2014 and Financial Services - Information Management Today

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

According to a filing (PDF) by the New York State Department of Financial Services (DFS), the weakness that exposed the documents was first introduced during an application software update in May 2014 and went undetected for years. The documents were available without authentication to anyone with a Web browser.

Insurance

Insurance Financial Services Mining Access

The G7 expresses its concern over ransomware attacks

Security Affairs

OCTOBER 14, 2020

Not only can the financial costs be high, but the disruption to critical sectors, including financial services and healthcare, as well as the exposure of confidential information, can cause severe damage.” “The G7 is committed to working with our financial sectors to combat ransomware. Pierluigi Paganini.

Ransomware

Ransomware IT Financial Services Data Privacy

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

An introduction to 360 degree threat detection

OpenText Information Management

JULY 25, 2019

According to Accenture, the cost of cybercrime to US Financial Services companies rose 40% between 2014 and 2017, on average costing companies over $18 million per year. Add to this much tighter data protection regulations – such as those in the US and Europe – and the need for endpoint security becomes clear.

Financial Services

Financial Services Security

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe.

Financial Services

Financial Services Libraries Encryption Authentication

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

Security Affairs

DECEMBER 26, 2018

Researchers at Menlo Labs uncovered a malicious email campaign targeting employees of banks and financial services companies abusing Google Cloud Storage. “Financial Services companies can expect to be the target of even more sophisticated malware and credential phishing attacks,”. ” Menlo Labs concludes.

Cloud

Cloud Financial Services Archiving Phishing

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July.

Insurance

Insurance Data breaches Financial Services Passwords

Corporate Finance firms leak 500K+ legal and financial documents online

Security Affairs

MARCH 17, 2020

Advantage and Argus seem to be the same company working under two different names, they offer funding and startup capital to business owners without access to traditional lending and financial services. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Financial Services

Financial Services Access Privacy Security

Ransomware infected systems at Xchanging, a DXC subsidiary

Security Affairs

JULY 6, 2020

Xchanging employs over 7,000 people worldwide and offers IT outsourcing, infrastructure including network managed services, software products and application management. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Insurance Financial Services Manufacturing

France and Germany will block Facebook’s Libra cryptocurrency

Security Affairs

SEPTEMBER 16, 2019

. “Unlike other cryptocurrencies , which are not controlled by a central authority, Libra will not be decentralised , but will be entrusted to a Swiss-based association of major technology and financial services companies. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Financial Services

Financial Services Government IT Security

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

The credentials are sold for an average of $15.43, the most expensive pairs relate to banking and financial services accounts, with an average price of nearly $71. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Marketing

Marketing Passwords Financial Services Access

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were used in a massive surveillance campaign aimed at users working in the financial services, oil and gas, media and entertainment, healthcare, government organizations, and pharmaceuticals. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Healthcare

Healthcare Financial Services Communications Security

Stock trading service Robinhood stored passwords in plaintext for some users

Security Affairs

JULY 25, 2019

Robinhood confirmed to have addressed the issue and the good news for the impacted users is that the financial service hasn’t found evidence that the passwords were accessed by anyone outside its response team. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Passwords

Passwords Financial Services Access Security

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

.” PIONEER KITTEN hackers to date have focused their attacks against entities in North American and Israeli, while targeted sectors include technology, government, defense, healthcare, aviation, media, academic, engineering, consulting and professional services, chemical, manufacturing, financial services, insurance, and retail. .

Access

Access Financial Services Retail Insurance

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

Security Affairs

MARCH 19, 2020

.” The module appears to be under development, but experts pointed out that threat actors already used it to target organizations, mostly in telecoms, education, and financial services sectors. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Financial Services

Financial Services Education Communications IT

California IT service provider Synoptek pays ransom after Sodinokibi attack

Security Affairs

JANUARY 5, 2020

Synoptek has more than 1,100 customers across multiple industries, including local governments, financial services, healthcare, manufacturing, media, retail and software. . ” T he IT service provider confirmed the attack but did not comment on whether it paid the ransom asked by the crooks. Pierluigi Paganini.

IT

IT Ransomware Financial Services Retail

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Security Affairs

FEBRUARY 26, 2019

Hackers targeted dozens of Imperva’s customers, including organizations in the government and financial services sectors. “We’ve found dozens of attack attempts aimed at dozens of websites that belong to our customers using this exploit, including sites in government and the financial services industry.”

Financial Services

Financial Services CMS Government Security

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper. The flaw also affected the Financial Services Analytical Applications Infrastructure, the Fusion Middleware MapViewer, and four three Oracle Retail components. Pierluigi Paganini.

Financial Services

Financial Services Libraries Mining Retail

Hackers stole $32 million from Bitpoint cryptocurrency exchange

Security Affairs

JULY 12, 2019

. “The hacks have prompted greater oversight of crypto exchanges by Japan’s Financial Services Agency but critics says security gaps remain.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Financial Services

Financial Services Security IT Data breaches

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

OCTOBER 6, 2021

Agent Tesla , first discovered in late 2014, is an extremely popular “malware-as-a-service” Remote Access Trojan (RAT) tool used by threat actors to steal information such as credentials, keystrokes, clipboard data and other information from its operators’ targets.

