2017 and Financial Services - Information Management Today

Microsoft seized 240 sites used by the ONNX phishing service

Security Affairs

NOVEMBER 23, 2024

Microsoft states that phishing heavily targets financial services, risking losses like life savings. Microsoft has tracked Nady, linked to phishing services since 2017. DIY phishing kits fuel millions of phishing emails Microsoft detects monthly.

Phishing

Phishing Financial Services Risk Access

A cyber attack hit Nissan Oceania

Security Affairs

DECEMBER 7, 2023

“The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. In December 2017, Nissan Finance Canada was hacked , personal information of 1.13 ” reads the statement published by the company on its website.

Financial Services

Financial Services Data breaches Ransomware Access

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Krebs on Security

JULY 1, 2021

Financial services giant Intuit this week informed 1.4 Intuit says the change is tied to an “exciting” and “free” new service that will let millions of small business employees get easy access to employment and income verification services when they wish to apply for a loan or line of credit.

Financial Services

Financial Services Government Authentication IT

Webinars

Maximizing Profit and Productivity: The New Era of AI-Powered Accounting

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

Security Affairs

MAY 24, 2023

Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks. The trick to use domain names impersonating jQuery was observed in a previous Iranian campaign from 2017. We are in the final!

Financial Services

Financial Services Security Cybersecurity IT

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper. The flaw also affected the Financial Services Analytical Applications Infrastructure, the Fusion Middleware MapViewer, and four three Oracle Retail components.

Financial Services

Financial Services Libraries Mining Retail

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. billion per month.

Insurance

Insurance Data breaches Financial Services Passwords

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

FlawedGrace is a full-featured RAT that we first observed in November 2017.” ” The TA505 group was first spotted by Proofpoint back 2017, it has been active at least since 2015 and targets organizations in financial and retail industries. ” reads the analysis published by Proofpoint.

IT

IT Financial Services Ransomware Retail

Nissan Oceania data breach impacted roughly 100,000 people

Security Affairs

MARCH 14, 2024

The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. In December 2017, Nissan Finance Canada was hacked , personal information of 1.13 reads the statement published by the company on its website.

Data breaches

Data breaches Financial Services Ransomware Government

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

The experts were able to enumerate the C2s and targets of multiple distinct Chaos clusters, some of which were employed in recent DDoS attacks against the gaming, financial services and technology, and media and entertainment industries. .” reads the analysis published by Lumen Technologies. ” continues the report.

Mining

Mining Financial Services IT Security

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

ybercriminals behind the PerSwaysion campaign gained access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups. This group has been conducting various activities ranging from online shopping scams to phishing attacks since 2017.

Phishing

Phishing Cloud Financial Services Authentication

Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

Security Affairs

SEPTEMBER 20, 2018

“Documents seen by Reuters on Thursday showed Japan’s Financial Services Agency would conduct emergency checks on cryptocurrency exchange operators’ management of customer assets, following the theft. The Tech Bureau took offline the exchange and sold to Fisco Ltd the majority ownership for a 5 billion yen ($44.59

Financial Services

Financial Services Retail Security IT

My (somewhat unreliable) data protection predictions for 2017

Data Protector

DECEMBER 31, 2016

I’ve recently had a quiet year on the blogging front – my professional duties have prevented me from playing a more active role on the Internet during this year than I would have liked, but that is set to change in 2017.

GDPR

GDPR Communications Financial Services Education

SEC announces sanctions against entities over email account hacking

Security Affairs

SEPTEMBER 1, 2021

The sanctioned entities are Cetera (Advisor Networks, Investment Services, Financial Specialists, Advisors, and Investment Advisers), Cambridge Investment Research (Investment Research and Investment Research Advisors), and KMS Financial Services.

Financial Services

Financial Services Cybersecurity Security Cloud

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017.

