Industry News: ESG5

2023-08-08

Yahoo Finance: Amid the crypto industry's myriad obstacles, hacks still rank at the top of the list. Despite the bear market, last year saw a historic spike, with nearly $4 billion stolen by cybercriminals, according to the analytics firm Chainalysis.

Read more...

2023-08-08

Forbes: We live in an age in which technology promises to shape the future. The near-constant flow of innovation makes it challenging for many business leaders to keep up.

Read more...

The Target: American retail chain Hot Topic.

The Take: A threat actor obtained the valid account credentials for Hot Topic Rewards accounts from an unknown third party.

The Vector: The series of breaches that occurred between Feb. 7 and June 21 was the result of automated credential stuffing attacks against the company’s website and mobile application. 

This breach is a reminder of how authentication controls are an important part of an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.

Read more...

2023-08-03

Security Week: The five key risk areas are misconfigurations, external-facing vulnerabilities, weaponized vulnerabilities, malware inside a cloud environment, and remediation lag (that is, delays in patching).

Read more...

2023-08-03

Channel Futures: Cybersecurity vendor funding fell last month, continuing a decline during the second quarter compared to the year-ago quarter. That’s according to Pinpoint Search Group. It releases monthly reports on cybersecurity vendor funding and M&A.

Read more...

2023-08-03

ZD Net: Some 110.8 million user accounts were breached in the second quarter of 2023, with the US accounting for almost 45% of the global figure. Worldwide, data breaches grew 2.6 times compared to the first quarter, with an average of 855 accounts leaked every minute in the second quarter.  

Read more...

2023-08-03

Venture Beat: Cybersecurity startup Jericho Security announced it has raised $3 million in pre-seed funding to build solutions using artificial intelligence (AI) to combat increasingly sophisticated phishing attacks generated by AI systems.

Read more...

2023-08-01

Help Net Security: 78% of Europe’s largest financial institutions experienced a third-party breach in the past year, according to SecurityScorecard. In the wake of attacks such as MOVEit and SolarWinds, cybersecurity regulations are increasing the need for comprehensive approaches to manage vendor risk and ensure compliance.

Read more...

2023-08-01

PYMNTS: Bankrupt crypto lender Voyager Digital Holdings has reported a possible breach, revealing the difficulties of protecting customers from online scammers.

Read more...

The Target: Government services provider Maximus and 513 organizations impacted by the MOVEit hack.

The Take: According to Maximus, the attackers stole files containing personal information and protected health information, including Social Security numbers, “of at least 8 to 11 million individuals”.

The Vector: Disclosed at the end of May, the attack involved the exploitation of a zero-day vulnerability in the MOVEit Transfer managed file transfer (MFT) software, allowing cybercriminals to tap into the data transferred through the service.

A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched. This breach is a reminder of how regular vendor assessments are a key component in cybersecurity. The breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control but in third-party systems the firm relies upon as well.

Read more...