2017, Financial Services and Security - Information Management Today

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Krebs on Security

JULY 1, 2021

Financial services giant Intuit this week informed 1.4 Intuit says the change is tied to an “exciting” and “free” new service that will let millions of small business employees get easy access to employment and income verification services when they wish to apply for a loan or line of credit.

Financial Services

Financial Services Government Authentication IT

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017.

Financial Services

Financial Services Cybersecurity Compliance Government

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

Data Matters

MAY 4, 2022

By adding these two global market leaders, we are expanding our expertise to better support our clients with the ever growing risks associated with national security and cybersecurity matters across our multi-disciplinary practices.”. political parties. appeared first on Data Matters Privacy Blog.

Cybersecurity

Cybersecurity Marketing Security Privacy

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

The Last Watchdog

DECEMBER 6, 2018

Businesses at large would do well to model their data collection and security processes after what the IC refers to as the “intelligence cycle.” In the same vein, businesses at large can use the intelligence cycle as a model to detect and deter any attacks coming from foreign intelligence services. infrastructure from cyber attacks.

Security

Security Financial Services Manufacturing Data collection

NEW TECH: Baffin Bay Networks takes a ‘cloud-first’ approach to securing web applications

The Last Watchdog

SEPTEMBER 10, 2019

That experiment conducted by a reporter for The Atlantic crystalizes the seemingly intractable security challenge businesses face today. Here are my key takeaways: Formula for poor practices Launched in 2017, Baffin Bay has attracted VC funding of $6.4

Cloud

Cloud Security Digital transformation Financial Services

NY Department of Financial Services Issues Reminder for Cybersecurity Filing Deadline

Hunton Privacy

JANUARY 24, 2018

On January 22, 2018, the New York Department of Financial Services (“NYDFS”) issued a press release reminding entities covered by its cybersecurity regulation that the first certification of compliance with the regulation is due on or prior to February 15, 2018.

Financial Services

Financial Services Cybersecurity Compliance Insurance

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. The post New York Department of Financial Services Issues First Guidance by a U.S. Issuance of the Framework is notable as it represents the first official guidance by a U.S. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

The Last Watchdog

SEPTEMBER 23, 2019

Tech consultancy IDC recently estimated that global spending on security-related hardware, software and services is growing at a compound annual growth rate of 9.2% Here are key takeaways: Security benefits Protect the data itself. It bakes security in and at the deepest level. It’s not for lack of trying. Talk more soon.

Security

Security Encryption Compliance Data breaches

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

But Jim has long had a security freeze on his credit file with the three major consumer credit reporting bureaus , and none of the lenders seemed willing to proceed without at least a peek at his credit history. ” According to the Native American Financial Services Association (NAFSA), a trade group in Washington, D.C.

Financial Services

Financial Services IT Data breaches Passwords

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

The Last Watchdog

NOVEMBER 13, 2018

And innovation is percolating among newer entrants, like PerimeterX, Shape Security and Signal Sciences. This week a new entrant in this field, Cequence Security , formally launched what it describes as a “game-changing” application security platform. Shifting security challenge.

Security

Security Digital transformation B2C Cloud

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

Security Affairs

MAY 24, 2023

Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks. The trick to use domain names impersonating jQuery was observed in a previous Iranian campaign from 2017. We are in the final!

Financial Services

Financial Services Security Cybersecurity IT

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Risk

Risk Financial Services Insurance Cybersecurity

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. billion per month.

Insurance

Insurance Data breaches Financial Services Passwords

CFPB’s Proposed Data Rules

Schneier on Security

JANUARY 31, 2024

Beyond these economic effects, the rules have important data security benefits. The CFPB’s rules align with a key security idea: the decoupling principle. When you get a car loan or a house mortgage, that information, along with your Social Security number and other sensitive data, is also shared with unknown third parties.

Financial Services

Financial Services Privacy Personal data Marketing

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper. The flaw also affected the Financial Services Analytical Applications Infrastructure, the Fusion Middleware MapViewer, and four three Oracle Retail components. Pierluigi Paganini.

Financial Services

Financial Services Libraries Mining Retail

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Insurance

SEC Charges Investment Advisers and Broker-Dealers with Deficient Cybersecurity Procedures

Hunton Privacy

SEPTEMBER 1, 2021

Securities and Exchange Commission (“SEC”) announced that it had settled three administrative cases involving a total of eight registered broker-dealers and investment advisers for failures in their cybersecurity policies and procedures. 34-92806 ; and In the Matter of KMS Financial Services, Inc. , Release No.

Cybersecurity

Cybersecurity Financial Services Cloud Access

SEC announces sanctions against entities over email account hacking

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Financial Services

Financial Services Cybersecurity Cloud Security

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

The experts were able to enumerate the C2s and targets of multiple distinct Chaos clusters, some of which were employed in recent DDoS attacks against the gaming, financial services and technology, and media and entertainment industries. .” reads the analysis published by Lumen Technologies. ” continues the report.

