2019, Financial Services and Security - Information Management Today

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Security Affairs

APRIL 10, 2019

SAP released the April 2019 Security Patch Day that is included 6 Security Notes, two of which address High severity flaws in Crystal Reports and NetWeaver. SAP released 6 Security Notes as part of the April 2019 Security Patch Day, two of which address High severity flaws in Crystal Reports and NetWeaver.

Security

Security Financial Services Risk Access

SAP Security Patch Day for May 2019 fixes many missing authorization checks

Security Affairs

MAY 15, 2019

SAP released SAP Security Patch Day for May 2019 that includes 8 Security Notes, 5 of which are updates to previously released Notes. “Today, being the second Tuesday of the month, SAP released May’s Security Notes. “Today, being the second Tuesday of the month, SAP released May’s Security Notes.

Security

Security Financial Services Risk IT

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Security Affairs

FEBRUARY 26, 2019

Threat actors in the wild are exploiting the recently patched CVE-2019-6340 flaw in the Drupal CMS to deliver cryptocurrency miners and other payloads. Just three days after the CVE-2019-6340 flaw in Drupal was addressed, threat actors in the wild started exploiting the issue to deliver cryptocurrency miners and other payloads.

Financial Services

Financial Services CMS Government Security

Webinars

Going Beyond Chatbots: Connecting AI to Your Tools, Systems, & Data

Automation, Evolved: Your New Playbook for Smarter Knowledge Work

MORE WEBINARS

Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365

Security Affairs

NOVEMBER 17, 2019

The Tianfu Cup 2019 International Cyber ??Security Security Competition has started, in two days white hat hackers will attempt to exploit flaws in major software. The Tianfu Cup 2019 International Cyber ??Security — TianfuCup (@TianfuCup) November 16, 2019. — TianfuCup (@TianfuCup) November 16, 2019.

Financial Services

Financial Services Government Security Cybersecurity

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Krebs on Security

DECEMBER 10, 2020

(TSYS) is the third-largest third-party payment processor for financial institutions in North America, and a major processor in Europe. TSYS provides payment processing services, merchant services and other payment solutions, including prepaid debit cards and payroll cards. NYSE:GPN ].

Ransomware

Ransomware Financial Services Access IT

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. billion in 2019. Securities and Exchange Commission each announced they were investigating the company. had exposed approximately 885 million records related to mortgage deals going back to 2003.

Insurance

Insurance Financial Services Mining Access

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. ” reads the report published by Crowdstrike. Pierluigi Paganini.

Access

Access Financial Services Retail Insurance

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe.

Financial Services

Financial Services Libraries Encryption Authentication

Corporate Finance firms leak 500K+ legal and financial documents online

Security Affairs

MARCH 17, 2020

Security experts from vpnMentor have discovered two corporate finance companies that leak half a million legal and financial documents online. vpnMentor experts uncovered a database exposed online on Amazon Web Services (AWS) that is leaking a huge amount of sensitive legal and financial documents. Pierluigi Paganini.

Financial Services

Financial Services Access Security Privacy

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. billion per month.

Insurance

Insurance Data breaches Financial Services Passwords

Law enforcement operation seized Ragnar Locker group’s infrastructure

Security Affairs

OCTOBER 19, 2023

The ransomware operation has been active since late December 2019, the FBI published two flash alert to warn of the operation of the group. This is an important achievement in the fight against cybercrime. Both FBI and Europol declined to comment on the events. More details are expected to be released tomorrow.

Ransomware

Ransomware Financial Services Manufacturing Government

Credit Union Sues Fintech Giant Fiserv Over Security Claims

Krebs on Security

MAY 3, 2019

A Pennsylvania credit union is suing financial industry technology giant Fiserv , alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers. Most alarmingly, this security control was purely illusory. Justice Department.

