2014, Financial Services and Security - Information Management Today

Corporate Finance firms leak 500K+ legal and financial documents online

Security Affairs

MARCH 17, 2020

Security experts from vpnMentor have discovered two corporate finance companies that leak half a million legal and financial documents online. vpnMentor experts uncovered a database exposed online on Amazon Web Services (AWS) that is leaking a huge amount of sensitive legal and financial documents. Pierluigi Paganini.

Financial Services

Financial Services Access Security Privacy

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe.

Financial Services

Financial Services Libraries Encryption Authentication

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Security Affairs

APRIL 10, 2019

SAP released the April 2019 Security Patch Day that is included 6 Security Notes, two of which address High severity flaws in Crystal Reports and NetWeaver. SAP released 6 Security Notes as part of the April 2019 Security Patch Day, two of which address High severity flaws in Crystal Reports and NetWeaver.

Security

Security Financial Services Risk Access

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

SAP Security Patch Day for May 2019 fixes many missing authorization checks

Security Affairs

MAY 15, 2019

SAP released SAP Security Patch Day for May 2019 that includes 8 Security Notes, 5 of which are updates to previously released Notes. “Today, being the second Tuesday of the month, SAP released May’s Security Notes. “Today, being the second Tuesday of the month, SAP released May’s Security Notes.

Security

Security Financial Services Risk IT

The G7 expresses its concern over ransomware attacks

Security Affairs

OCTOBER 14, 2020

” G7 experts pointed out that these attacks often involve payments in crypto-assets, jeopardizing essential functions along with our collective security and prosperity. “The G7 is committed to working with our financial sectors to combat ransomware. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware IT Financial Services Data Privacy

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

Security Affairs

DECEMBER 26, 2018

Researchers at Menlo Labs uncovered a malicious email campaign targeting employees of banks and financial services companies abusing Google Cloud Storage. With this attack scheme, threat actors are able to bypass security controls in place within targeted organizations. ” Menlo Labs concludes. Pierluigi Paganini.

Cloud

Cloud Financial Services Archiving Phishing

Fake Microsoft Teams notifications aim at stealing Office365 logins

Security Affairs

MAY 2, 2020

Abnormal Security experts observed two separate phishing attacks impersonating notifications from Microsoft Teams that targeted as many as 50,000 Teams users to steal Office365 logins. Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS [link]. ” continues the report. Recently the U.S.

Phishing

Phishing Financial Services Cybersecurity Access

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were used in a massive surveillance campaign aimed at users working in the financial services, oil and gas, media and entertainment, healthcare, government organizations, and pharmaceuticals. ” reads the analysis published by Awake Security. appeared first on Security Affairs.

Healthcare

Healthcare Financial Services Security Communications

Ransomware infected systems at Xchanging, a DXC subsidiary

Security Affairs

JULY 6, 2020

Xchanging employs over 7,000 people worldwide and offers IT outsourcing, infrastructure including network managed services, software products and application management. Securities and Exchange Commission (SEC). The company disclosed the security breach on July 5, but it is not clear when it has discovered the attack.

Ransomware

Ransomware Insurance Financial Services Manufacturing

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

A report published by security firm Digital Shadows r evealed the availability of more than 15 billion credentials shared on cybercrime marketplaces, paste sites, file sharing services, and code sharing websites. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Marketing

Marketing Passwords Financial Services Access

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July.

Insurance

Insurance Data breaches Financial Services Passwords

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

Security Affairs

MARCH 19, 2020

Security experts from Bitdefender recently discovered a new TrickBot variant that is targeting telecommunications organizations in the United States and Hong Kong. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Financial Services

Financial Services Education Communications IT

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

Microsoft’s Defender team, FS-ISAC , ESET , Lumen’s Black Lotus Labs , NTT , and Broadcom’s cyber-security division Symantec joint the forces and announced today a coordinated effort to take down the command and control infrastructure of the infamous TrickBot botnet. ” reads the post published by Microsoft.

Security

Security Financial Services Ransomware Access

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Access

Access Financial Services Retail Insurance

France and Germany will block Facebook’s Libra cryptocurrency

Security Affairs

SEPTEMBER 16, 2019

. “Unlike other cryptocurrencies , which are not controlled by a central authority, Libra will not be decentralised , but will be entrusted to a Swiss-based association of major technology and financial services companies. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Financial Services

Financial Services Government IT Security

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

Researchers uncovered an ongoing campaign delivering the Qbot malware to steal credentials from customers of dozens of US financial institutions. Security researchers at F5 Labs have spotted ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. Pierluigi Paganini.

Phishing

Phishing Financial Services Personal data Security

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. In the days that followed, the DFS and U.S.

Insurance

Insurance Financial Services Mining Access

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Security Affairs

FEBRUARY 26, 2019

Last week, Drupal core team released security updates that address a “highly critical” remote code execution vulnerability. reads the security advisory published by Drupal. The flaw was discovered by Samuel Mortenson of the Drupal Security Team. ” reads the technical analysis published by Ambionics security.