Mining

Mining Financial Services IT Security

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. FlawedGrace is a full-featured RAT that we first observed in November 2017.” ” reads the analysis published by Proofpoint.

IT

IT Financial Services Ransomware Retail

Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

Security Affairs

SEPTEMBER 20, 2018

. “Japanese cryptocurrency firm Tech Bureau Corp said about $60 million in digital currencies were stolen from its exchange, highlighting the industry’s vulnerability despite recent efforts by authorities to make it more secure.” Anyway, the incidents demonstrate that the level of security of exchanges has to be improved.

Financial Services

Financial Services Retail Security IT

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

From the very beginning of the cloud computing era, security has been the biggest concern among enterprises considering the public cloud. In addition, 95 percent of survey respondents confirmed that they are extremely to moderately concerned about public cloud security. What is cloud security?

Cloud

Cloud Security Encryption Risk

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

I had the chance at RSA 2019 to visit with Mike Kiser, global strategist at SailPoint , an Austin, TX-based supplier of IGA services to discuss this. SailPoint, which went public in November 2017, has grown to more than 1000 employees in 30 locations. As complexity has intensified, so have compliance challenges. Talk more soon.

Digital transformation

Digital transformation Insurance Compliance Healthcare

Experts linked ransomware attacks to China-linked APT27

Security Affairs

JANUARY 4, 2021

Researchers from security firms Profero and Security Joes linked a series of ransomware attacks to the China-linked APT27 group. Security researchers from security firms Profero and Security Joes investigated a series of ransomware attacks against multiple organizations and linked them to China-linked APT groups.

Ransomware

Ransomware Encryption Financial Services Cybersecurity

An introduction to 360 degree threat detection

OpenText Information Management

JULY 25, 2019

According to Accenture, the cost of cybercrime to US Financial Services companies rose 40% between 2014 and 2017, on average costing companies over $18 million per year. Add to this much tighter data protection regulations – such as those in the US and Europe – and the need for endpoint security becomes clear.

Financial Services

Financial Services Security

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

In a major shakeup in 2017, the Kremlin levied treason charges against Sergey Mikhaylov , then deputy chief of Russia’s top anti-cybercrime unit. Also charged with treason was Ruslan Stoyanov , then a senior employee at Russian security firm Kaspersky Lab [the Forbes.ru National Security Agency (NSA). This is not the U.S.

Ransomware

Ransomware Government Cybersecurity Blockchain

Akamai Report: Credential stuffing attacks are a growing threat

Security Affairs

SEPTEMBER 25, 2018

According to Akamai report titled “[state of the internet] / security CREDENTIAL STUFFING ATTACKS “ the credential stuffing attacks are a growing threat and often underestimated. This kind of attacks is very efficient due to the bad habit of users of reusing the same password over multiple services. billion per month.

Passwords

Passwords Data breaches Financial Services Retail

Alleged SIM Swapper Arrested in California

Krebs on Security

AUGUST 22, 2018

He reported that approximately 28 SIM swaps were conducted using the same employee ID number over an approximately two-week time period in November 2017. I contacted the victim who verified that some of his accounts had been “hacked” in late 2017 but said he did not suffer any financial loss.

Blockchain

Blockchain Retail Financial Services Access

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024

Thales Cloud Protection & Licensing

OCTOBER 24, 2024

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024 madhav Fri, 10/25/2024 - 06:09 The next major deadline for compliance with the updated cybersecurity rules from the New York State Department of Financial Services (NYDFS) is November 1, 2024.

Cybersecurity

Cybersecurity Financial Services Encryption Compliance

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

FEBRUARY 4, 2019

“At Metro Bank we take our customers’ security extremely seriously and have a comprehensive range of safeguards in place to help protect them against fraud. ” said National Cyber Security Centre spokesman. Security Affairs – SS7 protocol, Metro Bank). Security Affairs – SS7 protocol, Metro Bank).

IT

IT Authentication Financial Services Access

NYDFS Cybersecurity Regulations: A glimpse into the future

Thales Cloud Protection & Licensing

NOVEMBER 27, 2018

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. The 2017 bill, the first of its kind, will be fully implemented as of March 1st, 2019. Application layer security ensures secure development practices for in-house developed applications.

Cybersecurity

Cybersecurity Financial Services Encryption Data Privacy

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. Readers may recall that NYDFS’ cybersecurity regulation went into effect in March of 2017. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Financial Services Phishing Compliance

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Hunton Privacy

NOVEMBER 8, 2023

On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation.

Cybersecurity

Cybersecurity Compliance IT Financial Services

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

Healthcare and public health, financial services, and IT organizations are frequent targets, although businesses of all sizes can fall victim to these schemes. The increase in remote workforces and difficulty enforcing security controls with expanding perimeters has played a role in the rise of ransomware.

