eSecurity Planet

JANUARY 21, 2021

Data privacy regulations like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) can be hard to navigate for businesses of any size, but GRC tools can simplify and streamline compliance with all of the requirements. LogicManager. Back to top. See our in-depth look at LogicManager.

Compliance 67

Compliance Risk Government Retail 67

Security Affairs

MARCH 24, 2021

Ata Hakcil led the team of white hat hackers from WizCase in identifying a major data leak on online trading broker FBS’ websites. The data from FBS.com and FBS.eu comprised millions of confidential records including names, passwords, email addresses, passport numbers, national IDs, credit cards, financial transactions and more.

Passwords 129

Passwords Phishing Access Authentication 129

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. hard drive, storage device, the cloud).

Ransomware 107

Ransomware Passwords Encryption Financial Services 107

Security Affairs

OCTOBER 13, 2022

defense contractors , financial services firms, and a national data center in Central Asia. The attacks aimed at stealing sensitive data from the victims and attempted to launch supply chain attacks targeting their customers. The group also targeted a hospital in South East Asia.

File names 137

File names Financial Services Manufacturing Libraries 137

Security Affairs

AUGUST 26, 2021

Kaseya released security updates address server-side Kaseya Unitrends zero-day vulnerabilities that were reported by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD). DIVD discovered the flaws on July 2nd, 2021, and reported them to the software vendor on July 3rd.

Authentication 105

Authentication Financial Services Cloud Security 105

Security Affairs

JANUARY 26, 2022

defense contractors , financial services firms, and a national data center in Central Asia. APT27 has been exploiting vulnerabilities in Microsoft Exchange and in the Zoho AdSelf Service Plus1 software since March 2021.

Financial Services 96

Financial Services Access IT Security 96

Security Affairs

DECEMBER 2, 2022

Like other ransomware gangs, Cuba used ‘double extortion’ techniques which means that it exfiltrates data from the target systems before encrypting them and demanding a ransom payment, threatening to publicly release it if payment is not made. ” Since December 2021 Cuba operators are continuing to target U.S.

Ransomware 91

Ransomware Financial Services Manufacturing Phishing 91

Security Affairs

JULY 27, 2021

Kaseya Unitrends is a cloud-based enterprise solution that provides affordable, low-maintenance data protection offering to complement existing client backup and recovery solutions. DIVD discovered the flaws on July 2nd, 2021, and reported them to the software vendor on July 3rd.

Financial Services 109

Financial Services Authentication Cloud Government 109

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware 102

Ransomware Security Financial Services Cybersecurity 102

Security Affairs

SEPTEMBER 1, 2021

The sanctioned entities are Cetera (Advisor Networks, Investment Services, Financial Specialists, Advisors, and Investment Advisers), Cambridge Investment Research (Investment Research and Investment Research Advisors), and KMS Financial Services.

Financial Services 91

Financial Services Cybersecurity Cloud Security 91

DLA Piper Privacy Matters

AUGUST 23, 2021

In good news for organisations handling personal information, China’s Personal Information Protection Law (“ PIPL ”) was finalised on 20 August 2021, and will come into force on 1 November 2021. To be clear, this is not China’s own GDPR.

Data Privacy 111

Data Privacy Privacy Compliance Analytics 111

Security Affairs

APRIL 5, 2021

Microsoft recently published a report that states, titled “March 2021 Security Signals report,” that revealed that more than 80% of enterprises were victims of at least one firmware attack in the past two years. The study pointed out that only 29% of the targeted organizations have allocated budgets to protect firmware.

Cybersecurity 128

Cybersecurity Encryption Financial Services Risk 128

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020. NYDFS Cybersecurity Regulation.

Cybersecurity 94

Cybersecurity Financial Services Phishing Compliance 94

Data Protection Report

JUNE 2, 2021

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. NYDFS Cybersecurity Regulation.

Cybersecurity 71

Cybersecurity Insurance Financial Services Phishing 71

IT Governance

NOVEMBER 23, 2023

The financial sector is quite heavily regulated, and involves a lot of confidential data. You’d therefore expect that the sector fares better at data security than your average organisation. In fact, in 2020–2022, the financial sector was the second-most attacked sector, topped only by the retail and manufacturing sector.

Risk 85

Risk Data breaches Authentication Financial Services 85

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. Nevertheless, EyeMed certified its compliance with the Cybersecurity Regulation annually, from 2018-2021.

Cybersecurity 52

Cybersecurity Personal data Risk Financial Services 52

Security Affairs

MAY 10, 2022

“Frappo” acts as a Phishing-as-a-Service and enables cybercriminals the ability to host and generate high-quality phishing pages which impersonate major online banking, e-commerce, popular retailers, and online-services to steal customer data. The last update of the service was registered May 1, 2022.

Phishing 80

Phishing Retail Financial Services Data breaches 80

HL Chronicle of Data Protection

MAY 13, 2019

Major data breaches in recent years are spurring state legislators and regulators across the US into action. Of particular concern to state-level policymakers and enforcement authorities are business practices that in their view may contribute to security incidents. More states are sure to follow.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

Security Affairs

NOVEMBER 8, 2021

Experts warn of an ongoing hacking campaign that already compromised at least nine organizations worldwide from critical sectors by exploiting CVE-2021-40539. In the middle of September, the FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warned that nation-state APT groups were actively exploiting the CVE-2021-40539 flaw.

Communications 112

Communications Blockchain Passwords Financial Services 112

Data Matters

FEBRUARY 25, 2021

On January 28, 2021, the UK Financial Conduct Authority (FCA) published Consultation Paper CP21/3 , “Changes to the SCA-RTS and to the guidance in ‘Payment Services and Electronic Money – Our Approach’ and the Perimeter Guidance Manual” (Consultation Paper). Next steps. 1 See further our Update of May 4, 2020. 3 At PERG 15.

Authentication 66

Authentication Paper Risk Insurance 66

Data Matters

AUGUST 17, 2021

On August 11, 2021, the Federal Financial Institutions Examination Council (FFIEC)1 issued guidance establishing risk management principles and practices to support the authentication of users accessing a financial institution’s information systems and customers accessing a financial institution’s digital banking services (the Guidance).

Authentication 86

Authentication Access Risk Information Security 86

Security Affairs

SEPTEMBER 1, 2023

This dupes a Windows machine that has not been patched against the vulnerability into allowing illegitimate data packets into the legitimate network. These data packets can contain malware such as a trojan, ransomware, or similar dangerous program. Pro 9600 Windows Server 2021 R2 Standard How to defend against EternalBlue?

Phishing 120

Phishing Ransomware Search queries Access 120

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. Investors recognize the potential too, as funding for cybersecurity ventures more than doubled from previous years to almost $22 billion in 2021. BluBracket.

Cybersecurity 142

Cybersecurity Cloud Compliance Analytics 142