Financial Services

Financial Services Retail Education Information Security

Critical RCE affects older Diebold Nixdorf ATMs

Security Affairs

JUNE 9, 2019

The focused their analysis on the Spiservice service listening on post 8043. “Look at the output of command, there is a service (Spiservice) which running on port 8043. The SpiService.exe is associated with XFS, the Extension for Financial Services DLL library (MSXFS.dll) that is specifically used by ATMs.”

Libraries

Libraries Communications Financial Services Security

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

Security Affairs

OCTOBER 15, 2019

The Pitney Bowes company announced that a ransomware attack infected its systems and cause a partial system outage that made some of its service unavailable for some customers. Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce, shipping, mailing, data and financial services.

Ransomware

Ransomware Financial Services Access Encryption

“Cryptoassets are here to stay”: EU Authorities to Provide Guidance on Cryptocurrencies and ICOs

Data Matters

SEPTEMBER 12, 2018

As part of the public discussion, the Commission, the European Securities and Markets Authority (ESMA), the European Banking Authority (EBA) and the UK Financial Conduct Authority (FCA) were present to provide their thoughts. Firms interested in cryptoassets should watch for EU regulatory guidance later this year. 3 Available at [link].

Financial Services

Financial Services Marketing Privacy IT

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

link] [link] [link] associated with financial services to capture credentials. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Qbot monitors the victim’s web traffic searching for specific strings (i.e.

Phishing

Phishing Financial Services Personal data Security

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Security Affairs

APRIL 10, 2019

Update to security note release on January 2019 Patch Day: [ CVE-2018-2484 ] Missing Authorization check in SAP Enterprise Financial Services. SAP also addressed an XXE bug in SLD Registration of NetWeaver and ABAP Platform (CVE-2019-0265), and a missing authorization check in Enterprise Financial Services (CVE-2018-2484).

Security

Security Financial Services Risk Access

Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits

Security Affairs

NOVEMBER 19, 2018

Other participants were teams from universities, Tencent, financial service provider Ant Financial, and independent researchers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Financial Services

Financial Services Cybersecurity Security

Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

Security Affairs

SEPTEMBER 20, 2018

“Documents seen by Reuters on Thursday showed Japan’s Financial Services Agency would conduct emergency checks on cryptocurrency exchange operators’ management of customer assets, following the theft. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the Reuters.

Financial Services

Financial Services Retail Security IT

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

” “CrowdStrike Intelligence has observed WIZARD SPIDER targeting multiple countries and industries such as academia, energy, financial services, government, and more,” said Adam Meyers , head of intelligence at CrowdStrike. This is not the U.S. government’s first swipe at the Trickbot group.

Ransomware

Ransomware Government Cybersecurity Blockchain

SAP Security Patch Day for May 2019 fixes many missing authorization checks

Security Affairs

MAY 15, 2019

Five Security Notes included in SAP Security Patch Day for May 2019 addressed missing authorization checks in SAP products, including Treasury and Risk Management, Solution Manager and ABAP managed systems, dbpool administration, and Enterprise Financial Services. . ” reads a blog post published by SAP security firm Onapsis.

Security

Security Financial Services Risk IT

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

“On December 13, 2018, we observed another large ServHelper “downloader” campaign targeting retail and financial services customers.” ” The attacks leveraging the two malware were not targeted in nature attackers aimed at financial services organizations worldwide. . Pierluigi Paganini.

IT

IT Financial Services Retail Ransomware

Mastercard data breach affected Priceless Specials loyalty program

Security Affairs

AUGUST 23, 2019

The American multinational financial services corporation noti f ied the data breach to the German and Belgian Data Protection Authorities. ” Impacted customers have been notified about the data leak, MasterCard will offer them one-year free credit monitoring and identity theft prevention service. Pierluigi Paganini.

Data breaches

Data breaches Financial Services Passwords Security

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

This action will result in protection for a wide range of organizations, including financial services institutions, government, healthcare, and other verticals from malware and human-operated campaigns delivered via the Trickbot infrastructure.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security Financial Services Ransomware Access

New Trickbot module implements Remote App Credential-Grabbing features

Security Affairs

FEBRUARY 18, 2019

The new variant is being spread via spam emails that pose as tax-incentive notification purporting to be from the financial services company Deloitte. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Financial Services Encryption Authentication

Malware researchers analyzed an intriguing Java ATM Malware

Security Affairs

JULY 30, 2019

Experts spotted a Java ATM malware that was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. In that case, the malware was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. Introduction. Pierluigi Paganini.

Financial Services

Financial Services Communications Access IT

Akamai Report: Credential stuffing attacks are a growing threat

Security Affairs

SEPTEMBER 25, 2018

In another attack, a large financial services institution received over 350,000 login attempts in just one afternoon. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. billion attempts), followed by Russia (1.55

Passwords

Passwords Data breaches Financial Services Retail

Pitney Bowes revealed that its systems were infected with Ryuk Ransomware

Security Affairs

OCTOBER 18, 2019

The global shipping and mailing services company Pitney Bowes recently suffered a partial outage of its service caused by a ransomware attack. Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce , shipping, mailing, data and financial services. Pierluigi Paganini.