Security

Security Passwords Financial Services Sales

NY Investigates Exposure of 885 Million Mortgage Documents

Krebs on Security

MAY 31, 2019

New York regulators are investigating a weakness that exposed 885 million mortgage records at First American Financial Corp. On May 29, The New York Times reported that the inquiry by New York’s Department of Financial Services is likely to be followed by other investigations from regulators and law enforcement.

Financial Services

Financial Services Insurance Sales Authentication

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

Oracle released the first critical patch advisory for 2019 that addresses a total of 284 vulnerabilities, 33 of them are rated “critical”. The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper. ” reads the d escription provided by. Pierluigi Paganini.

Financial Services

Financial Services Libraries Mining Retail

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S.

Insurance

Insurance Risk Financial Services Mining

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

Security Affairs

MARCH 19, 2020

Security experts from Bitdefender recently discovered a new TrickBot variant that is targeting telecommunications organizations in the United States and Hong Kong. For example, in February 2019 Trend Micro detected a variant that includes a new module used for Remote App Credential-Grabbing. .” Pierluigi Paganini.

Financial Services

Financial Services Education Communications IT

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

Security Affairs

APRIL 3, 2024

Resecurity researchers warn that a new Version of JsOutProx is targeting financial institutions in APAC and MENA via Gitlab abuse. Resecurity has detected a new version of JSOutProx , which is targeting financial services and organizations in the APAC and MENA regions.

Financial Services

Financial Services Phishing IT Information Security

SEC announces sanctions against entities over email account hacking

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Financial Services

Financial Services Cybersecurity Security Cloud

Emissary Panda APT group hit Government Organizations in the Middle East

Security Affairs

MAY 30, 2019

defense contractors , financial services firms, and a national data center in Central Asia. In April 2019, the group targeted organizations of two different countries in the Middle East. The report by the Saudi Cyber Security Centre suggests threat actors are primarily targeting organizations within the kingdom.

Government

Government Financial Services Security Cybersecurity

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

Security Affairs

MAY 24, 2023

Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks. The activity of the APT group was first detailed by Symantec in 2019, the experts analyzed a series of attacks against IT providers in Saudi Arabia and US entities. We are in the final!

Financial Services

Financial Services Security Cybersecurity IT

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

pic.twitter.com/SvpbeslrCd — vx-underground (@vxunderground) February 19, 2024 LockBit is a prominent ransomware operation that first emerged in September 2019. Lockbit ransomware group administrative staff has confirmed with us their websites have been seized.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Financial Services

Mastercard data breach affected Priceless Specials loyalty program

Security Affairs

AUGUST 23, 2019

The American multinational financial services corporation noti f ied the data breach to the German and Belgian Data Protection Authorities. “On August 21, 2019, we became aware that a second file of personal information was published on the Internet. We are working to remove them as well.” Pierluigi Paganini.

Data breaches

Data breaches Financial Services Passwords Security

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

The ransomware operation has been active since late December 2019, this is the second time that the FBI first shares IoC related to RagnarLocker operation, the FBI first became aware of this threat in April 2020. Secure your back-ups and ensure data is not accessible for modification or deletion from the system where the data resides.

Ransomware

Ransomware Passwords Financial Services Manufacturing

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

Security Affairs

SEPTEMBER 9, 2023

The ransomware operation has been active since late December 2019, this is the second time that the FBI first shares IoC related to RagnarLocker operation, the FBI first became aware of this threat in April 2020. “As

Ransomware

Ransomware Phishing Encryption Privacy

New Anti Anti-Money Laundering Services for Crooks

Krebs on Security

AUGUST 13, 2021

But with countless criminals now making millions from ransomware, there is certainly a vast, untapped market for services that help those folks improve their operational security. “To date, this type of analysis has been used primarily by regulated financial service providers.” AMLBot’s user interface.