Financial Services

Financial Services CMS Government Security

Hackers stole $32 million from Bitpoint cryptocurrency exchange

Security Affairs

JULY 12, 2019

BITPoint discovered the security breach overnight and immediately halted its services. “Today, we have stopped the remittance (sending) and receiving (depositing) services from 6:30, but we will stop all services including transactions and sending and receiving from around 10:30. . ” concludes the AFP press.

Financial Services

Financial Services Security IT Data breaches

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

OCTOBER 6, 2021

Agent Tesla , first discovered in late 2014, is an extremely popular “malware-as-a-service” Remote Access Trojan (RAT) tool used by threat actors to steal information such as credentials, keystrokes, clipboard data and other information from its operators’ targets. Follow me on Twitter: @securityaffairs and Facebook.

Financial Services

Financial Services Retail Education Information Security

Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

Security Affairs

SEPTEMBER 20, 2018

. “Japanese cryptocurrency firm Tech Bureau Corp said about $60 million in digital currencies were stolen from its exchange, highlighting the industry’s vulnerability despite recent efforts by authorities to make it more secure.” Anyway, the incidents demonstrate that the level of security of exchanges has to be improved.

Financial Services

Financial Services Retail Security IT

Critical RCE affects older Diebold Nixdorf ATMs

Security Affairs

JUNE 9, 2019

Automated teller machine vendor Diebold Nixdorf has released security updates to address a remote code execution vulnerability in older ATMs. Diebold Nixdorf discovered a remote code execution vulnerability in older ATMs and is urging its customers in installing security updates it has released to address the flaw. Pierluigi Paganini.

Libraries

Libraries Communications Financial Services Security

Stock trading service Robinhood stored passwords in plaintext for some users

Security Affairs

JULY 25, 2019

Robinhood confirmed to have addressed the issue and the good news for the impacted users is that the financial service hasn’t found evidence that the passwords were accessed by anyone outside its response team. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Passwords

Passwords Financial Services Access Security

Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits

Security Affairs

NOVEMBER 19, 2018

Other participants were teams from universities, Tencent, financial service provider Ant Financial, and independent researchers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Financial Services

Financial Services Cybersecurity Security

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

Security Affairs

OCTOBER 15, 2019

The Pitney Bowes company announced that a ransomware attack infected its systems and cause a partial system outage that made some of its service unavailable for some customers. Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce, shipping, mailing, data and financial services.

Ransomware

Ransomware Financial Services Access Encryption

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper. The flaw also affected the Financial Services Analytical Applications Infrastructure, the Fusion Middleware MapViewer, and four three Oracle Retail components. Pierluigi Paganini.

Financial Services

Financial Services Libraries Mining Retail

U.S. Indicts North Korean Hackers in Theft of $200 Million

Krebs on Security

FEBRUARY 17, 2021

Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings.

Financial Services

Financial Services Phishing Blockchain Government

Akamai Report: Credential stuffing attacks are a growing threat

Security Affairs

SEPTEMBER 25, 2018

According to Akamai report titled “[state of the internet] / security CREDENTIAL STUFFING ATTACKS “ the credential stuffing attacks are a growing threat and often underestimated. In another attack, a large financial services institution received over 350,000 login attempts in just one afternoon.

Passwords

Passwords Data breaches Financial Services Retail

September 2018 Security Notes address a total of 14 flaws in SAP products

Security Affairs

SEPTEMBER 12, 2018

SAP today just released the September 2018 set of Security Notes that address a total of 14 flaws in its products, including a critical flaw in SAP Business Client. The September 2018 Security Patch Day includes other 13 Security Notes, three were rated High severity, 9 Medium risk, and 1 Low severity. Pierluigi Paganini.

Security

Security Financial Services Libraries Authentication

Google TAG report Q1 details about nation-state hacking and disinformation

Security Affairs

MAY 28, 2020

The Google Threat Analysis Group (TAG) is a group inside the Google’s security team that tracks operations conducted by nation-state actors and cybercrime groups. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Financial Services

Financial Services Government Phishing Marketing

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. “On December 13, 2018, we observed another large ServHelper “downloader” campaign targeting retail and financial services customers.”

IT

IT Financial Services Ransomware Retail

Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365

Security Affairs

NOVEMBER 17, 2019

Security Competition has started, in two days white hat hackers will attempt to exploit flaws in major software. Security Competition has started, white hat hackers will attempt to devise working zero-day exploits for popular software. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Financial Services

Financial Services Government Security Cybersecurity

Mastercard data breach affected Priceless Specials loyalty program

Security Affairs

AUGUST 23, 2019

The American multinational financial services corporation noti f ied the data breach to the German and Belgian Data Protection Authorities. ” Impacted customers have been notified about the data leak, MasterCard will offer them one-year free credit monitoring and identity theft prevention service. Pierluigi Paganini.

Data breaches

Data breaches Financial Services Passwords Security

California IT service provider Synoptek pays ransom after Sodinokibi attack

Security Affairs

JANUARY 5, 2020

Synoptek has more than 1,100 customers across multiple industries, including local governments, financial services, healthcare, manufacturing, media, retail and software. . ” T he IT service provider confirmed the attack but did not comment on whether it paid the ransom asked by the crooks. Pierluigi Paganini.