Financial Services

Financial Services Cybersecurity Compliance Government

Akamai Report: Credential stuffing attacks are a growing threat

Security Affairs

SEPTEMBER 25, 2018

This kind of attacks is very efficient due to the bad habit of users of reusing the same password over multiple services. Billion malicious login attempts from bots in May and June, an overall number of 30 billion malicious logins were observed between November 2017 and June 2018, an average of 3.75 The experts detected 8.3

Passwords

Passwords Data breaches Financial Services Retail

New York State Department of Financial Services Challenges OCC Authority on Fintech Charters

Data Matters

SEPTEMBER 20, 2018

Office of the Comptroller of the Currency (OCC) announced its decision (the Fintech Charter Decision) to begin accepting applications from financial technology (fintech) companies for special purpose national bank charters. The Fintech Charter Decision is discussed in greater detail in a prior Sidley Banking and Financial Services Update.

Financial Services

Financial Services Paper Marketing Privacy

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024

Thales Cloud Protection & Licensing

OCTOBER 24, 2024

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024 madhav Fri, 10/25/2024 - 06:09 The next major deadline for compliance with the updated cybersecurity rules from the New York State Department of Financial Services (NYDFS) is November 1, 2024.

Cybersecurity

Cybersecurity Financial Services Encryption Compliance

NY Department of Financial Services Issues Reminder for Cybersecurity Filing Deadline

Hunton Privacy

JANUARY 24, 2018

On January 22, 2018, the New York Department of Financial Services (“NYDFS”) issued a press release reminding entities covered by its cybersecurity regulation that the first certification of compliance with the regulation is due on or prior to February 15, 2018.

Financial Services

Financial Services Cybersecurity Compliance Insurance

Experts linked ransomware attacks to China-linked APT27

Security Affairs

JANUARY 4, 2021

defense contractors , financial services firms, and a national data center in Central Asia. ” The experts observed the APT group exploiting the Windows COM Elevation of Privilege Vulnerability tracked as CVE-2017-0213. The APT group has been active since 2010, targeted organizations worldwide, including U.S.

Ransomware

Ransomware Encryption Financial Services Security

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

FEBRUARY 4, 2019

Some of our clients in the banking industry or other financial services; they see more and more SS7-based [requests],” Karsten Nohl, a researcher from Security Research Labs who has worked on SS7 for years, told Motherboard in a phone call. . ” concludes Motherboard.

IT

IT Authentication Financial Services Access

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. The post New York Department of Financial Services Issues First Guidance by a U.S. Issuance of the Framework is notable as it represents the first official guidance by a U.S. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

Emissary Panda APT group hit Government Organizations in the Middle East

Security Affairs

MAY 30, 2019

defense contractors , financial services firms, and a national data center in Central Asia. Experts pointed out that attackers used tools to scan the network for systems vulnerable to CVE-2017-0144 , the flaw exploited by the NSA-linked EternalBlue exploit.

Government

Government Financial Services Security Cybersecurity

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

defense contractors and financial services firms worldwide. In March 2018, security experts at Kaspersky Lab have observed an attack powered by the Chinese APT group, the experts speculate the campaign was started in the fall of 2017. The APT group has been active since at least 2010, the crew targeted U.S.

Communications

Communications Financial Services Government Phishing

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Security Affairs

SEPTEMBER 1, 2023

EternalBlue is a Windows exploit created by the US National Security Agency (NSA) and used in the 2017 WannaCry ransomware attack. The WannaCry ransomware outbreak in 2017 infected hundreds of thousands of systems worldwide, causing widespread disruption in various sectors such as healthcare, government, and financial services.

Phishing

Phishing Ransomware Search queries Access

4 Industries That Have to Fight the Hardest Against Cyberattacks

Security Affairs

DECEMBER 4, 2018

Data from 2017 found only 27 percent of nonprofits broke even that year. So, if nonprofit leaders want to devote more money to cybersecurity, they may feel too financially strapped to make meaningful progress. Financial Services. Research indicates cyberattacks threaten nonprofit organizations for various reasons.

