2015 and Financial Services - Information Management Today

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe.

Financial Services

Financial Services Libraries Encryption Authentication

JPMorgan Chase's Russian Hacker Pleads Guilty

Data Breach Today

SEPTEMBER 24, 2019

financial services firms and others from 2012 to mid-2015. Andrei Tyurin Stole Details of 83 Million Customers During Cybercrime Campaign Russian national Andrei Tyurin pleaded guilty to perpetrating massive hack attacks against leading U.S.

Financial Services

The G7 expresses its concern over ransomware attacks

Security Affairs

OCTOBER 14, 2020

Not only can the financial costs be high, but the disruption to critical sectors, including financial services and healthcare, as well as the exposure of confidential information, can cause severe damage.” “The G7 is committed to working with our financial sectors to combat ransomware. Pierluigi Paganini.

Ransomware

Ransomware IT Financial Services Data Privacy

Webinars

Maximizing Profit and Productivity: The New Era of AI-Powered Accounting

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

Security Affairs

DECEMBER 26, 2018

Researchers at Menlo Labs uncovered a malicious email campaign targeting employees of banks and financial services companies abusing Google Cloud Storage. “Financial Services companies can expect to be the target of even more sophisticated malware and credential phishing attacks,”. ” Menlo Labs concludes.

Cloud

Cloud Financial Services Archiving Phishing

Corporate Finance firms leak 500K+ legal and financial documents online

Security Affairs

MARCH 17, 2020

Advantage and Argus seem to be the same company working under two different names, they offer funding and startup capital to business owners without access to traditional lending and financial services. “Furthermore, a leak like this may attract the attention of US financial and data security regulators.”

Financial Services

Financial Services Access Security Privacy

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. billion per month.

Insurance

Insurance Data breaches Financial Services Passwords

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper. The flaw also affected the Financial Services Analytical Applications Infrastructure, the Fusion Middleware MapViewer, and four three Oracle Retail components.

Financial Services

Financial Services Libraries Mining Retail

Ransomware infected systems at Xchanging, a DXC subsidiary

Security Affairs

JULY 6, 2020

Xchanging employs over 7,000 people worldwide and offers IT outsourcing, infrastructure including network managed services, software products and application management. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Securities and Exchange Commission (SEC). Pierluigi Paganini.

Ransomware

Ransomware Insurance Financial Services Manufacturing

France and Germany will block Facebook’s Libra cryptocurrency

Security Affairs

SEPTEMBER 16, 2019

. “Unlike other cryptocurrencies , which are not controlled by a central authority, Libra will not be decentralised , but will be entrusted to a Swiss-based association of major technology and financial services companies. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Financial Services

Financial Services Government IT Security

Fake Microsoft Teams notifications aim at stealing Office365 logins

Security Affairs

MAY 2, 2020

.” A few days ago, researchers from Group-IB reported a campaign dubbed “ PerSwaysion ,” in which attackers exploit Microsoft’s Sway file-sharing to gain access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups. Recently the U.S. Pierluigi Paganini.

Phishing

Phishing Financial Services Cybersecurity Access

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

The credentials are sold for an average of $15.43, the most expensive pairs relate to banking and financial services accounts, with an average price of nearly $71. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the report published by the experts. Pierluigi Paganini.

Marketing

Marketing Passwords Financial Services Access

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were used in a massive surveillance campaign aimed at users working in the financial services, oil and gas, media and entertainment, healthcare, government organizations, and pharmaceuticals. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Healthcare

Healthcare Financial Services Security Communications

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

Security Affairs

MARCH 19, 2020

.” The module appears to be under development, but experts pointed out that threat actors already used it to target organizations, mostly in telecoms, education, and financial services sectors. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Financial Services

Financial Services Education Communications IT

Stock trading service Robinhood stored passwords in plaintext for some users

Security Affairs

JULY 25, 2019

Robinhood confirmed to have addressed the issue and the good news for the impacted users is that the financial service hasn’t found evidence that the passwords were accessed by anyone outside its response team. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Passwords

Passwords Financial Services Access Security

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

” The TA505 group was first spotted by Proofpoint back 2017, it has been active at least since 2015 and targets organizations in financial and retail industries. “On December 13, 2018, we observed another large ServHelper “downloader” campaign targeting retail and financial services customers.”

