2019 and Financial Services - Information Management Today

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Security Affairs

APRIL 10, 2019

SAP released the April 2019 Security Patch Day that is included 6 Security Notes, two of which address High severity flaws in Crystal Reports and NetWeaver. SAP released 6 Security Notes as part of the April 2019 Security Patch Day, two of which address High severity flaws in Crystal Reports and NetWeaver.

Security

Security Financial Services Risk Access

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Security Affairs

FEBRUARY 26, 2019

Threat actors in the wild are exploiting the recently patched CVE-2019-6340 flaw in the Drupal CMS to deliver cryptocurrency miners and other payloads. Just three days after the CVE-2019-6340 flaw in Drupal was addressed, threat actors in the wild started exploiting the issue to deliver cryptocurrency miners and other payloads.

Financial Services

Financial Services CMS Government Security

Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365

Security Affairs

NOVEMBER 17, 2019

The Tianfu Cup 2019 International Cyber ??Security The Tianfu Cup 2019 International Cyber ??Security Other participants were teams from universities, Tencent, financial service provider Ant Financial, and independent researchers. — TianfuCup (@TianfuCup) November 16, 2019. Pierluigi Paganini.

Financial Services

Financial Services Government Security Cybersecurity

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

SAP Security Patch Day for May 2019 fixes many missing authorization checks

Security Affairs

MAY 15, 2019

SAP released SAP Security Patch Day for May 2019 that includes 8 Security Notes, 5 of which are updates to previously released Notes. ” reads the security advisory for the CVE-2019-0301. .” ” reads the security advisory for the CVE-2019-0301. SecurityAffairs – SAP Security Patch Day for May 2019 ).

Security

Security Financial Services Risk IT

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Krebs on Security

DECEMBER 10, 2020

(TSYS) is the third-largest third-party payment processor for financial institutions in North America, and a major processor in Europe. TSYS provides payment processing services, merchant services and other payment solutions, including prepaid debit cards and payroll cards. NYSE:GPN ].

Ransomware

Ransomware Financial Services Access IT

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. based First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. billion in 2019.

Insurance

Insurance Financial Services Mining Access

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. billion per month.

Insurance

Insurance Data breaches Financial Services Passwords

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe.

Financial Services

Financial Services Libraries Encryption Authentication

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

“The adversary is particularly interested in exploits related to VPNs and network appliances , including CVE-2019-11510, CVE-2019-19781, and most recently CVE-2020-5902; reliance on exploits such as these lends to an opportunistic operational model.” ” reads the report published by Crowdstrike.

Access

Access Financial Services Retail Insurance

Law enforcement operation seized Ragnar Locker group’s infrastructure

Security Affairs

OCTOBER 19, 2023

The ransomware operation has been active since late December 2019, the FBI published two flash alert to warn of the operation of the group. This is an important achievement in the fight against cybercrime. Both FBI and Europol declined to comment on the events. More details are expected to be released tomorrow.

Ransomware

Ransomware Financial Services Manufacturing Government

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

Security Affairs

APRIL 3, 2024

Resecurity researchers warn that a new Version of JsOutProx is targeting financial institutions in APAC and MENA via Gitlab abuse. Resecurity has detected a new version of JSOutProx , which is targeting financial services and organizations in the APAC and MENA regions.

Financial Services

Financial Services Phishing IT Information Security

Corporate Finance firms leak 500K+ legal and financial documents online

Security Affairs

MARCH 17, 2020

Advantage and Argus seem to be the same company working under two different names, they offer funding and startup capital to business owners without access to traditional lending and financial services. The researchers discovered the unsecured database in December 2019.

Financial Services

Financial Services Access Privacy Security

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

Oracle released the first critical patch advisory for 2019 that addresses a total of 284 vulnerabilities, 33 of them are rated “critical”. The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper. ” reads the d escription provided by.

Financial Services

Financial Services Libraries Mining Retail

A time of reflection: Five tips for Financial Services in 2019

OpenText Information Management

JANUARY 10, 2019

The New Year is upon us, and with it come new challenges and opportunities for the Financial Services industry.

Financial Services

Financial Services Marketing IT Insurance

NY Investigates Exposure of 885 Million Mortgage Documents

Krebs on Security

MAY 31, 2019

New York regulators are investigating a weakness that exposed 885 million mortgage records at First American Financial Corp. On May 29, The New York Times reported that the inquiry by New York’s Department of Financial Services is likely to be followed by other investigations from regulators and law enforcement.

Financial Services

Financial Services Insurance Sales Authentication

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

pic.twitter.com/SvpbeslrCd — vx-underground (@vxunderground) February 19, 2024 LockBit is a prominent ransomware operation that first emerged in September 2019. Lockbit ransomware group administrative staff has confirmed with us their websites have been seized.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Financial Services

Industry Guide to Financial Services: What’s driving digital transformation across financial services institutions?

OpenText Information Management

MAY 1, 2019

To compete and succeed in today’s fast-changing business climate, banks, insurance companies and other financial services institutions (FSIs) need to have three priorities to contend with new technologies, new market entrants and new ways of working that are changing expectations for the industry. appeared first on OpenText Blogs.

Financial Services

Financial Services Digital transformation Insurance Marketing

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

Security Affairs

MARCH 19, 2020

For example, in February 2019 Trend Micro detected a variant that includes a new module used for Remote App Credential-Grabbing. ” The module appears to be under development, but experts pointed out that threat actors already used it to target organizations, mostly in telecoms, education, and financial services sectors.

Financial Services

Financial Services Education Communications IT

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S.

Insurance

Insurance Risk Financial Services Mining

Mastercard data breach affected Priceless Specials loyalty program

Security Affairs

AUGUST 23, 2019

The American multinational financial services corporation noti f ied the data breach to the German and Belgian Data Protection Authorities. “On August 21, 2019, we became aware that a second file of personal information was published on the Internet. We are working to remove them as well.”

Data breaches

Data breaches Financial Services Passwords Security

Emissary Panda APT group hit Government Organizations in the Middle East

Security Affairs

MAY 30, 2019

defense contractors , financial services firms, and a national data center in Central Asia. In April 2019, the group targeted organizations of two different countries in the Middle East. The longest activity involving one of the three webshells was observed on April 16, 2019.

Government

Government Financial Services Security Cybersecurity

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

Security Affairs

MAY 24, 2023

Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks. The activity of the APT group was first detailed by Symantec in 2019, the experts analyzed a series of attacks against IT providers in Saudi Arabia and US entities.

Financial Services

Financial Services Security Cybersecurity IT

New Anti Anti-Money Laundering Services for Crooks

Krebs on Security

AUGUST 13, 2021

. “To date, this type of analysis has been used primarily by regulated financial service providers.” ET: Corrected the story to note that AMLBot has been around since 2019. ” That may not be entirely true. AMLBot’s user interface. “My guess is they’re just white-labeling that.”

Blockchain

Blockchain Marketing Analytics Ransomware

SEC announces sanctions against entities over email account hacking

Security Affairs

SEPTEMBER 1, 2021

The sanctioned entities are Cetera (Advisor Networks, Investment Services, Financial Specialists, Advisors, and Investment Advisers), Cambridge Investment Research (Investment Research and Investment Research Advisors), and KMS Financial Services.

Financial Services

Financial Services Cybersecurity Security Cloud

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

Security Affairs

SEPTEMBER 9, 2023

The ransomware operation has been active since late December 2019, this is the second time that the FBI first shares IoC related to RagnarLocker operation, the FBI first became aware of this threat in April 2020. “As

Ransomware

Ransomware Phishing Encryption Privacy

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

The ransomware operation has been active since late December 2019, this is the second time that the FBI first shares IoC related to RagnarLocker operation, the FBI first became aware of this threat in April 2020.

Ransomware

Ransomware Passwords Financial Services Manufacturing

New: 2019 State of the Internet / Security: Financial Services Attack Economy

Dark Reading

NOVEMBER 25, 2019

Every organization should be paying attention to the attacks targeting financial services systems.

Financial Services

Financial Services Security

California IT service provider Synoptek pays ransom after Sodinokibi attack

Security Affairs

JANUARY 5, 2020

Synoptek has more than 1,100 customers across multiple industries, including local governments, financial services, healthcare, manufacturing, media, retail and software. . ” T he IT service provider confirmed the attack but did not comment on whether it paid the ransom asked by the crooks.

IT

IT Ransomware Financial Services Retail

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

The campaign, dubbed PerSwaysion due to the extensive abuse of Microsoft Sway, has been active since at least mid-2019 and was attributed to Vietnamese speaking developers and Nigerian operators. ?ybercriminals Group-IB set up a website , where everyone can check if their email was compromised by PerSwaysion.

Phishing

Phishing Financial Services Cloud Authentication

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

Security Affairs

JUNE 6, 2024

LockBit is a prominent ransomware operation that first emerged in September 2019. In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Encryption

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment

Thales Cloud Protection & Licensing

NOVEMBER 4, 2020

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment. Even “traditional banks” seek to drive more revenue from digital products, personalized services and experiences. At the same time, financial services organizations need to adapt to a shifting global environment.

Financial Services

Financial Services Security Digital transformation Encryption

Summary – “Industry in One: Financial Services”

ARMA International

NOVEMBER 7, 2019

This article summarizes a report published by AIEF on June 26, 2019. The scope of a records and information management (RIM) program in financial services can seem overwhelming. Financial Services Industry Overview. Drivers for RIM in Financial Services. financial institutions.

Financial Services

Financial Services Communications Compliance Risk

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

LockBit is a prominent ransomware operation that first emerged in September 2019. In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Manufacturing

Credit Union Sues Fintech Giant Fiserv Over Security Claims

Krebs on Security

MAY 3, 2019

In late April 2019, Fiserv was sued by Bessemer System Federal Credit Union , a comparatively tiny financial institution with just $38 million in assets. In January 2019, Fiserv announced it was acquiring payment processing giant First Data in a $22 billion all-stock deal. And it’s poised to soon get much bigger.

