2022, Financial Services and Security - Information Management Today

Oracle Critical Patch Update for January 2022 will fix 483 new flaws

Security Affairs

JANUARY 17, 2022

The pre-release announcement for Critical Patch Update (CPU) for January 2022 states that Oracle will fix 483 new flaws. This pre-release announcement for Critical Patch Update (CPU) for January 2022 confirms that Oracle security updates will address 483 new security patches. Pierluigi Paganini.

Communications

Communications Financial Services Big data Retail

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs

DECEMBER 2, 2022

Cuba ransomware gang received more than $60 million in ransom payments related to attacks against 100 entities worldwide as of August 2022. Dollars (USD) and received more than $60 million in ransom payments from over 100 victims worldwide as of August 2022, the US government states. ” reads the report. Pierluigi Paganini.

Ransomware

Ransomware Financial Services Manufacturing Phishing

Data Protection in Financial Services Week 2022

Data Matters

FEBRUARY 25, 2022

Sidley and OneTrust DataGuidance are pleased to announce that registration is now open for their annual Data Protection in Financial Services (DPFS) Week. Join us from February 28 – March 3 for DPFS Week 2022 , a series of webinars looking at the impacts of data privacy across the financial sector.

Financial Services

Financial Services Privacy Data Privacy Cybersecurity

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

2024 Thales Global Data Threat Report: Trends in Financial Services

Thales Cloud Protection & Licensing

OCTOBER 14, 2024

2024 Thales Global Data Threat Report: Trends in Financial Services madhav Tue, 10/15/2024 - 05:17 Financial services (FinServ) firms are key players in the global economy. Nearly two-thirds (64%) of FinServ said it’s more complex to secure data in the cloud than on-prem, compared to 55% of general respondents.

Financial Services

Financial Services Cloud Compliance Authentication

Law enforcement operation seized Ragnar Locker group’s infrastructure

Security Affairs

OCTOBER 19, 2023

In March 2022, the US Federal Bureau of Investigation (FBI) and CISA published a flash alert to warn that the Ragnar Locker ransomware gang breached the networks of at least 52 organizations across 10 critical infrastructure sectors. “As

Ransomware

Ransomware Financial Services Manufacturing Government

Toyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a cybercrime forum

Security Affairs

AUGUST 20, 2024

branch of Toyota, stealing 240GB of files containing information on Toyota employees, customers, contracts, and financial details. However, the company attempted to downplay the incident claiming that the security breach is limited in scope. Toyota Financial Services (TFS) is the finance arm of the Toyota Motor Corporation.

Data breaches

Data breaches Financial Services Archiving Passwords

Akamai prevented the largest DDoS attack on a US financial company

Security Affairs

SEPTEMBER 10, 2023

. “Historically, approximately 10% to 15% of the DDoS attacks observed by Akamai have been aimed at customers in the financial services industry.” In fact, over the past four quarters, more than 30% of the DDoS attacks have been aimed at financial services companies.” ” concludes Akamai.

Financial Services

Financial Services Ransomware Cybersecurity IT

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

The experts were able to enumerate the C2s and targets of multiple distinct Chaos clusters, some of which were employed in recent DDoS attacks against the gaming, financial services and technology, and media and entertainment industries. .” reads the analysis published by Lumen Technologies. ” continues the report. .

Mining

Mining Financial Services IT Security

Russia-linked GRU Unit 29155 targeted critical infrastructure globally

Security Affairs

SEPTEMBER 6, 2024

Starting January 13, 2022, the group employed the WhisperGate wiper in attacks against Ukrainian organizations. Since 2022, the unit focused on disrupting aid efforts for Ukraine. These operations include espionage, sabotage, and reputational damage.

Financial Services

Financial Services Government IoT Communications

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

Security Affairs

SEPTEMBER 9, 2023

In March 2022, the US Federal Bureau of Investigation (FBI) and CISA published a flash alert to warn that the Ragnar Locker ransomware gang breached the networks of at least 52 organizations across 10 critical infrastructure sectors. The ransomware gang claims that the hospital doesn’t care about the privacy of its patients.