IT

IT Financial Services Ransomware Retail

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Security Affairs

FEBRUARY 26, 2019

Hackers targeted dozens of Imperva’s customers, including organizations in the government and financial services sectors. “We’ve found dozens of attack attempts aimed at dozens of websites that belong to our customers using this exploit, including sites in government and the financial services industry.”

Financial Services

Financial Services CMS Government Security

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

.” PIONEER KITTEN hackers to date have focused their attacks against entities in North American and Israeli, while targeted sectors include technology, government, defense, healthcare, aviation, media, academic, engineering, consulting and professional services, chemical, manufacturing, financial services, insurance, and retail. .

Access

Access Financial Services Retail Insurance

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

link] [link] [link] associated with financial services to capture credentials. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The attackers then use the always-running explorer.exe process to update Qbot from their external command-and-control server. Pierluigi Paganini.

Phishing

Phishing Financial Services Personal data Security

Hackers stole $32 million from Bitpoint cryptocurrency exchange

Security Affairs

JULY 12, 2019

“The hacks have prompted greater oversight of crypto exchanges by Japan’s Financial Services Agency but critics says security gaps remain.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the AFP press.

Financial Services

Financial Services Security IT Data breaches

Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits

Security Affairs

NOVEMBER 19, 2018

Other participants were teams from universities, Tencent, financial service provider Ant Financial, and independent researchers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. According to organizers, hackers earned $1,024,000 for a total of 30 vulnerabilities. Pierluigi Paganini.

Financial Services

Financial Services Cybersecurity Security

Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

Security Affairs

SEPTEMBER 20, 2018

“Documents seen by Reuters on Thursday showed Japan’s Financial Services Agency would conduct emergency checks on cryptocurrency exchange operators’ management of customer assets, following the theft. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the Reuters.

Financial Services

Financial Services Retail Security IT

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Security Affairs

APRIL 10, 2019

Update to security note release on January 2019 Patch Day: [ CVE-2018-2484 ] Missing Authorization check in SAP Enterprise Financial Services. SAP also addressed an XXE bug in SLD Registration of NetWeaver and ABAP Platform (CVE-2019-0265), and a missing authorization check in Enterprise Financial Services (CVE-2018-2484).

Security

Security Financial Services Risk Access

Critical RCE affects older Diebold Nixdorf ATMs

Security Affairs

JUNE 9, 2019

The focused their analysis on the Spiservice service listening on post 8043. “Look at the output of command, there is a service (Spiservice) which running on port 8043. The SpiService.exe is associated with XFS, the Extension for Financial Services DLL library (MSXFS.dll) that is specifically used by ATMs.”

Libraries

Libraries Communications Financial Services Security

Google TAG report Q1 details about nation-state hacking and disinformation

Security Affairs

MAY 28, 2020

Experts reported new activity from “hack-for-hire” firms, many based in India, that are using Gmail accounts spoofing the WHO to target business leaders in financial services, consulting, and healthcare corporations within numerous countries including, the U.S., Slovenia, Canada, India, Bahrain, Cyprus, and the UK. Pierluigi Paganini.

Financial Services

Financial Services Government Phishing Marketing

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

Security Affairs

OCTOBER 15, 2019

The Pitney Bowes company announced that a ransomware attack infected its systems and cause a partial system outage that made some of its service unavailable for some customers. Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce, shipping, mailing, data and financial services.

Ransomware

Ransomware Financial Services Access Encryption

SAP Security Patch Day for May 2019 fixes many missing authorization checks

Security Affairs

MAY 15, 2019

Five Security Notes included in SAP Security Patch Day for May 2019 addressed missing authorization checks in SAP products, including Treasury and Risk Management, Solution Manager and ABAP managed systems, dbpool administration, and Enterprise Financial Services. . ” reads a blog post published by SAP security firm Onapsis.