Blockchain

Blockchain Marketing Analytics Ransomware

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

Security Affairs

JUNE 6, 2024

” said Bryan Vorndran, the Assistant Director at the FBI Cyber Division, during the 2024 Boston Conference on Cyber Security. The NCA and its global partners have secured over 1,000 decryption keys that will allow victims of the gang to recover their files for free.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Encryption

California IT service provider Synoptek pays ransom after Sodinokibi attack

Security Affairs

JANUARY 5, 2020

Synoptek has more than 1,100 customers across multiple industries, including local governments, financial services, healthcare, manufacturing, media, retail and software. . ” T he IT service provider confirmed the attack but did not comment on whether it paid the ransom asked by the crooks. Pierluigi Paganini.

IT

IT Ransomware Financial Services Retail

New: 2019 State of the Internet / Security: Financial Services Attack Economy

Dark Reading

NOVEMBER 25, 2019

Every organization should be paying attention to the attacks targeting financial services systems.

Financial Services

Financial Services Security

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment

Thales Cloud Protection & Licensing

NOVEMBER 4, 2020

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment. Even “traditional banks” seek to drive more revenue from digital products, personalized services and experiences. At the same time, financial services organizations need to adapt to a shifting global environment.

Financial Services

Financial Services Security Digital transformation Encryption

RSAC insights: Introducing ‘CWPP’ and ‘CSPM,’ new frameworks to secure cloud infrastructure

The Last Watchdog

MAY 17, 2021

In pulling off that milestone hack, Paige Thompson took advantage of CapOne’s lack of focus on cloud security as the banking giant rushed headlong into leveraging Amazon Web Services. Luckily, Thompson left an easy trail for the FBI to follow and affect her arrest in August 2019. It’s going to take a paradigm shift, Simzer says.

Cloud

Cloud Security Risk Financial Services

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

The campaign, dubbed PerSwaysion due to the extensive abuse of Microsoft Sway, has been active since at least mid-2019 and was attributed to Vietnamese speaking developers and Nigerian operators. ?ybercriminals Group-IB set up a website , where everyone can check if their email was compromised by PerSwaysion. Pierluigi Paganini.

Phishing

Phishing Cloud Financial Services Authentication

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

The NCA and its global partners have secured over 1,000 decryption keys that will allow victims of the gang to recover their files for free. LockBit is a prominent ransomware operation that first emerged in September 2019. In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Manufacturing

Summary – “Industry in One: Financial Services”

ARMA International

NOVEMBER 7, 2019

This article summarizes a report published by AIEF on June 26, 2019. The scope of a records and information management (RIM) program in financial services can seem overwhelming. Financial Services Industry Overview. Drivers for RIM in Financial Services. financial institutions.

Financial Services

Financial Services Communications Compliance Risk

NEW TECH: Baffin Bay Networks takes a ‘cloud-first’ approach to securing web applications

The Last Watchdog

SEPTEMBER 10, 2019

That experiment conducted by a reporter for The Atlantic crystalizes the seemingly intractable security challenge businesses face today. We met at Black Hat USA 2019 , where Baffin Bay touted its cloud-first, full-stack suite of threat protection services.

Cloud

Cloud Security Digital transformation Financial Services

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

FEBRUARY 20, 2024

The NCA and its global partners have secured over 1,000 decryption keys that will allow victims of the gang to recover their files for free. LockBit is a prominent ransomware operation that first emerged in September 2019. In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Agriculture

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

MyPayrollHR CEO Arrested, Admits to $70M Fraud

Krebs on Security

SEPTEMBER 27, 2019

1, 2019 to Aug. For more than a decade, MyPayrollHR worked with California-based Cachet Financial Services to process payroll deposits for MyPayrollHR client employees. .” The government alleges Mann was kiting millions of dollars in checks between his accounts at Bank of American and Pioneer from Aug.

Financial Services

Financial Services Insurance Cloud IT

NEW TECH: Cequence Security deploys defense against botnets’ assault on business logic

The Last Watchdog

MARCH 26, 2019

Pick any company in any vertical – financial services, government, defense, manufacturing, insurance, healthcare, retailing, travel and hospitality – and you’ll find employees, partners, third-party suppliers and customers all demanding remote access to an expanding menu of apps — using their smartphones and laptops.

