.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Private Equity Wire: Abacus Group, a provider of hosted IT services and solutions to alternative investment firms, has acquired two boutique cybersecurity consulting companies, Gotham Security and its parent company, GoVanguard, which will now be known as Gotham Security, and will operate as an independent subsidiary of Abacus Group.
DarkReading: Leading global intelligence and cyber security consultancy S-RM has today revealed in its Cyber Security Insights Report that there has been a drop in concern around the cyber security threats posed by hybrid working. However, a significant proportion (35%) of IT leaders say they are concerned over a cyber skills gap among employees.
The Target: Myrocket, a Human Resources recruitment company based in India.
The Take: Exposure of 200,000 employees and 9 million candidate records of Personally Identifiable Information including: names, taxpayer information, personal identification numbers, emails, phone numbers, bank details, dates of birth, salaries, payslips, employees roles, and more.
The Vector: A misconfigured data server was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data.
This breach is critical reminder that authentication controls are an important piece in an overall robust cybersecurity posture. This data is perfect for constructing highly effecting spear-phishing campaigns. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.
BNN Bloomberg: In findings published, the blockchain forensics firm estimated that ransom payments — which are almost always paid in cryptocurrency — fell to $456.8 million in 2022 from $765.6 million in 2021, a 40% drop.
Bleeping Computer: PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data. Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites.
BusinessWire: With the Securities & Exchange Commission proposing tighter cybersecurity requirements for hedge funds and other asset managers, Cole-Frieman & Mallon LLP, one of the nation’s leading boutique law firms serving the investment management industry, has launched a first-of-its-kind cybersecurity law practice.
CoinDesk: “North Korea’s Lazarus Group had a very busy weekend, moving $63.5 million (~41,000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges,” ZachXBT alerted on Twitter.
Yahoo News: The multinational agreement to develop the strategy followed a meeting of the Nordic Council’s executive committee in December. The council functions as the official organization for formal interparliamentary cooperation between the Nordic states. Formed in 1952, it includes Denmark, Finland, Iceland, Norway, Sweden, the Faroe Islands, Greenland and the Åland Islands.
Business Wire: It is both stability and change in the Allianz Risk Barometer 2023. Cyber incidents and Business interruption rank as the biggest company concerns for the second year in succession (both with 34% of all responses). However, it is Macroeconomic developments such as inflation, financial market volatility and a looming recession (up from #10 to #3 year-on-year), as well as the impact of the Energy crisis (a new entry at #4) which are the top risers in this year’s list of global business risks, as the economic and political consequences of the world in the aftermath of Covid-19 and the Ukraine war take hold.
The Target: CAF, the French Social Security agency
The Take: 10,000 records of Personally Identifiable Information exposed including: physical address, date of birth, household composition and income, amounts and benefits received.
The Vector: An unencrypted and unprotected file containing the above information was sent to a third-party service provider, who then posted the file to their website which was publicly accessible to anyone.
This breach is a reminder of how critical authentication controls are on sensitive data to maintain an overall robust cybersecurity posture, and more critically, ensuring these controls are in place when communicating and sending data to third-party vendors. The information stolen in this attack could lead to highly targeted phishing campaigns against the victims. Regular vendor assessments are also a key component in cybersecurity.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Prague
V Parku 8, 148 00 Praha 11,
Czech Republic
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy