2017, Financial Services and Security - Information Management Today

A cyber attack hit Nissan Oceania

Security Affairs

DECEMBER 7, 2023

Nissan already notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre. “The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident.

Financial Services

Financial Services Data breaches Ransomware Access

Microsoft seized 240 sites used by the ONNX phishing service

Security Affairs

NOVEMBER 23, 2024

Microsoft states that phishing heavily targets financial services, risking losses like life savings. Microsoft has tracked Nady, linked to phishing services since 2017. DIY phishing kits fuel millions of phishing emails Microsoft detects monthly.

Phishing

Phishing Financial Services Risk Access

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Krebs on Security

JULY 1, 2021

Financial services giant Intuit this week informed 1.4 Intuit says the change is tied to an “exciting” and “free” new service that will let millions of small business employees get easy access to employment and income verification services when they wish to apply for a loan or line of credit.

Financial Services

Financial Services Government Authentication IT

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

Security Affairs

MAY 24, 2023

Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks. The trick to use domain names impersonating jQuery was observed in a previous Iranian campaign from 2017. We are in the final!

Financial Services

Financial Services Security Cybersecurity IT

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. billion per month.

Insurance

Insurance Data breaches Financial Services Passwords

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper. The flaw also affected the Financial Services Analytical Applications Infrastructure, the Fusion Middleware MapViewer, and four three Oracle Retail components. Pierluigi Paganini.

Financial Services

Financial Services Libraries Mining Retail

Nissan Oceania data breach impacted roughly 100,000 people

Security Affairs

MARCH 14, 2024

Nissan immediately notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre. The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident.

Data breaches

Data breaches Financial Services Ransomware Government

SEC announces sanctions against entities over email account hacking

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Financial Services

Financial Services Cybersecurity Security Cloud

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

The experts were able to enumerate the C2s and targets of multiple distinct Chaos clusters, some of which were employed in recent DDoS attacks against the gaming, financial services and technology, and media and entertainment industries. .” reads the analysis published by Lumen Technologies. ” continues the report.

Mining

Mining Financial Services IT Security

Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

Security Affairs

SEPTEMBER 20, 2018

. “Japanese cryptocurrency firm Tech Bureau Corp said about $60 million in digital currencies were stolen from its exchange, highlighting the industry’s vulnerability despite recent efforts by authorities to make it more secure.” Anyway, the incidents demonstrate that the level of security of exchanges has to be improved.

Financial Services

Financial Services Retail Security IT

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. FlawedGrace is a full-featured RAT that we first observed in November 2017.” ” reads the analysis published by Proofpoint.

IT

IT Financial Services Ransomware Retail

Experts linked ransomware attacks to China-linked APT27

Security Affairs

JANUARY 4, 2021

Researchers from security firms Profero and Security Joes linked a series of ransomware attacks to the China-linked APT27 group. Security researchers from security firms Profero and Security Joes investigated a series of ransomware attacks against multiple organizations and linked them to China-linked APT groups.

Ransomware

Ransomware Encryption Financial Services Security

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

ybercriminals behind the PerSwaysion campaign gained access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups. This group has been conducting various activities ranging from online shopping scams to phishing attacks since 2017. Pierluigi Paganini.

Phishing

Phishing Cloud Financial Services Authentication

Akamai Report: Credential stuffing attacks are a growing threat

Security Affairs

SEPTEMBER 25, 2018

According to Akamai report titled “[state of the internet] / security CREDENTIAL STUFFING ATTACKS “ the credential stuffing attacks are a growing threat and often underestimated. This kind of attacks is very efficient due to the bad habit of users of reusing the same password over multiple services. billion per month.

Passwords

Passwords Data breaches Financial Services Retail

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

FEBRUARY 4, 2019

“At Metro Bank we take our customers’ security extremely seriously and have a comprehensive range of safeguards in place to help protect them against fraud. ” said National Cyber Security Centre spokesman. Security Affairs – SS7 protocol, Metro Bank). Security Affairs – SS7 protocol, Metro Bank).

IT

IT Authentication Financial Services Access

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024

Thales Cloud Protection & Licensing

OCTOBER 24, 2024

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024 madhav Fri, 10/25/2024 - 06:09 The next major deadline for compliance with the updated cybersecurity rules from the New York State Department of Financial Services (NYDFS) is November 1, 2024.

Cybersecurity

Cybersecurity Financial Services Encryption Compliance

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017.

Financial Services

Financial Services Cybersecurity Compliance Government

Emissary Panda APT group hit Government Organizations in the Middle East

Security Affairs

MAY 30, 2019

defense contractors , financial services firms, and a national data center in Central Asia. Experts pointed out that attackers used tools to scan the network for systems vulnerable to CVE-2017-0144 , the flaw exploited by the NSA-linked EternalBlue exploit. Pierluigi Paganini.

Government

Government Financial Services Security Cybersecurity

4 Industries That Have to Fight the Hardest Against Cyberattacks

Security Affairs

DECEMBER 4, 2018

Society’s dependence on internet-based technologies means security professionals must defend against cyberattacks as well as more traditional threats, such as robbers or disgruntled employees. More than 83 percent of organizations responding to a recent survey reported making new or improved organizational security enhancements.

Retail

Retail Cybersecurity Data breaches Risk

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Security Affairs

SEPTEMBER 1, 2023

EternalBlue is a Windows exploit created by the US National Security Agency (NSA) and used in the 2017 WannaCry ransomware attack. Within this network, there is a vulnerable Windows system that has not been patched with the necessary security updates to protect against EternalBlue. What is the EternalBlue vulnerability?

Phishing

Phishing Ransomware Search queries Access

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

Security experts observed the LuckyMouse APT group using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks. defense contractors and financial services firms worldwide. The APT group has been active since at least 2010, the crew targeted U.S. Pierluigi Paganini.

Communications

Communications Financial Services Government Phishing

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

Data Matters

MAY 4, 2022

By adding these two global market leaders, we are expanding our expertise to better support our clients with the ever growing risks associated with national security and cybersecurity matters across our multi-disciplinary practices.”. political parties. appeared first on Data Matters Privacy Blog.

Cybersecurity

Cybersecurity Marketing Security Privacy

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

The Last Watchdog

DECEMBER 6, 2018

Businesses at large would do well to model their data collection and security processes after what the IC refers to as the “intelligence cycle.” In the same vein, businesses at large can use the intelligence cycle as a model to detect and deter any attacks coming from foreign intelligence services. infrastructure from cyber attacks.

Security

Security Financial Services Data collection Manufacturing

NEW TECH: Baffin Bay Networks takes a ‘cloud-first’ approach to securing web applications

The Last Watchdog

SEPTEMBER 10, 2019

That experiment conducted by a reporter for The Atlantic crystalizes the seemingly intractable security challenge businesses face today. Here are my key takeaways: Formula for poor practices Launched in 2017, Baffin Bay has attracted VC funding of $6.4

Cloud

Cloud Security Digital transformation Financial Services

NY Department of Financial Services Issues Reminder for Cybersecurity Filing Deadline

Hunton Privacy

JANUARY 24, 2018

On January 22, 2018, the New York Department of Financial Services (“NYDFS”) issued a press release reminding entities covered by its cybersecurity regulation that the first certification of compliance with the regulation is due on or prior to February 15, 2018.

Financial Services

Financial Services Cybersecurity Compliance Insurance

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

But Jim has long had a security freeze on his credit file with the three major consumer credit reporting bureaus , and none of the lenders seemed willing to proceed without at least a peek at his credit history. ” According to the Native American Financial Services Association (NAFSA), a trade group in Washington, D.C.

Financial Services

Financial Services IT Data breaches Passwords

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. The post New York Department of Financial Services Issues First Guidance by a U.S. Issuance of the Framework is notable as it represents the first official guidance by a U.S. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

The Last Watchdog

SEPTEMBER 23, 2019

Tech consultancy IDC recently estimated that global spending on security-related hardware, software and services is growing at a compound annual growth rate of 9.2% Here are key takeaways: Security benefits Protect the data itself. It bakes security in and at the deepest level. It’s not for lack of trying. Talk more soon.

Security

Security Encryption Compliance Data breaches

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

FEBRUARY 4, 2019

“At Metro Bank we take our customers’ security extremely seriously and have a comprehensive range of safeguards in place to help protect them against fraud. ” said National Cyber Security Centre spokesman. Security Affairs – SS7 protocol, Metro Bank). Security Affairs – SS7 protocol, Metro Bank).

IT

IT Authentication Financial Services Access

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

The Last Watchdog

NOVEMBER 13, 2018

And innovation is percolating among newer entrants, like PerimeterX, Shape Security and Signal Sciences. This week a new entrant in this field, Cequence Security , formally launched what it describes as a “game-changing” application security platform. Shifting security challenge.

Security

Security Digital transformation B2C Cloud

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

From the very beginning of the cloud computing era, security has been the biggest concern among enterprises considering the public cloud. In addition, 95 percent of survey respondents confirmed that they are extremely to moderately concerned about public cloud security. What is cloud security?

Cloud

Cloud Security Encryption Risk

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Risk

Risk Financial Services Insurance Data breaches

CFPB’s Proposed Data Rules

Schneier on Security

JANUARY 31, 2024

Beyond these economic effects, the rules have important data security benefits. The CFPB’s rules align with a key security idea: the decoupling principle. When you get a car loan or a house mortgage, that information, along with your Social Security number and other sensitive data, is also shared with unknown third parties.

Financial Services

Financial Services Privacy Personal data Marketing

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Information Security

SEC Charges Investment Advisers and Broker-Dealers with Deficient Cybersecurity Procedures

Hunton Privacy

SEPTEMBER 1, 2021

Securities and Exchange Commission (“SEC”) announced that it had settled three administrative cases involving a total of eight registered broker-dealers and investment advisers for failures in their cybersecurity policies and procedures. 34-92806 ; and In the Matter of KMS Financial Services, Inc. , Release No.

Cybersecurity

Cybersecurity Financial Services Cloud Access

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

In a major shakeup in 2017, the Kremlin levied treason charges against Sergey Mikhaylov , then deputy chief of Russia’s top anti-cybercrime unit. Also charged with treason was Ruslan Stoyanov , then a senior employee at Russian security firm Kaspersky Lab [the Forbes.ru National Security Agency (NSA). This is not the U.S.

Ransomware

Ransomware Government Cybersecurity Blockchain

Alleged SIM Swapper Arrested in California

Krebs on Security

AUGUST 22, 2018

He reported that approximately 28 SIM swaps were conducted using the same employee ID number over an approximately two-week time period in November 2017. I contacted the victim who verified that some of his accounts had been “hacked” in late 2017 but said he did not suffer any financial loss.

Blockchain

Blockchain Retail Financial Services Access

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

I had the chance at RSA 2019 to visit with Mike Kiser, global strategist at SailPoint , an Austin, TX-based supplier of IGA services to discuss this. SailPoint, which went public in November 2017, has grown to more than 1000 employees in 30 locations. As complexity has intensified, so have compliance challenges. Talk more soon.

Digital transformation

Digital transformation Insurance Compliance Healthcare

An introduction to 360 degree threat detection

OpenText Information Management

JULY 25, 2019

According to Accenture, the cost of cybercrime to US Financial Services companies rose 40% between 2014 and 2017, on average costing companies over $18 million per year. Add to this much tighter data protection regulations – such as those in the US and Europe – and the need for endpoint security becomes clear.

Financial Services

Financial Services Security

U.S. Imposes Ban on Russia’s Kaspersky; Sanctions 12 Executives

eSecurity Planet

JUNE 25, 2024

Founded in 1997, the Russian firm has grown into a global leader, boasting millions of users for its antivirus software and other security solutions. government that Kaspersky Lab’s ties to Russia could pose a national security threat. These factors ultimately led to the 2017 ban on Kaspersky products for use by U.S.

Government

Government Cybersecurity Marketing Access

Laserfiche Wins Gold in Best in Biz Awards 2017

Info Source

DECEMBER 5, 2017

With customers in nearly every industry including government, education, financial services, manufacturing and health care, Laserfiche offers solutions tailored to organizations’ needs, and the expertise and personalized service that drive customer success. and Canada. and Canada.

ECM

ECM Education Financial Services Manufacturing

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. With evolving attack methodologies due to machine learning, quantum computing, and sophisticated nation-state hackers, security startups are receiving record funding.

Cybersecurity

Cybersecurity Cloud Compliance Analytics

NYDFS Cybersecurity Regulations: A glimpse into the future

Thales Cloud Protection & Licensing

NOVEMBER 27, 2018

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. The 2017 bill, the first of its kind, will be fully implemented as of March 1st, 2019. Application layer security ensures secure development practices for in-house developed applications.

Cybersecurity

Cybersecurity Financial Services Encryption Data Privacy

A cyber attack hit Nissan Oceania

Microsoft seized 240 sites used by the ONNX phishing service

Webinars

Trending Sources

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Webinars

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

American Insurance firm State Farm victim of credential stuffing attacks

Oracle critical patch advisory addresses 284 flaws, 33 critical

Nissan Oceania data breach impacted roughly 100,000 people

SEC announces sanctions against entities over email account hacking

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Experts linked ransomware attacks to China-linked APT27

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Akamai Report: Credential stuffing attacks are a growing threat

Metro Bank is the first bank that disclosed SS7 attacks against its customers

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Emissary Panda APT group hit Government Organizations in the Middle East

4 Industries That Have to Fight the Hardest Against Cyberattacks

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

NEW TECH: Baffin Bay Networks takes a ‘cloud-first’ approach to securing web applications

NY Department of Financial Services Issues Reminder for Cybersecurity Filing Deadline

Scary Fraud Ensues When ID Theft & Usury Collide

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Metro Bank is the first bank that disclosed SS7 attacks against its customers

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

Top 12 Cloud Security Best Practices for 2021

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

CFPB’s Proposed Data Rules

New York State Expected to Increase Enforcement of Cybersecurity Practices

SEC Charges Investment Advisers and Broker-Dealers with Deficient Cybersecurity Procedures

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Alleged SIM Swapper Arrested in California

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

An introduction to 360 degree threat detection

U.S. Imposes Ban on Russia’s Kaspersky; Sanctions 12 Executives

Laserfiche Wins Gold in Best in Biz Awards 2017

Top Cybersecurity Startups to Watch in 2022

NYDFS Cybersecurity Regulations: A glimpse into the future

Stay Connected