Krebs on Security

JUNE 18, 2021

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S.

Insurance 282

Insurance Risk Financial Services Mining 282

Security Affairs

JUNE 15, 2023

organizations since 2020. organizations since 2020. The operation targeted many organizations in critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. Red, LockBit 3.0/Black,

Ransomware 92

Ransomware Cybersecurity Agriculture Education 92

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity 104

Cybersecurity Financial Services Data breaches Insurance 104

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. terabyte of stolen data. Threat actors used custom malware to steal data from 3.2 million Windows systems between 2018 and 2020. “The data was collected from 3.25

Computer and Electronics 118

Computer and Electronics Archiving Encryption Passwords 118

Security Affairs

APRIL 8, 2020

The drug testing firm Hammersmith Medicines Research LTD (HMR), which performs live trials of Coronavirus vaccines, discloses a data breach. Stolen data included the personal information for volunteers who surnames begin with D, G, I, or J. ” reads the data breach notification published by the company.

Ransomware 104

Ransomware Data breaches Encryption Financial Services 104

Security Affairs

JUNE 6, 2024

The FBI is informing victims of LockBit ransomware it has obtained over 7,000 LockBit decryption keys that could allow some of them to decrypt their data. “Additionally, from our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online.”

Energy and Utilities 115

Energy and Utilities Ransomware Agriculture Encryption 115

Data Matters

JUNE 24, 2021

3 The SEC and its staff followed the September 2017 statement with various cybersecurity-related initiatives and guidance, including January 27, 2020, cybersecurity guidance and observations published by the SEC’s Division of Examinations (formerly Office of Compliance Inspections and Examinations).

Cybersecurity 66

Cybersecurity Financial Services Risk Compliance 66

Security Affairs

FEBRUARY 21, 2024

According to the press release published by the Department of State , the Lockbit ransomware operators carried out over 2,000 attacks against victims worldwide since January 2020. LockBit had a bespoke data exfiltration tool, known as Stealbit, which was used by affiliates to steal victim data. reads the NCA’s announcement. “The

Energy and Utilities 97

Energy and Utilities Ransomware Agriculture Manufacturing 97

Security Affairs

FEBRUARY 20, 2024

Law enforcement also had access to data stolen from the victims of the ransomware operation, a circumstance that highlights the fact that even when a ransom is paid, the ransomware gang often fails to delete the stolen information. on January 5, 2020. ” reads the NCA’s announcement.

Energy and Utilities 108

Energy and Utilities Ransomware Manufacturing Agriculture 108

Data Protection Report

FEBRUARY 8, 2022

The latter is the 2019 data security law known as the Stop Hacks and Improve Electronic Data Security (SHIELD) Act. EyeMed engaged a forensic investigator, which was unable to determine whether any exfiltration of personal data had occurred, due in part to a lack of log data. Background. SHIELD Act.

Passwords 98

Passwords Financial Services Authentication Insurance 98

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. Those emails came to the attention of EyeMed’s IT department and also its customers, who complained.

Cybersecurity 52

Cybersecurity Personal data Risk Financial Services 52

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020. NYDFS Cybersecurity Regulation.

Cybersecurity 94

Cybersecurity Financial Services Phishing Compliance 94

Security Affairs

MARCH 8, 2022

The ransomware operation has been active since late December 2019, this is the second time that the FBI first shares IoC related to RagnarLocker operation, the FBI first became aware of this threat in April 2020. The flash alert includes a series of mitigations to neutralize such attacks: Back-up critical data offline.

Ransomware 91

Ransomware Passwords Financial Services Manufacturing 91

Security Affairs

DECEMBER 2, 2022

Like other ransomware gangs, Cuba used ‘double extortion’ techniques which means that it exfiltrates data from the target systems before encrypting them and demanding a ransom payment, threatening to publicly release it if payment is not made. “FBI has identified a sharp increase in the both the number of compromised U.S.

Ransomware 89

Ransomware Financial Services Manufacturing Phishing 89

IT Governance

NOVEMBER 23, 2023

The financial sector is quite heavily regulated, and involves a lot of confidential data. You’d therefore expect that the sector fares better at data security than your average organisation. In fact, in 2020–2022, the financial sector was the second-most attacked sector, topped only by the retail and manufacturing sector.

Risk 85

Risk Data breaches Authentication Financial Services 85

Security Affairs

JULY 9, 2020

The credentials are sold for an average of $15.43, the most expensive pairs relate to banking and financial services accounts, with an average price of nearly $71. Crooks could use the credentials to launch credential stuffing attacks leveraging the data available in the black marketplaces.

Marketing 123

Marketing Passwords Financial Services Access 123

Security Affairs

SEPTEMBER 1, 2021

The sanctioned entities are Cetera (Advisor Networks, Investment Services, Financial Specialists, Advisors, and Investment Advisers), Cambridge Investment Research (Investment Research and Investment Research Advisors), and KMS Financial Services. ” Follow me on Twitter: @securityaffairs and Facebook.