Security

Security Passwords Financial Services Sales

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. Thereafter, in 2019, the department created a Cybersecurity Division to focus specifically on protecting industries and consumers from cyberthreats. regulator concerning the increasingly critical issue of cyberinsurance.

Insurance

Insurance Financial Services Cybersecurity Risk

New York Department of Financial Services Reaches $1 Million Dollar Settlement With First American Title Insurance in Data Breach Investigation

Hunton Privacy

DECEMBER 4, 2023

On November 28, 2023, the New York Department of Financial Services (“NYDFS”) announced that First American Title Insurance Company (“First American”), the second-largest title insurance company in the United States, would pay a $1 million penalty for violations of the NYDFS Cybersecurity Regulation in connection with a 2019 data breach.

Financial Services

Financial Services Insurance Data breaches Cybersecurity

MyPayrollHR CEO Arrested, Admits to $70M Fraud

Krebs on Security

SEPTEMBER 27, 2019

1, 2019 to Aug. For more than a decade, MyPayrollHR worked with California-based Cachet Financial Services to process payroll deposits for MyPayrollHR client employees. .” The government alleges Mann was kiting millions of dollars in checks between his accounts at Bank of American and Pioneer from Aug.

Financial Services

Financial Services Insurance Cloud IT

New York Department of Financial Services Issues Guidance Regarding Life Insurers’ Use of External Consumer Data in Underwriting

Data Matters

FEBRUARY 20, 2019

On January 18, 2019, the New York State Department of Financial Services (NYDFS) issued Circular Letter 2019-1 (the Circular Letter), addressing insurers’ use of external consumer data and information sources in underwriting for life insurance.

Insurance

Insurance Financial Services Compliance Retail

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

FEBRUARY 20, 2024

LockBit is a prominent ransomware operation that first emerged in September 2019. In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Agriculture

SHARED INTEL: Akamai reports web attack traffic spiked 62 percent in 2020 — all sectors hit hard

The Last Watchdog

MAY 24, 2021

billion hitting financial services organizations — an increase of more than 45 percent year-over-year in that sector. Meanwhile, threat actors’ siege on web applications surged 62 percent in 2020 vs. 2019: Akamai observed nearly 6.3 billion web attacks globally; 736 million in the financial services sector.

Financial Services

Financial Services Passwords Data breaches Authentication

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

JULY 31, 2019

Unprotected server at Brazilian financial services provider exposes customer data (unknown). National Australia Bank notifying customers after data service companies misuse personal data (13,000). The post List of data breaches and cyber attacks in July 2019 – 2.2

Data breaches

Data breaches Ransomware Personal data Government

GUEST ESSAY: The Top 5 myths about SIEM –‘security information and event management’

The Last Watchdog

AUGUST 30, 2021

In addition, even as recently as 2019, solutions like Microsoft Sentinel are roaring into the space , purpose-built for security use cases. However, there are cases where enterprises, like large players in the financial services vertical, simply need to collect ridiculously vast amounts of data.

Analytics

Analytics Security Marketing Compliance

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Information Security

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Webinars

Trending Sources

Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365

Webinars

SAP Security Patch Day for May 2019 fixes many missing authorization checks

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

NY Charges First American Financial for Massive Data Leak

American Insurance firm State Farm victim of credential stuffing attacks

EventBot, a new Android mobile targets financial institutions across Europe

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Law enforcement operation seized Ragnar Locker group’s infrastructure

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

Corporate Finance firms leak 500K+ legal and financial documents online

Oracle critical patch advisory addresses 284 flaws, 33 critical

A time of reflection: Five tips for Financial Services in 2019

NY Investigates Exposure of 885 Million Mortgage Documents

Operation Cronos: law enforcement disrupted the LockBit operation

Industry Guide to Financial Services: What’s driving digital transformation across financial services institutions?

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

First American Financial Pays Farcical $500K Fine

Mastercard data breach affected Priceless Specials loyalty program

Emissary Panda APT group hit Government Organizations in the Middle East

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

New Anti Anti-Money Laundering Services for Crooks

SEC announces sanctions against entities over email account hacking

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

New: 2019 State of the Internet / Security: Financial Services Attack Economy

California IT service provider Synoptek pays ransom after Sodinokibi attack

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment

Summary – “Industry in One: Financial Services”

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Credit Union Sues Fintech Giant Fiserv Over Security Claims

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

New York Department of Financial Services Reaches $1 Million Dollar Settlement With First American Title Insurance in Data Breach Investigation

MyPayrollHR CEO Arrested, Admits to $70M Fraud

New York Department of Financial Services Issues Guidance Regarding Life Insurers’ Use of External Consumer Data in Underwriting

More details about Operation Cronos that disrupted Lockbit operation

SHARED INTEL: Akamai reports web attack traffic spiked 62 percent in 2020 — all sectors hit hard

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

GUEST ESSAY: The Top 5 myths about SIEM –‘security information and event management’

New York State Expected to Increase Enforcement of Cybersecurity Practices

Stay Connected