Ransomware

Ransomware Phishing Encryption Privacy

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

Help us #StopRansomware by visiting [link] pic.twitter.com/G5jpxtB0Fw — Cybersecurity and Infrastructure Security Agency (@CISAgov) June 14, 2023 The LockBit ransomware operation was the most active in 2022 and according to the researchers it is one of the most prolific RaaS in 2023. law enforcement).

Ransomware

Ransomware Cybersecurity Agriculture Education

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

Security Affairs

JUNE 6, 2024

” said Bryan Vorndran, the Assistant Director at the FBI Cyber Division, during the 2024 Boston Conference on Cyber Security. The NCA and its global partners have secured over 1,000 decryption keys that will allow victims of the gang to recover their files for free. continues the NCA.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Encryption

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023. Lockbit ransomware group administrative staff has confirmed with us their websites have been seized.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Financial Services

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

Security Affairs

MAY 24, 2023

Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks. We are in the final!

Financial Services

Financial Services Security Cybersecurity IT

Russia-Ukraine cyber conflict poses critical infrastructure at risk

Security Affairs

MARCH 14, 2022

Ongoing attacks could cause severe damages to multiple sectors, including transportation, communication, financial services, government facilities, nuclear reactors, and critical manufacturing. Check Host: [link] pic.twitter.com/J9OSdBLnzf — Anonymous (@LiteMods) February 25, 2022. ” reported researchers from Cyble.

Risk

Risk Financial Services Manufacturing Communications

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

“As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” reads the FBI’s flash alert.

Ransomware

Ransomware Passwords Financial Services Manufacturing

A Russian national charged for committing LockBit Ransomware attacks

Security Affairs

JUNE 16, 2023

In securing the arrest of a second Russian national affiliated with the LockBit ransomware, the Department has once again demonstrated the long arm of the law. In November 2022, the U.S. On or about May 27, 2022, the man and his Hive coconspirators allegedly hit a nonprofit behavioral healthcare organization in New Jersey.

Ransomware

Ransomware Agriculture Education Government

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. With evolving attack methodologies due to machine learning, quantum computing, and sophisticated nation-state hackers, security startups are receiving record funding.

Cybersecurity

Cybersecurity Cloud Compliance Analytics

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Security Affairs

MAY 10, 2022

Initially, the service popped up in the Dark Web around 22 nd March 2021, and has been significantly upgraded since then. The last update of the service was registered May 1, 2022. Detailed analysis of the Phishing-As-A-Service Frappo is available here: [link]. Follow me on Twitter: @securityaffairs and Facebook.

Phishing

Phishing Retail Financial Services Data breaches

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017. f), is sufficient to trigger this new notice requirement.

Financial Services

Financial Services Cybersecurity Compliance Government

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs

APRIL 16, 2023

The recent campaign exclusively aims at organizations that deal with tax preparation, financial services, CPA and accounting firms, and professional service firms dealing in bookkeeping and tax. Crooks use lures masquerading as tax documentation sent by a client. LNK) files.

Phishing

Phishing Financial Services Education Cybersecurity

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Thales Cloud Protection & Licensing

JANUARY 11, 2023

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List. Fasten your seatbelts and enjoy the Top 5 list of Thales webinars for 2022. Trends in Cloud Security: Key Findings from the 2022 Cloud Security Study. Thu, 01/12/2023 - 05:54.

Compliance

Compliance Cloud Security Financial Services

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

For example, one domain the gang has used since March 2022 is ushank[.]com financial services firm Ameriprise uses the domain ameriprise.com; the Disneyland Team’s domain for Ameriprise customers is [link] [brackets added to defang the domain], which displays in the browser URL bar as ? Bank customers.

Phishing

Phishing Authentication Financial Services Access

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself. That InfraGard member, who is head of security at a major U.S. Department of Defense.

Energy and Utilities

Energy and Utilities Sales Communications Data breaches

19-Year-Old man arrested for misusing leaked record from Optus Breach

Security Affairs

OCTOBER 6, 2022

The Rockdale man is scheduled to appear in a Sydney Court on 27 October (2022) to face two offences that carry a maximum penalty of 10 and 7 years’ imprisonment.” The post 19-Year-Old man arrested for misusing leaked record from Optus Breach appeared first on Security Affairs. ” reads the announcement published by the AFP.