Financial Services 88

Financial Services Cybersecurity Cloud Security 88

Hunton Privacy

NOVEMBER 25, 2020

On November 24, 2020, the European Parliament endorsed the new directive on representative actions for the protection of the collective interests of consumers (the “ Collective Redress Directive ”). including infringement of the EU General Data Protection (the “GDPR”).

Financial Services 80

Financial Services GDPR IT Information Security 80

Data Matters

AUGUST 5, 2019

On July 25, 2019, Governor Cuomo signed the two bills into law, one which amended the state’s data breach notification law, and another that created additional obligations for data breaches at credit reporting agencies. The Stop Hacks and Improve Electronic Data Security Act.

Cybersecurity 66

Cybersecurity Data breaches Privacy Risk 66

eSecurity Planet

JANUARY 21, 2021

Data privacy regulations like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) can be hard to navigate for businesses of any size, but GRC tools can simplify and streamline compliance with all of the requirements. IT governance and security. LogicManager. Back to top.

Compliance 67

Compliance Risk Government Retail 67

Security Affairs

JANUARY 4, 2021

defense contractors , financial services firms, and a national data center in Central Asia. The recent string of attacks launched by the cyber espionage group took place in 2020 and aimed at at least five companies in the online gambling sector.

Ransomware 127

Ransomware Encryption Financial Services Cybersecurity 127

eSecurity Planet

JANUARY 21, 2021

Data privacy regulations like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) can be hard to navigate for businesses of any size, but GRC tools can simplify and streamline compliance with all of the requirements. IT governance and security. LogicManager. Back to top.

Compliance 57

Compliance Risk Government Retail 57

Data Matters

OCTOBER 8, 2020

On October 1, 2020, the U.S. Ransomware attacks use malware, often injected through phishing schemes, to encrypt a victim’s data files or programs, followed by a ransom demand by the threat actor that offers the decryption key in exchange for payment. financial institutions or firms that perform “critical financial services.”.

Ransomware 66

Ransomware Compliance Risk Government 66

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective.

Cybersecurity 40

Cybersecurity Compliance Financial Services Risk 40

HL Chronicle of Data Protection

MAY 13, 2019

Major data breaches in recent years are spurring state legislators and regulators across the US into action. Of particular concern to state-level policymakers and enforcement authorities are business practices that in their view may contribute to security incidents. More states are sure to follow.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

Security Affairs

NOVEMBER 16, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The WIZVERA VeraPort integration installation program is used to manage additional security software (e.g.,

Financial Services 105

Financial Services Government Security Phishing 105

Data Matters

FEBRUARY 25, 2021

On January 28, 2021, the UK Financial Conduct Authority (FCA) published Consultation Paper CP21/3 , “Changes to the SCA-RTS and to the guidance in ‘Payment Services and Electronic Money – Our Approach’ and the Perimeter Guidance Manual” (Consultation Paper). 1 See further our Update of May 4, 2020. 3 At PERG 15.

Authentication 66

Authentication Paper Risk Insurance 66

The Last Watchdog

NOVEMBER 7, 2023

Recent cyber attacks on The Metropolitan Police and NHS Trusts through their supply chains have the potential to compromise the UK’s national security and private citizen data. A threat alert by the National Cyber Security Centre is also warning of increased state-sponsored attacks against UK critical national infrastructure.

Risk 100

Risk Security Financial Services Information Security 100

Security Affairs

SEPTEMBER 9, 2023

The cybercrime group claims to have stolen 1 TB of data from the hospital and threatens to leak it. The message published by the gang on its leak site emphasizes that they didn’t encrypt data to avoid causing malfunctions to the hospital’s medical equipment. Expect for the updates and keep your privacy in your own hands."

Ransomware 121

Ransomware Phishing Encryption Privacy 121

Security Affairs

MAY 24, 2023

Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks. The threat actors used a script on the compromised websites to collect preliminary user information.

Financial Services 88

Financial Services Security Cybersecurity IT 88

Security Affairs

NOVEMBER 8, 2021

defense contractors , financial services firms, and a national data center in Central Asia. The recent string of attacks launched by the cyber-espionage group took place in 2020 and aimed at several gambling companies. The APT group has been active since 2010, targeted organizations worldwide, including U.S.

Communications 110

Communications Blockchain Passwords Financial Services 110

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. With evolving attack methodologies due to machine learning, quantum computing, and sophisticated nation-state hackers, security startups are receiving record funding.

Cybersecurity 142

Cybersecurity Cloud Compliance Analytics 142

Data Matters

APRIL 21, 2020

These incidents, and other similar digital attacks, victimized institutions and individuals alike with monetary losses, data loss or corruption as well as system downtime that can have a cascading effect to operations, productivity, profits and market reputation. 510.701 (2020). Cybersecurity best practices are discussed further below.

Cybersecurity 66

Cybersecurity Risk Ransomware Government 66