Retail

Retail Cybersecurity Data breaches Risk

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

” According to the Native American Financial Services Association (NAFSA), a trade group in Washington, D.C. According to Buckley LLP , a financial services law firm based in Washington, D.C., As this is an ongoing criminal investigation, we can make no additional comment at this time.”

Financial Services

Financial Services IT Data breaches Passwords

US banks Q3 results shine light on financial services innovation

Info Source

OCTOBER 12, 2018

percent year on year, from $499 billion in 2017 according to Gartner. For example, ChatBot technology is becoming particularly popular in banking for customer service, by cutting down handling times and accelerating payments processing, enabling better customer interaction by eliminating errors and increasing efficiency.

Financial Services

Financial Services Customer Experience Retail Insurance

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Risk

Risk Financial Services Insurance Data breaches

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

The Last Watchdog

DECEMBER 6, 2018

In the same vein, businesses at large can use the intelligence cycle as a model to detect and deter any attacks coming from foreign intelligence services. Per a 2017 CNN source , nearly 100,000 agents from as many as 80 nations operate within the United States with the intention of targeting businesses to gain access to key U.S.

Security

Security Financial Services Data collection Manufacturing

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

FEBRUARY 4, 2019

Some of our clients in the banking industry or other financial services; they see more and more SS7-based [requests],” Karsten Nohl, a researcher from Security Research Labs who has worked on SS7 for years, told Motherboard in a phone call. . ” concludes Motherboard.

IT

IT Authentication Financial Services Access

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

Data Matters

MAY 4, 2022

He is one of the few lawyers who has led multiple global responses to data integrity attacks involving the financial services industry.

Cybersecurity

Cybersecurity Marketing Security Privacy

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Information Security

SEC Charges Investment Advisers and Broker-Dealers with Deficient Cybersecurity Procedures

Hunton Privacy

SEPTEMBER 1, 2021

34-92806 ; and In the Matter of KMS Financial Services, Inc. , Release No. According to the SEC order against KMS Financial Services Inc., The cases are In the Matter of Cetera Advisor Networks LLC , Release No. 34-92800 ; In the Matter of Cambridge Investment Research, Inc. , Release No. 34-92807 , August 30, 2021.

Cybersecurity

Cybersecurity Financial Services Cloud Access

Laserfiche Wins Gold in Best in Biz Awards 2017

Info Source

DECEMBER 5, 2017

With customers in nearly every industry including government, education, financial services, manufacturing and health care, Laserfiche offers solutions tailored to organizations’ needs, and the expertise and personalized service that drive customer success. and Canada.

ECM

ECM Education Financial Services Manufacturing

CFPB’s Proposed Data Rules

Schneier on Security

JANUARY 31, 2024

The rules would ensure people can obtain their own financial data at no cost, control who it’s shared with and choose who they do business with in the financial industry. The best way for financial services firms to meet the CFPB’s rules would be to apply the decoupling principle broadly.

Financial Services

Financial Services Privacy Personal data Marketing

An introduction to 360 degree threat detection

OpenText Information Management

JULY 25, 2019

According to Accenture, the cost of cybercrime to US Financial Services companies rose 40% between 2014 and 2017, on average costing companies over $18 million per year. Add to this much tighter data protection regulations – such as those in the US and Europe – and the need for endpoint security becomes clear.

Financial Services

Financial Services Security

BELGIUM: Belgian DPA provides first status update after six months of GDPR

DLA Piper Privacy Matters

NOVEMBER 26, 2018

The top five industry sectors notifying data breaches are: 1) health care, 2) insurance, 3) public administrations and defense, 4) telecoms and 5) financial services. In six months only, the DPA received: 3599 information requests (compared to 2145 information requests in 2017). The other released figures are also remarkable.

