests hackers are trying to swamp its services, revealing for the first time the potential cause of outages that’ve plagued ChatGPT this week.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Prague
V Parku 8, 148 00 Praha 11,
Czech Republic
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy