Industry News: ESG5

The Target: TMX Finance Corporate Services, the parent company of lender TitleMax. TMX, which also operates the brands TitleBucks, InstaLoan and EquityAuto Loan, has more than 1,000 locations in 18 U.S. states.

The Take: A revised data breach notification sent to victims by TMX stated that beyond the raft of personal information that it previously stated had been stolen - including passport and Social Security numbers - attackers may have also stolen their credit/debit card number in combination with security code, access code, password or PIN for the account.

The Vector: TMX previously reported detecting suspicious activity on their systems on Feb. 13. A third-party incident response firm called in to investigate found the intrusion appeared to have started in early December 2022.

This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.

Read more...

2023-08-30

The Guardian: The UK’s cybersecurity agency has warned that chatbots can be manipulated by hackers to cause scary real-world consequences.

Read more...

2023-08-29

Forbes: By now, it’s common knowledge that the pandemic accelerated the digital transformation of our work world. Remote and hybrid work environments and anytime-anywhere collaboration became the norm, and the adoption of cloud services increased substantially. 

Read more...

2023-08-29

Dark Reading: The cybersecurity sector continues to face a dire talent shortage as the threat landscape evolves, according to recent research from ISC2, and the skill gap is only growing. 

Read more...

2023-08-29

Business Standard: Capital markets regulator Sebi came out with guidelines to strengthen the existing cyber security and cyber resilience framework for stock exchanges and other market infrastructure institutions (MIIs).

Read more...

2023-08-29

CoinDesk: FTX customers continue to be plagued by issues several months after the exchange shut down, blocking millions of users from accessing billions in capital stored on the disgraced exchange.

Read more...

2023-08-29

Security Boulevard: Economic downturns often trigger cost-cutting and layoffs. And while it may appear counterintuitive to advocate for new business investments, the reality is that recessions don’t stop cybercrime and data leaks.  

Read more...

2023-08-28

CSO: Laws and standards around cybersecurity are plenty and to make matters worse they often vary within countries. 

Read more...

The Target: The German Federal Bar (BRAK) Association, an umbrella organization overseeing 28 regional bars across Germany and representing about 166,000 lawyers nationally and internationally.

The Take: The organization is still trying to figure out how much information was taken involving communications from people contacting the Brussels office.

The Vector: The hackers encrypted BRAK’s mail server and exfiltrated 160 gigabytes of data.

This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.

Read more...

2023-08-23

BNN Bloomberg: Business lobbyists are struggling to soften new US Securities and Exchange Commission rules that require publicly traded companies to quickly disclose cybersecurity breaches.

Read more...