Data breaches

Data breaches Financial Services Risk Security

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security. However, despite the critical status of bank infrastructure on the national level, the security of crucial data was not ensured. million files belonging to ICICI Bank. “The

Personal data

Personal data Phishing Risk Communications

Best Fraud Management Systems & Detection Tools in 2022

eSecurity Planet

SEPTEMBER 16, 2022

PwC’s 2022 Global Economic Crime and Fraud Survey reported that 46% of surveyed organizations experienced corruption, fraud, or other economic crimes in the 24-month survey period. Best Fraud Management Systems & Detection Tools in 2022. Take a look at Top Secure Email Gateway Solutions for 2022. million in losses.

Analytics

Analytics Risk Authentication Financial Services

OCR Labs exposes its systems, jeopardizing major banking clients

Security Affairs

APRIL 6, 2023

Financial services are the main target for cybercriminals, so the threat for the organizations and their customers is severe. The leak also affected Bloom Money and Admiral Money – two financial companies based in the UK, and Reed, which is the UK’s top recruitment agency. env) belonging to idkit.com, owned by OCR Labs.

IT

IT Financial Services Access Risk

The largest Russian bank Sberbank hit by a massive DDoS attack

Security Affairs

NOVEMBER 9, 2023

Sberbank , the Russian banking and financial services giant, announced that it was recently hit by a record-breaking distributed denial of service (DDoS) attack that reached 1 million RPS. Then it did not affect the availability of bank services.

Personal data

Personal data Financial Services Marketing Cloud

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

The NCA and its global partners have secured over 1,000 decryption keys that will allow victims of the gang to recover their files for free. In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023. LockBit is a prominent ransomware operation that first emerged in September 2019.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Manufacturing

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Security Affairs

MAY 24, 2023

In December 2022, South Korea’s spy agency, the National Intelligence Service, estimated that North Korea-linked threat actors have stolen an estimated 1.5 Cyber security and intelligence experts believe that attacks aimed at the cryptocurrency industry will continue to increase next year. ” reads the announcement.

Government

Government Military Financial Services Security

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

Thales Cloud Protection & Licensing

AUGUST 31, 2022

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor. Thu, 09/01/2022 - 05:15. However, all this attention from cyber criminals, as well as regulators and governments, has produced an extremely resilient industry with some of the best cyber security practices of any sector.

Financial Services

Financial Services Cybersecurity Cloud Computer and Electronics

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

Thales Cloud Protection & Licensing

JANUARY 16, 2024

Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds madhav Wed, 01/17/2024 - 05:46 The Digital Operational Resilience Act (DORA) will apply to the EU financial sector from 17 January 2025. As set out in its Article 2, DORA applies to the entire financial services sector.

Financial Services

Financial Services Cloud Cybersecurity Encryption

How Can We Secure The Future of Digital Payments?

Thales Cloud Protection & Licensing

JANUARY 10, 2022

How Can We Secure The Future of Digital Payments? Tue, 01/11/2022 - 06:35. The financial services ecosystem has evolved tremendously over the past few years driven by a surge in the adoption of digital payments. Security is paramount; digital payments are not only authorized but they must be authenticated as well.

Retail

Retail Security Financial Services Authentication

Resecurity identified the investment scam network ‘Digital Smoke’

Security Affairs

FEBRUARY 27, 2023

Once payments are collected from the victims, they make previously created resources vanish and set up the next new campaign – this is why investigators named the group “Digital Smoke” According to the latest report by FTC released last week called “The Top Scams of 2022” people reported losing $8.8

Marketing

Marketing Financial Services Government Sales

Report: Big U.S. Banks Are Stiffing Account Takeover Victims

Krebs on Security

OCTOBER 7, 2022

who in April 2022 opened an investigation into fraud tied to Zelle , the “peer-to-peer” digital payment service used by many financial institutions that allows customers to quickly send cash to friends and family. million of payments in 2021 and the first half of 2022,” the report summarized.

