2014 and Financial Services - Information Management Today

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe.

Financial Services

Financial Services Libraries Encryption Authentication

The G7 expresses its concern over ransomware attacks

Security Affairs

OCTOBER 14, 2020

Not only can the financial costs be high, but the disruption to critical sectors, including financial services and healthcare, as well as the exposure of confidential information, can cause severe damage.” “The G7 is committed to working with our financial sectors to combat ransomware. Pierluigi Paganini.

Ransomware

Ransomware IT Financial Services Data Privacy

Corporate Finance firms leak 500K+ legal and financial documents online

Security Affairs

MARCH 17, 2020

Advantage and Argus seem to be the same company working under two different names, they offer funding and startup capital to business owners without access to traditional lending and financial services. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Financial Services

Financial Services Access Security Privacy

Webinars

Maximizing Profit and Productivity: The New Era of AI-Powered Accounting

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

Security Affairs

DECEMBER 26, 2018

Researchers at Menlo Labs uncovered a malicious email campaign targeting employees of banks and financial services companies abusing Google Cloud Storage. “Financial Services companies can expect to be the target of even more sophisticated malware and credential phishing attacks,”. ” Menlo Labs concludes.

Cloud

Cloud Financial Services Archiving Phishing

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July.

Insurance

Insurance Data breaches Financial Services Passwords

Ransomware infected systems at Xchanging, a DXC subsidiary

Security Affairs

JULY 6, 2020

Xchanging employs over 7,000 people worldwide and offers IT outsourcing, infrastructure including network managed services, software products and application management. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Insurance Financial Services Manufacturing

Fake Microsoft Teams notifications aim at stealing Office365 logins

Security Affairs

MAY 2, 2020

.” A few days ago, researchers from Group-IB reported a campaign dubbed “ PerSwaysion ,” in which attackers exploit Microsoft’s Sway file-sharing to gain access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups. Recently the U.S. Pierluigi Paganini.

Phishing

Phishing Financial Services Cybersecurity Access

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

The credentials are sold for an average of $15.43, the most expensive pairs relate to banking and financial services accounts, with an average price of nearly $71. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Marketing

Marketing Passwords Financial Services Access

France and Germany will block Facebook’s Libra cryptocurrency

Security Affairs

SEPTEMBER 16, 2019

. “Unlike other cryptocurrencies , which are not controlled by a central authority, Libra will not be decentralised , but will be entrusted to a Swiss-based association of major technology and financial services companies. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Financial Services

Financial Services Government IT Security

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were used in a massive surveillance campaign aimed at users working in the financial services, oil and gas, media and entertainment, healthcare, government organizations, and pharmaceuticals. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Healthcare

Healthcare Financial Services Security Communications

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

Security Affairs

MARCH 19, 2020

.” The module appears to be under development, but experts pointed out that threat actors already used it to target organizations, mostly in telecoms, education, and financial services sectors. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Financial Services

Financial Services Education Communications IT

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

According to a filing (PDF) by the New York State Department of Financial Services (DFS), the weakness that exposed the documents was first introduced during an application software update in May 2014 and went undetected for years. The documents were available without authentication to anyone with a Web browser.

Insurance

Insurance Financial Services Mining Access

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

.” PIONEER KITTEN hackers to date have focused their attacks against entities in North American and Israeli, while targeted sectors include technology, government, defense, healthcare, aviation, media, academic, engineering, consulting and professional services, chemical, manufacturing, financial services, insurance, and retail. .

Access

Access Financial Services Retail Insurance

Stock trading service Robinhood stored passwords in plaintext for some users

Security Affairs

JULY 25, 2019

Robinhood confirmed to have addressed the issue and the good news for the impacted users is that the financial service hasn’t found evidence that the passwords were accessed by anyone outside its response team. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Passwords

Passwords Financial Services Access Security

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper. The flaw also affected the Financial Services Analytical Applications Infrastructure, the Fusion Middleware MapViewer, and four three Oracle Retail components. Pierluigi Paganini.

Financial Services

Financial Services Libraries Mining Retail

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Security Affairs

FEBRUARY 26, 2019

Hackers targeted dozens of Imperva’s customers, including organizations in the government and financial services sectors. “We’ve found dozens of attack attempts aimed at dozens of websites that belong to our customers using this exploit, including sites in government and the financial services industry.”

Financial Services

Financial Services CMS Government Security

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

link] [link] [link] associated with financial services to capture credentials. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Qbot monitors the victim’s web traffic searching for specific strings (i.e.

Phishing

Phishing Financial Services Personal data Security

Hackers stole $32 million from Bitpoint cryptocurrency exchange

Security Affairs

JULY 12, 2019

. “The hacks have prompted greater oversight of crypto exchanges by Japan’s Financial Services Agency but critics says security gaps remain.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Financial Services

Financial Services Security IT Data breaches

Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits

Security Affairs

NOVEMBER 19, 2018

Other participants were teams from universities, Tencent, financial service provider Ant Financial, and independent researchers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Financial Services

Financial Services Cybersecurity Security

Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

Security Affairs

SEPTEMBER 20, 2018

“Documents seen by Reuters on Thursday showed Japan’s Financial Services Agency would conduct emergency checks on cryptocurrency exchange operators’ management of customer assets, following the theft. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the Reuters.