Security

Security Financial Services Risk IT

California IT service provider Synoptek pays ransom after Sodinokibi attack

Security Affairs

JANUARY 5, 2020

Synoptek has more than 1,100 customers across multiple industries, including local governments, financial services, healthcare, manufacturing, media, retail and software. . ” T he IT service provider confirmed the attack but did not comment on whether it paid the ransom asked by the crooks. Pierluigi Paganini.

IT

IT Ransomware Financial Services Retail

New Trickbot module implements Remote App Credential-Grabbing features

Security Affairs

FEBRUARY 18, 2019

The new variant is being spread via spam emails that pose as tax-incentive notification purporting to be from the financial services company Deloitte. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The new strain of the Trickbot banking trojan that a updated info-stealing module.

Passwords

Passwords Financial Services Encryption Authentication

Akamai Report: Credential stuffing attacks are a growing threat

Security Affairs

SEPTEMBER 25, 2018

In another attack, a large financial services institution received over 350,000 login attempts in just one afternoon. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Most of the credential stuffing attacks were originated in the US (2.82 billion attempts), followed by Russia (1.55

Passwords

Passwords Data breaches Financial Services Retail

Mastercard data breach affected Priceless Specials loyalty program

Security Affairs

AUGUST 23, 2019

The American multinational financial services corporation noti f ied the data breach to the German and Belgian Data Protection Authorities. ” Impacted customers have been notified about the data leak, MasterCard will offer them one-year free credit monitoring and identity theft prevention service. Pierluigi Paganini.

Data breaches

Data breaches Financial Services Passwords Security

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

ybercriminals behind the PerSwaysion campaign gained access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – Facebook, hacking).

Phishing

Phishing Cloud Financial Services Authentication

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

APRIL 8, 2020

. “Consider contacting CIFAS (the UK’s Fraud Prevention Service) to apply for protective registration. Once you’ve registered, you should be aware that CIFAS members will do extra checks to see when anyone, including you, applies for a financial service, such as a loan, using your address.” Pierluigi Paganini.

Ransomware

Ransomware Data breaches Encryption Financial Services

Malware researchers analyzed an intriguing Java ATM Malware

Security Affairs

JULY 30, 2019

Experts spotted a Java ATM malware that was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. In that case, the malware was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. Introduction. Pierluigi Paganini.

Financial Services

Financial Services Communications Access IT

Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365

Security Affairs

NOVEMBER 17, 2019

Other participants were teams from universities, Tencent, financial service provider Ant Financial, and independent researchers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. According to the organizers , in 2018 hackers earned $1,024,000 for a total of 30 vulnerabilities.

Financial Services

Financial Services Government Security Cybersecurity

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The attackers are attempting to exploit the need to install additional security software when South Korean users visit government or financial services websites. .

Financial Services

Financial Services Security Government Phishing

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

FEBRUARY 4, 2019

Some of our clients in the banking industry or other financial services; they see more and more SS7-based [requests],” Karsten Nohl, a researcher from Security Research Labs who has worked on SS7 for years, told Motherboard in a phone call. . ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IT

IT Authentication Financial Services Access

Air Canada data breach – 20,000 users of its mobile app affected

Security Affairs

AUGUST 30, 2018

As a best practice, customers should always monitor their transactions and credit rating carefully and contact their financial services provider immediately if they become aware of any unusual or unauthorized activities.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Data breaches

Data breaches IT Passwords Financial Services

Emissary Panda updated its weapons for attacks in the past 2 years

Security Affairs

MARCH 1, 2019

defense contractors , financial services firms, and a national data center in Central Asia. The Emissary Panda APT (aka LuckyMouse , APT27, Threat Group 3390, and Bronze Union) has been active since 2010, targeted organizations worldwide, including U.S. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

IT

IT File names Financial Services Communications

Who’s Behind the ‘Web Listings’ Mail Scam?