Passwords

Passwords Financial Services IT Phishing

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

FEBRUARY 20, 2024

The NCA and its global partners have secured over 1,000 decryption keys that will allow victims of the gang to recover their files for free. In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023. LockBit is a prominent ransomware operation that first emerged in September 2019.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Agriculture

Vermont Enacts Insurance Data Security Law

Hunton Privacy

JUNE 9, 2022

On May 27, 2022, Vermont Governor Phil Scott signed H.515 515 , making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law (“MDL-668”). Information Security Program Requirements.

Insurance

Insurance Security Information Security Cybersecurity

A massive phishing campaign using QR codes targets the energy sector

Security Affairs

AUGUST 16, 2023

Other top 4 targeted industries include Manufacturing, Insurance, Technology, and Financial Services seeing 15%, 9%, 7%, and 6% of the campaign traffic respectively.” com (Cloudflare’s Web3 services). “Email lures came in the form of updating account security surrounding 2FA, MFA, and general account security.

Phishing

Phishing Energy and Utilities Insurance Manufacturing

GUEST ESSAY: ‘Continuous authentication’ is driving passwordless sessions into the mainstream

The Last Watchdog

DECEMBER 6, 2022

Much more effective authentication is needed to help protect our digital environment – and make user sessions smoother and much more secure. Let’s be clear, users want a better authentication experience, one that is more secure, accurate and easier to use. Invisible security. Related: Why FIDO champions passwordless systems.

Authentication

Authentication Passwords Artificial Intelligence Financial Services

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

But Jim has long had a security freeze on his credit file with the three major consumer credit reporting bureaus , and none of the lenders seemed willing to proceed without at least a peek at his credit history. 14, 2022 breach notification letter from tribal lender Mountain Summit Financial. A portion of the Jan.

Financial Services

Financial Services IT Data breaches Passwords

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

The Last Watchdog

SEPTEMBER 23, 2019

Tech consultancy IDC recently estimated that global spending on security-related hardware, software and services is growing at a compound annual growth rate of 9.2% billion by 2022. Here are key takeaways: Security benefits Protect the data itself. It bakes security in and at the deepest level. Talk more soon.

Security

Security Encryption Compliance Data breaches

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. The proposed amendments revise several aspects of the draft Cybersecurity Rule amendments released on July 29, 2022. Cybersecurity Governance.

Financial Services

Financial Services Cybersecurity Ransomware Risk

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. Like an incident response plan, MFA has become a critical element of cybersecurity programs.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Oracle Critical Patch Update for January 2022 will fix 483 new flaws

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Webinars

Trending Sources

Data Protection in Financial Services Week 2022

Webinars

2024 Thales Global Data Threat Report: Trends in Financial Services

Law enforcement operation seized Ragnar Locker group’s infrastructure

Toyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a cybercrime forum

Akamai prevented the largest DDoS attack on a US financial company

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Russia-linked GRU Unit 29155 targeted critical infrastructure globally

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

Cybersecurity agencies published a joint LockBit ransomware advisory

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

Operation Cronos: law enforcement disrupted the LockBit operation

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

Russia-Ukraine cyber conflict poses critical infrastructure at risk

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

A Russian national charged for committing LockBit Ransomware attacks

Top Cybersecurity Startups to Watch in 2022

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Remcos RAT campaign targets US accounting and tax return preparation firms

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Disneyland Malware Team: It’s a Puny World After All

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

19-Year-Old man arrested for misusing leaked record from Optus Breach

Multinational ICICI Bank leaks passports and credit card numbers

Best Fraud Management Systems & Detection Tools in 2022

OCR Labs exposes its systems, jeopardizing major banking clients

The largest Russian bank Sberbank hit by a massive DDoS attack

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

How Can We Secure The Future of Digital Payments?

Resecurity identified the investment scam network ‘Digital Smoke’

Report: Big U.S. Banks Are Stiffing Account Takeover Victims

More details about Operation Cronos that disrupted Lockbit operation

Vermont Enacts Insurance Data Security Law

A massive phishing campaign using QR codes targets the energy sector

GUEST ESSAY: ‘Continuous authentication’ is driving passwordless sessions into the mainstream

Scary Fraud Ensues When ID Theft & Usury Collide

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

NYDFS Amends Cybersecurity Rules for Financial Services Companies

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Stay Connected