Financial Services

Financial Services Retail Security IT

Critical RCE affects older Diebold Nixdorf ATMs

Security Affairs

JUNE 9, 2019

The focused their analysis on the Spiservice service listening on post 8043. “Look at the output of command, there is a service (Spiservice) which running on port 8043. The SpiService.exe is associated with XFS, the Extension for Financial Services DLL library (MSXFS.dll) that is specifically used by ATMs.”

Libraries

Libraries Communications Financial Services Security

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

Security Affairs

OCTOBER 15, 2019

The Pitney Bowes company announced that a ransomware attack infected its systems and cause a partial system outage that made some of its service unavailable for some customers. Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce, shipping, mailing, data and financial services.

Ransomware

Ransomware Financial Services Access Encryption

Google TAG report Q1 details about nation-state hacking and disinformation

Security Affairs

MAY 28, 2020

Experts reported new activity from “hack-for-hire” firms, many based in India, that are using Gmail accounts spoofing the WHO to target business leaders in financial services, consulting, and healthcare corporations within numerous countries including, the U.S., Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Financial Services

Financial Services Government Phishing Marketing

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Security Affairs

APRIL 10, 2019

Update to security note release on January 2019 Patch Day: [ CVE-2018-2484 ] Missing Authorization check in SAP Enterprise Financial Services. SAP also addressed an XXE bug in SLD Registration of NetWeaver and ABAP Platform (CVE-2019-0265), and a missing authorization check in Enterprise Financial Services (CVE-2018-2484).

Security

Security Financial Services Risk Access

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

OCTOBER 6, 2021

Agent Tesla , first discovered in late 2014, is an extremely popular “malware-as-a-service” Remote Access Trojan (RAT) tool used by threat actors to steal information such as credentials, keystrokes, clipboard data and other information from its operators’ targets.

Financial Services

Financial Services Retail Education Information Security

U.S. Indicts North Korean Hackers in Theft of $200 Million

Krebs on Security

FEBRUARY 17, 2021

million in August 2020 from a financial services company based in New York. million from two different cryptocurrency exchanges used by the hackers, money that investigators say will be returned to the New York financial services firm. billion from banks and other victims worldwide.

Financial Services

Financial Services Phishing Blockchain Government

SAP Security Patch Day for May 2019 fixes many missing authorization checks

Security Affairs

MAY 15, 2019

Five Security Notes included in SAP Security Patch Day for May 2019 addressed missing authorization checks in SAP products, including Treasury and Risk Management, Solution Manager and ABAP managed systems, dbpool administration, and Enterprise Financial Services. . ” reads a blog post published by SAP security firm Onapsis.

Security

Security Financial Services Risk IT

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

“On December 13, 2018, we observed another large ServHelper “downloader” campaign targeting retail and financial services customers.” ” The attacks leveraging the two malware were not targeted in nature attackers aimed at financial services organizations worldwide. . Pierluigi Paganini.

IT

IT Financial Services Ransomware Retail

California IT service provider Synoptek pays ransom after Sodinokibi attack

Security Affairs

JANUARY 5, 2020

Synoptek has more than 1,100 customers across multiple industries, including local governments, financial services, healthcare, manufacturing, media, retail and software. . ” T he IT service provider confirmed the attack but did not comment on whether it paid the ransom asked by the crooks. Pierluigi Paganini.

IT

IT Ransomware Financial Services Retail

Akamai Report: Credential stuffing attacks are a growing threat

Security Affairs

SEPTEMBER 25, 2018

In another attack, a large financial services institution received over 350,000 login attempts in just one afternoon. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. billion attempts), followed by Russia (1.55

Passwords

Passwords Data breaches Financial Services Retail

New Trickbot module implements Remote App Credential-Grabbing features

Security Affairs

FEBRUARY 18, 2019

The new variant is being spread via spam emails that pose as tax-incentive notification purporting to be from the financial services company Deloitte. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Financial Services Encryption Authentication

Mastercard data breach affected Priceless Specials loyalty program

Security Affairs

AUGUST 23, 2019

The American multinational financial services corporation noti f ied the data breach to the German and Belgian Data Protection Authorities. ” Impacted customers have been notified about the data leak, MasterCard will offer them one-year free credit monitoring and identity theft prevention service. Pierluigi Paganini.

Data breaches

Data breaches Financial Services Passwords Security

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

APRIL 8, 2020

. “Consider contacting CIFAS (the UK’s Fraud Prevention Service) to apply for protective registration. Once you’ve registered, you should be aware that CIFAS members will do extra checks to see when anyone, including you, applies for a financial service, such as a loan, using your address.” Pierluigi Paganini.