Krebs on Security

MARCH 23, 2020

Information about who registered Webtechnologiesletter.com is completely hidden behind privacy protection services. web-listingsinc.com 2015-11-06 ENOM, INC.,ENOM, weblistingsreports.net 2015-11-06 ENOM, INC.,ENOM, web-listingsinc.com 2015-11-06 ENOM, INC.,ENOM, weblistingsreports.net 2015-11-06 ENOM, INC.,ENOM,

Marketing

Marketing Sales Financial Services IT

Emissary Panda APT group hit Government Organizations in the Middle East

Security Affairs

MAY 30, 2019

defense contractors , financial services firms, and a national data center in Central Asia. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The Emissary Panda APT group has been active since 2010, targeted organizations worldwide, including U.S. Pierluigi Paganini.

Government

Government Financial Services Security Cybersecurity

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

This action will result in protection for a wide range of organizations, including financial services institutions, government, healthcare, and other verticals from malware and human-operated campaigns delivered via the Trickbot infrastructure.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security Financial Services Ransomware Access

Pitney Bowes revealed that its systems were infected with Ryuk Ransomware

Security Affairs

OCTOBER 18, 2019

The global shipping and mailing services company Pitney Bowes recently suffered a partial outage of its service caused by a ransomware attack. Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce , shipping, mailing, data and financial services. Pierluigi Paganini.

Ransomware

Ransomware IT Financial Services Access

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

defense contractors and financial services firms worldwide. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The APT group has been active since at least 2010, the crew targeted U.S. ” concludes Kaspersky. Further details including IoCs are reported in the analysis published by the experts.

Communications

Communications Financial Services Government Phishing

4 Industries That Have to Fight the Hardest Against Cyberattacks

Security Affairs

DECEMBER 4, 2018

Financial Services. And, since financial institutions have extraordinary amounts of money on hand, it’s not surprising they’re prime targets for cybercriminals. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. About the author. To learn more about Kayla and her re.

Retail

Retail Cybersecurity Data breaches Risk

EventBot, a new Android mobile targets financial institutions across Europe

JPMorgan Chase's Russian Hacker Pleads Guilty

Webinars

Trending Sources

The G7 expresses its concern over ransomware attacks

Webinars

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

Corporate Finance firms leak 500K+ legal and financial documents online

American Insurance firm State Farm victim of credential stuffing attacks

Oracle critical patch advisory addresses 284 flaws, 33 critical

Ransomware infected systems at Xchanging, a DXC subsidiary

France and Germany will block Facebook’s Libra cryptocurrency

Fake Microsoft Teams notifications aim at stealing Office365 logins

15 billion credentials available in the cybercrime marketplaces

Hundreds of malicious Chrome browser extensions used to spy on you!

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

Stock trading service Robinhood stored passwords in plaintext for some users

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Iran-linked APT group Pioneer Kitten sells access to hacked networks

An ongoing Qbot campaign targeted customers of tens of US banks

Hackers stole $32 million from Bitpoint cryptocurrency exchange

Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits

Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Critical RCE affects older Diebold Nixdorf ATMs

Google TAG report Q1 details about nation-state hacking and disinformation

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

SAP Security Patch Day for May 2019 fixes many missing authorization checks

California IT service provider Synoptek pays ransom after Sodinokibi attack

New Trickbot module implements Remote App Credential-Grabbing features

Akamai Report: Credential stuffing attacks are a growing threat

Mastercard data breach affected Priceless Specials loyalty program

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Maze ransomware gang discloses data from drug testing firm HMR

Malware researchers analyzed an intriguing Java ATM Malware

Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365

Lazarus malware delivered to South Korean users via supply chain attacks

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Air Canada data breach – 20,000 users of its mobile app affected

Emissary Panda updated its weapons for attacks in the past 2 years

Who’s Behind the ‘Web Listings’ Mail Scam?

Emissary Panda APT group hit Government Organizations in the Middle East

Microsoft partnered with other security firms to takedown TrickBot botnet

Pitney Bowes revealed that its systems were infected with Ryuk Ransomware

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

4 Industries That Have to Fight the Hardest Against Cyberattacks

Stay Connected