IT

IT Ransomware Financial Services Retail

New Trickbot module implements Remote App Credential-Grabbing features

Security Affairs

FEBRUARY 18, 2019

The new variant is being spread via spam emails that pose as tax-incentive notification purporting to be from the financial services company Deloitte. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Financial Services Encryption Authentication

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

FEBRUARY 4, 2019

“At Metro Bank we take our customers’ security extremely seriously and have a comprehensive range of safeguards in place to help protect them against fraud. ” said National Cyber Security Centre spokesman. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IT

IT Authentication Financial Services Access

Malware researchers analyzed an intriguing Java ATM Malware

Security Affairs

JULY 30, 2019

Experts spotted a Java ATM malware that was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. In that case, the malware was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. Security Affairs – Java ATM malware, hacking).

Financial Services

Financial Services Communications Access IT

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

ybercriminals behind the PerSwaysion campaign gained access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – Facebook, hacking).

Phishing

Phishing Cloud Financial Services Authentication

Emissary Panda APT group hit Government Organizations in the Middle East

Security Affairs

MAY 30, 2019

defense contractors , financial services firms, and a national data center in Central Asia. The campaign appears related to attacks exploiting CVE-2019-0604 reported by the Saudi Arabian National Cyber Security Center and the Canadian Center for Cyber Security. Pierluigi Paganini. Pierluigi Paganini.

Government

Government Financial Services Security Cybersecurity

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

North Korea-linked Lazarus APT group is behind new campaigns against South Korean supply chains that leverage stolen security certificates. . Security experts from ESET reported that North-Korea-linked Lazarus APT (aka HIDDEN COBRA ) is behind cyber campaigns targeting South Korean supply chains.

Financial Services

Financial Services Security Government Phishing

Air Canada data breach – 20,000 users of its mobile app affected

Security Affairs

AUGUST 30, 2018

As an additional security precaution, we have locked all Air Canada mobile App accounts to protect our customers’ data.” Credit cards that are saved to your profile are encrypted and stored in compliance with security standards set by the payment card industry or PCI standards. ” reads the data breach notification.

Data breaches

Data breaches IT Passwords Financial Services

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

Security experts observed the LuckyMouse APT group using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks. defense contractors and financial services firms worldwide. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Communications

Communications Financial Services Government Phishing

Emissary Panda updated its weapons for attacks in the past 2 years

Security Affairs

MARCH 1, 2019

defense contractors , financial services firms, and a national data center in Central Asia. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Emissary Panda updated its weapons for attacks in the past 2 years appeared first on Security Affairs. Pierluigi Paganini. Pierluigi Paganini.

IT

IT File names Financial Services Communications

Slack Launched Encryption Key Addon For Businesses

Security Affairs

MARCH 18, 2019

One of the main reason why companies are launching security centric features is, they value their customer’s data, privacy and security. Organizations and people use this because they simply trust this platform as it is secure and have strong encryption. What are the security risks of Slack? Admin Roles.

Encryption

Encryption Risk Financial Services Privacy

Corporate Finance firms leak 500K+ legal and financial documents online

EventBot, a new Android mobile targets financial institutions across Europe

Webinars

Trending Sources

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Webinars

SAP Security Patch Day for May 2019 fixes many missing authorization checks

The G7 expresses its concern over ransomware attacks

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

Fake Microsoft Teams notifications aim at stealing Office365 logins

Hundreds of malicious Chrome browser extensions used to spy on you!

Ransomware infected systems at Xchanging, a DXC subsidiary

15 billion credentials available in the cybercrime marketplaces

American Insurance firm State Farm victim of credential stuffing attacks

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

Microsoft partnered with other security firms to takedown TrickBot botnet

Iran-linked APT group Pioneer Kitten sells access to hacked networks

France and Germany will block Facebook’s Libra cryptocurrency

An ongoing Qbot campaign targeted customers of tens of US banks

NY Charges First American Financial for Massive Data Leak

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Hackers stole $32 million from Bitpoint cryptocurrency exchange

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

Critical RCE affects older Diebold Nixdorf ATMs

Stock trading service Robinhood stored passwords in plaintext for some users

Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

Oracle critical patch advisory addresses 284 flaws, 33 critical

U.S. Indicts North Korean Hackers in Theft of $200 Million

Akamai Report: Credential stuffing attacks are a growing threat

September 2018 Security Notes address a total of 14 flaws in SAP products

Google TAG report Q1 details about nation-state hacking and disinformation

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365

Mastercard data breach affected Priceless Specials loyalty program

California IT service provider Synoptek pays ransom after Sodinokibi attack

New Trickbot module implements Remote App Credential-Grabbing features

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Malware researchers analyzed an intriguing Java ATM Malware

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Emissary Panda APT group hit Government Organizations in the Middle East

Lazarus malware delivered to South Korean users via supply chain attacks

Air Canada data breach – 20,000 users of its mobile app affected

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Emissary Panda updated its weapons for attacks in the past 2 years

Slack Launched Encryption Key Addon For Businesses

Stay Connected