Ransomware

Ransomware IT Financial Services Access

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

10 The vulnerability arose from an embedded application, where from 2014 to May 24, 2019, a user could alter the digits in a URL to view another document to which the user should not have had access. See CF Disclosure Guidance: Topic No. 2, Cybersecurity (Oct. 14, 2011). 15, 2020). 2020-0030-C (July 21, 2020).

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Air Canada data breach – 20,000 users of its mobile app affected

Security Affairs

AUGUST 30, 2018

As a best practice, customers should always monitor their transactions and credit rating carefully and contact their financial services provider immediately if they become aware of any unusual or unauthorized activities.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Data breaches

Data breaches IT Passwords Financial Services

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

APRIL 8, 2020

. “Consider contacting CIFAS (the UK’s Fraud Prevention Service) to apply for protective registration. Once you’ve registered, you should be aware that CIFAS members will do extra checks to see when anyone, including you, applies for a financial service, such as a loan, using your address.” Pierluigi Paganini.

Ransomware

Ransomware Data breaches Encryption Financial Services

NYDFS Files First Cybersecurity Enforcement Action

Hunton Privacy

JULY 24, 2020

On Wednesday, July 22, the New York Department of Financial Services (the “NYDFS”) announced that it had filed administrative charges against First American Title Insurance Co. under the NYDFS Cybersecurity Regulation , marking the agency’s first enforcement action since the rules went into effect in March 2017.

Cybersecurity

Cybersecurity Risk Financial Services Insurance

2024 Cybersecurity Laws & Regulations

eSecurity Planet

SEPTEMBER 21, 2024

Enacted in 2002 and updated by the Federal Information Security Modernization Act (FISMA) of 2014, FISMA requires agencies to implement a risk-based approach to security. This includes developing and maintaining security plans, conducting regular risk assessments, and ensuring continuous monitoring of information systems.

Cybersecurity

Cybersecurity Computer and Electronics Compliance Privacy

Marriott Breach: More than 500 Million Guest Affected

Adam Levin

NOVEMBER 30, 2018

The vulnerability that the hackers took advantage of had been in place and used for “unauthorized access,” according to the company statement, since 2014. . “The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it,” Marriott disclosed in a statement.

Financial Services

Financial Services Encryption Passwords Communications

CENTRAL BANK DIGITAL CURRENCIES

Thales Cloud Protection & Licensing

FEBRUARY 27, 2023

More than 130 Central Banks have been exploring CBDCs since 2014. Government & Central Banks Central banks are exploring the use of central bank digital currencies as a way to take advantage of the benefits of cryptocurrencies for economic growth, while also minimizing the potential risks to financial stability: 1.

Financial Services

Financial Services Access Risk Security

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

FEBRUARY 4, 2019

Some of our clients in the banking industry or other financial services; they see more and more SS7-based [requests],” Karsten Nohl, a researcher from Security Research Labs who has worked on SS7 for years, told Motherboard in a phone call. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IT

IT Authentication Financial Services Access

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

NY Charges First American Financial for Massive Data Leak

Webinars

Trending Sources

The G7 expresses its concern over ransomware attacks

Webinars

An introduction to 360 degree threat detection

EventBot, a new Android mobile targets financial institutions across Europe

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

American Insurance firm State Farm victim of credential stuffing attacks

Corporate Finance firms leak 500K+ legal and financial documents online

Ransomware infected systems at Xchanging, a DXC subsidiary

France and Germany will block Facebook’s Libra cryptocurrency

15 billion credentials available in the cybercrime marketplaces

Hundreds of malicious Chrome browser extensions used to spy on you!

Stock trading service Robinhood stored passwords in plaintext for some users

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

California IT service provider Synoptek pays ransom after Sodinokibi attack

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Oracle critical patch advisory addresses 284 flaws, 33 critical

Hackers stole $32 million from Bitpoint cryptocurrency exchange

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Critical RCE affects older Diebold Nixdorf ATMs

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

“Cryptoassets are here to stay”: EU Authorities to Provide Guidance on Cryptocurrencies and ICOs

An ongoing Qbot campaign targeted customers of tens of US banks

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits

Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

SAP Security Patch Day for May 2019 fixes many missing authorization checks

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Mastercard data breach affected Priceless Specials loyalty program

Microsoft partnered with other security firms to takedown TrickBot botnet

New Trickbot module implements Remote App Credential-Grabbing features

Malware researchers analyzed an intriguing Java ATM Malware

Akamai Report: Credential stuffing attacks are a growing threat

Pitney Bowes revealed that its systems were infected with Ryuk Ransomware

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Air Canada data breach – 20,000 users of its mobile app affected

Maze ransomware gang discloses data from drug testing firm HMR

NYDFS Files First Cybersecurity Enforcement Action

2024 Cybersecurity Laws & Regulations

Marriott Breach: More than 500 Million Guest Affected

CENTRAL BANK DIGITAL CURRENCIES

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Stay Connected