GDPR

GDPR Data breaches Financial Services Insurance

Alleged SIM Swapper Arrested in California

Krebs on Security

AUGUST 22, 2018

He reported that approximately 28 SIM swaps were conducted using the same employee ID number over an approximately two-week time period in November 2017. I contacted the victim who verified that some of his accounts had been “hacked” in late 2017 but said he did not suffer any financial loss.

Blockchain

Blockchain Retail Financial Services Access

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

In a major shakeup in 2017, the Kremlin levied treason charges against Sergey Mikhaylov , then deputy chief of Russia’s top anti-cybercrime unit. TREASON But shifting political winds in Russia would soon bring high treason charges against three of the Russian cybercrime investigators tied to the investigation into the film studio.

Ransomware

Ransomware Government Cybersecurity Blockchain

The fading flame: Why data governance under BCBS 239 needs your attention now

Collibra

NOVEMBER 26, 2024

In the last decade, nine new regulations have been added for financial services, yet the old ones remain firmly in place. In contrast, there was a noticeable improvement from 2017 to 2019 with 0.24 Banks continue to struggle with compliance, as evidenced by the fact that only 6.5% points increase.

Government

Government Compliance Risk Digital transformation

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

ARMA International

DECEMBER 26, 2019

Nineteen percent of RIM programs report into IT (up from 15% in 2017), and 28% into legal (up from 18.5% in 2017), with the remainder reporting into senior administrative roles, compliance, corporate services, or finance teams. In 2017, only 25% of respondents reported they had re-organized their programs.

Content services

Content services Cloud Records Management Privacy

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

I had the chance at RSA 2019 to visit with Mike Kiser, global strategist at SailPoint , an Austin, TX-based supplier of IGA services to discuss this. SailPoint, which went public in November 2017, has grown to more than 1000 employees in 30 locations.

Digital transformation

Digital transformation Insurance Compliance Healthcare

NEW TECH: Baffin Bay Networks takes a ‘cloud-first’ approach to securing web applications

The Last Watchdog

SEPTEMBER 10, 2019

Here are my key takeaways: Formula for poor practices Launched in 2017, Baffin Bay has attracted VC funding of $6.4 million and grown to 42 employees, winning customers in leading media firms, financial services companies and government agencies in the Nordics.

Cloud

Cloud Security Digital transformation Financial Services

Microsoft seized 240 sites used by the ONNX phishing service

A cyber attack hit Nissan Oceania

Webinars

Trending Sources

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Webinars

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

Oracle critical patch advisory addresses 284 flaws, 33 critical

American Insurance firm State Farm victim of credential stuffing attacks

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Nissan Oceania data breach impacted roughly 100,000 people

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

My (somewhat unreliable) data protection predictions for 2017

SEC announces sanctions against entities over email account hacking

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Akamai Report: Credential stuffing attacks are a growing threat

New York State Department of Financial Services Challenges OCC Authority on Fintech Charters

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024

NY Department of Financial Services Issues Reminder for Cybersecurity Filing Deadline

Experts linked ransomware attacks to China-linked APT27

Metro Bank is the first bank that disclosed SS7 attacks against its customers

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Emissary Panda APT group hit Government Organizations in the Middle East

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

UNRAVELING EternalBlue: inside the WannaCry’s enabler

4 Industries That Have to Fight the Hardest Against Cyberattacks

Scary Fraud Ensues When ID Theft & Usury Collide

US banks Q3 results shine light on financial services innovation

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

New York State Expected to Increase Enforcement of Cybersecurity Practices

SEC Charges Investment Advisers and Broker-Dealers with Deficient Cybersecurity Procedures

Laserfiche Wins Gold in Best in Biz Awards 2017

CFPB’s Proposed Data Rules

An introduction to 360 degree threat detection

BELGIUM: Belgian DPA provides first status update after six months of GDPR

Alleged SIM Swapper Arrested in California

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

The fading flame: Why data governance under BCBS 239 needs your attention now

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

NEW TECH: Baffin Bay Networks takes a ‘cloud-first’ approach to securing web applications

Stay Connected