Ransomware

Ransomware Education Phishing Financial Services

Emissary Panda APT group hit Government Organizations in the Middle East

Security Affairs

MAY 30, 2019

defense contractors , financial services firms, and a national data center in Central Asia. Experts pointed out that attackers used tools to scan the network for systems vulnerable to CVE-2017-0144 , the flaw exploited by the NSA-linked EternalBlue exploit. Pierluigi Paganini.

Government

Government Financial Services Security Cybersecurity

U.S. Imposes Ban on Russia’s Kaspersky; Sanctions 12 Executives

eSecurity Planet

JUNE 25, 2024

Founded in 1997, the Russian firm has grown into a global leader, boasting millions of users for its antivirus software and other security solutions. government that Kaspersky Lab’s ties to Russia could pose a national security threat. These factors ultimately led to the 2017 ban on Kaspersky products for use by U.S.

Government

Government Cybersecurity Marketing Access

Capital Markets, AI, and the need for governance

Collibra

OCTOBER 31, 2023

With every financial services organization focused on making better and faster decisions, data professional and business leaders are eager to better understand how AI can facilitate their strategic goals. Financial services orgs, especially those in capital markets, frequently has been on the forefront of generative AI investment.

Marketing

Marketing Government Financial Services Artificial Intelligence

4 Industries That Have to Fight the Hardest Against Cyberattacks

Security Affairs

DECEMBER 4, 2018

Society’s dependence on internet-based technologies means security professionals must defend against cyberattacks as well as more traditional threats, such as robbers or disgruntled employees. More than 83 percent of organizations responding to a recent survey reported making new or improved organizational security enhancements.

Retail

Retail Cybersecurity Data breaches Risk

Q&A: Sophos poll shows how attackers are taking advantage of cloud migration to wreak havoc

The Last Watchdog

JULY 21, 2020

For it’s State of Cloud Security 2020 survey, Sophos commissioned the polling of some 3,500 IT managers across 26 countries in Europe, the Americas, Asia Pacific, the Middle East, and Africa. Sophos found that fully 70% of organizations experienced a public cloud security incident in the last year.

Cloud

Cloud Ransomware Data breaches GDPR

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Security Affairs

SEPTEMBER 1, 2023

EternalBlue is a Windows exploit created by the US National Security Agency (NSA) and used in the 2017 WannaCry ransomware attack. Within this network, there is a vulnerable Windows system that has not been patched with the necessary security updates to protect against EternalBlue. What is the EternalBlue vulnerability?

Phishing

Phishing Ransomware Search queries Access

Improve your data relationships with third parties

Collibra

FEBRUARY 11, 2020

Regulators are focusing on the data relationships financial services organizations have with third parties, including how well personal information is being managed. There are several areas that the international financial services regulatory community is engaged in that touch on third party personal data relationships.

Financial Services

Financial Services Digital transformation Personal data Compliance

5 things to know: IBM Cloud’s mission to accelerate innovation for clients

IBM Big Data Hub

AUGUST 1, 2023

We are bringing the power of foundation models with the availability of a GPU as a service on IBM Cloud offering to help organizations tap into artificial intelligence (AI) in a secured environment while aiming to mitigate third- and fourth-party risk.

Financial Services

Financial Services Computer and Electronics Cloud Digital transformation

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

Security experts observed the LuckyMouse APT group using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks. defense contractors and financial services firms worldwide. The APT group has been active since at least 2010, the crew targeted U.S. Pierluigi Paganini.

Communications

Communications Financial Services Government Phishing

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Trending Sources

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

NEW TECH: Baffin Bay Networks takes a ‘cloud-first’ approach to securing web applications

NY Department of Financial Services Issues Reminder for Cybersecurity Filing Deadline

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Scary Fraud Ensues When ID Theft & Usury Collide

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

American Insurance firm State Farm victim of credential stuffing attacks

CFPB’s Proposed Data Rules

Oracle critical patch advisory addresses 284 flaws, 33 critical

New York State Expected to Increase Enforcement of Cybersecurity Practices

SEC Charges Investment Advisers and Broker-Dealers with Deficient Cybersecurity Procedures

SEC announces sanctions against entities over email account hacking

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

Top 12 Cloud Security Best Practices for 2021

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

Experts linked ransomware attacks to China-linked APT27

An introduction to 360 degree threat detection

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Akamai Report: Credential stuffing attacks are a growing threat

Alleged SIM Swapper Arrested in California

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024

Metro Bank is the first bank that disclosed SS7 attacks against its customers

NYDFS Cybersecurity Regulations: A glimpse into the future

NYDFS settles cybersecurity regulation matter for $3 million

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

Emissary Panda APT group hit Government Organizations in the Middle East

U.S. Imposes Ban on Russia’s Kaspersky; Sanctions 12 Executives

Capital Markets, AI, and the need for governance

4 Industries That Have to Fight the Hardest Against Cyberattacks

Q&A: Sophos poll shows how attackers are taking advantage of cloud migration to wreak havoc

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Improve your data relationships with third parties

5 things to know: IBM Cloud’s mission to accelerate innovation for clients

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Stay Connected