Security

Security Digital transformation Financial Services Access

The Future of Payments Security

Thales Cloud Protection & Licensing

JANUARY 26, 2021

The Future of Payments Security. Even when banking organizations are upgrading security posture to safeguard sensitive financial information, hackers can steal the data intelligently by tying known vulnerabilities together, and making it turn out to be a potential attack. Securing digital transactions. Stolen credentials.

Security

Security Retail Authentication Big data

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. Thereafter, in 2019, the department created a Cybersecurity Division to focus specifically on protecting industries and consumers from cyberthreats. regulator concerning the increasingly critical issue of cyberinsurance.

Insurance

Insurance Financial Services Cybersecurity Risk

MY TAKE: Coping with security risks, compliance issues spun up by ‘digital transformation’

The Last Watchdog

AUGUST 22, 2019

A core security challenge confronts just about every company today. While the benefits of DX are highly-touted , this shift has also spawned a whole new tier of unprecedented privacy and security challenges. The cloud is kind of dragging this movement along and DevOps and security are center stage, at the moment.”

Digital transformation

Digital transformation Compliance Risk Security

SHARED INTEL: Akamai reports web attack traffic spiked 62 percent in 2020 — all sectors hit hard

The Last Watchdog

MAY 24, 2021

Akamai, which happens to be the Hawaiian word for “smart,” recently released its annual State of the Internet security report. billion hitting financial services organizations — an increase of more than 45 percent year-over-year in that sector. billion web attacks globally; 736 million in the financial services sector.

Financial Services

Financial Services Passwords Data breaches Authentication

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

JULY 31, 2019

Remember after last month’s relatively serene cyber security scene we said this wasn’t the beginning of the GDPRevolution ? Hackers steal names and Social Security numbers from Maryland Department of Labour (78,000). Philadelphia Federal Credit Union confirms security breach (unknown).

Data breaches

Data breaches Ransomware Personal data Government

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Information Security

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

SAP Security Patch Day for May 2019 fixes many missing authorization checks

Webinars

Trending Sources

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Webinars

Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

NY Charges First American Financial for Massive Data Leak

Iran-linked APT group Pioneer Kitten sells access to hacked networks

EventBot, a new Android mobile targets financial institutions across Europe

Corporate Finance firms leak 500K+ legal and financial documents online

American Insurance firm State Farm victim of credential stuffing attacks

Law enforcement operation seized Ragnar Locker group’s infrastructure

Credit Union Sues Fintech Giant Fiserv Over Security Claims

NY Investigates Exposure of 885 Million Mortgage Documents

Oracle critical patch advisory addresses 284 flaws, 33 critical

First American Financial Pays Farcical $500K Fine

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

SEC announces sanctions against entities over email account hacking

Emissary Panda APT group hit Government Organizations in the Middle East

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

Operation Cronos: law enforcement disrupted the LockBit operation

Mastercard data breach affected Priceless Specials loyalty program

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

New Anti Anti-Money Laundering Services for Crooks

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

California IT service provider Synoptek pays ransom after Sodinokibi attack

New: 2019 State of the Internet / Security: Financial Services Attack Economy

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment

RSAC insights: Introducing ‘CWPP’ and ‘CSPM,’ new frameworks to secure cloud infrastructure

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Summary – “Industry in One: Financial Services”

NEW TECH: Baffin Bay Networks takes a ‘cloud-first’ approach to securing web applications

More details about Operation Cronos that disrupted Lockbit operation

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

MyPayrollHR CEO Arrested, Admits to $70M Fraud

NEW TECH: Cequence Security deploys defense against botnets’ assault on business logic

The Future of Payments Security

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

MY TAKE: Coping with security risks, compliance issues spun up by ‘digital transformation’

SHARED INTEL: Akamai reports web attack traffic spiked 62 percent in 2020 — all sectors hit hard

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

New York State Expected to Increase Enforcement of Cybersecurity Practices

Stay Connected