Ransomware

Ransomware Data breaches Encryption Financial Services

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

ybercriminals behind the PerSwaysion campaign gained access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – Facebook, hacking).

Phishing

Phishing Cloud Financial Services Authentication

Malware researchers analyzed an intriguing Java ATM Malware

Security Affairs

JULY 30, 2019

Experts spotted a Java ATM malware that was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. In that case, the malware was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. Introduction. Pierluigi Paganini.

Financial Services

Financial Services Communications Access IT

Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365

Security Affairs

NOVEMBER 17, 2019

Other participants were teams from universities, Tencent, financial service provider Ant Financial, and independent researchers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Financial Services

Financial Services Government Security Cybersecurity

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

FEBRUARY 4, 2019

Some of our clients in the banking industry or other financial services; they see more and more SS7-based [requests],” Karsten Nohl, a researcher from Security Research Labs who has worked on SS7 for years, told Motherboard in a phone call. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IT

IT Authentication Financial Services Access

Emissary Panda updated its weapons for attacks in the past 2 years

Security Affairs

MARCH 1, 2019

defense contractors , financial services firms, and a national data center in Central Asia. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The Emissary Panda APT (aka LuckyMouse , APT27, Threat Group 3390, and Bronze Union) has been active since 2010, targeted organizations worldwide, including U.S.

IT

IT File names Financial Services Communications

Emissary Panda APT group hit Government Organizations in the Middle East

Security Affairs

MAY 30, 2019

defense contractors , financial services firms, and a national data center in Central Asia. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – cyberespionage , Emissary Panda).

Government

Government Financial Services Security Cybersecurity

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

This action will result in protection for a wide range of organizations, including financial services institutions, government, healthcare, and other verticals from malware and human-operated campaigns delivered via the Trickbot infrastructure.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security Financial Services Ransomware Access

Air Canada data breach – 20,000 users of its mobile app affected

Security Affairs

AUGUST 30, 2018

As a best practice, customers should always monitor their transactions and credit rating carefully and contact their financial services provider immediately if they become aware of any unusual or unauthorized activities.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Data breaches

Data breaches IT Passwords Financial Services

4 Industries That Have to Fight the Hardest Against Cyberattacks

Security Affairs

DECEMBER 4, 2018

Financial Services. And, since financial institutions have extraordinary amounts of money on hand, it’s not surprising they’re prime targets for cybercriminals. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Retail

Retail Cybersecurity Data breaches Risk

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

defense contractors and financial services firms worldwide. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The APT group has been active since at least 2010, the crew targeted U.S. ” concludes Kaspersky.

Communications

Communications Financial Services Government Phishing

Pitney Bowes revealed that its systems were infected with Ryuk Ransomware

Security Affairs

OCTOBER 18, 2019

The global shipping and mailing services company Pitney Bowes recently suffered a partial outage of its service caused by a ransomware attack. Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce , shipping, mailing, data and financial services. Pierluigi Paganini.

Ransomware

Ransomware IT Financial Services Access

EventBot, a new Android mobile targets financial institutions across Europe

The G7 expresses its concern over ransomware attacks

Webinars

Trending Sources

Corporate Finance firms leak 500K+ legal and financial documents online

Webinars

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

American Insurance firm State Farm victim of credential stuffing attacks

Ransomware infected systems at Xchanging, a DXC subsidiary

Fake Microsoft Teams notifications aim at stealing Office365 logins

15 billion credentials available in the cybercrime marketplaces

France and Germany will block Facebook’s Libra cryptocurrency

Hundreds of malicious Chrome browser extensions used to spy on you!

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

NY Charges First American Financial for Massive Data Leak

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Stock trading service Robinhood stored passwords in plaintext for some users

Oracle critical patch advisory addresses 284 flaws, 33 critical

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

An ongoing Qbot campaign targeted customers of tens of US banks

Hackers stole $32 million from Bitpoint cryptocurrency exchange

Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits

Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

Critical RCE affects older Diebold Nixdorf ATMs

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

Google TAG report Q1 details about nation-state hacking and disinformation

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

U.S. Indicts North Korean Hackers in Theft of $200 Million

SAP Security Patch Day for May 2019 fixes many missing authorization checks

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

California IT service provider Synoptek pays ransom after Sodinokibi attack

Akamai Report: Credential stuffing attacks are a growing threat

New Trickbot module implements Remote App Credential-Grabbing features

Mastercard data breach affected Priceless Specials loyalty program

Maze ransomware gang discloses data from drug testing firm HMR

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Malware researchers analyzed an intriguing Java ATM Malware

Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Emissary Panda updated its weapons for attacks in the past 2 years

Emissary Panda APT group hit Government Organizations in the Middle East

Microsoft partnered with other security firms to takedown TrickBot botnet

Air Canada data breach – 20,000 users of its mobile app affected

4 Industries That Have to Fight the Hardest Against Cyberattacks

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Pitney Bowes revealed that its systems were infected with Ryuk Ransomware

Stay Connected