Analysis, Cybersecurity and Financial Services - Information Management Today

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. This notice requirement explicitly applies to cybersecurity incidents occurring to the covered entity itself, its affiliates, or a third-party service provider.

Financial Services

Financial Services Cybersecurity Compliance Government

Accelerate hybrid cloud transformation through IBM Cloud for Financial Service Validation Program

IBM Big Data Hub

APRIL 4, 2024

The cloud represents a strategic tool to enable digital transformation for financial institutions As the banking and other regulated industry continues to shift toward a digital-first approach, financial entities are eager to use the benefits of digital disruption. Most of these new technologies are born-in-cloud.

Financial Services

Financial Services Cloud Compliance Digital transformation

Twitter Hack Analysis Drives Calls for Greater Security Regulation

Dark Reading

OCTOBER 15, 2020

New York's Department of Financial Services calls for more cybersecurity regulation at social media firms following the "jarringly easy" Twitter breach.

Financial Services

Financial Services Security Cybersecurity

Webinars

Launching LLM-Based Products: From Concept to Cash in 90 Days

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

MORE WEBINARS

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

According to a joint advisory published by cybersecurity agencies, the LockBit ransomware group has successfully extorted roughly $91 million in about 1,700 attacks against U.S. The group targeted municipal governments, county governments, public higher education and K-12 schools, and emergency services (e.g., organizations since 2020.

Ransomware

Ransomware Cybersecurity Agriculture Education

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

See 45 CFR 164.308(a)(1)(ii)(A)-(B): Implementation Specification: Risk Analysis (required), Implementation Specification: Risk Management (required); see also 45 CFR 164.304 (definition of “Availability”). implement stronger authentication solutions, such as multi-factor authentication. 45 CFR 164.308(a)(5)(i).

Cybersecurity

Cybersecurity Privacy Insurance Risk

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. First American Financial Corp. based First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. Santa Ana, Calif.-based

Insurance

Insurance Financial Services Mining Access

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

Security Affairs

DECEMBER 15, 2023

Resecurity’s HUNTER (HUMINT) unit spotted the BianLian , White Rabbit , and Mario ransomware gangs collaborating in a joint extortion campaign targeting publicly-traded financial services firms. This is why it is critical to share such intelligence for further analysis with the broader cybersecurity community.

Ransomware

Ransomware Financial Services Cybersecurity Passwords

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Security Affairs

DECEMBER 26, 2023

Cybersecurity company Resecurity has published the 2024 Cyber Threat Landscape Forecast. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 100 and government agencies worldwide, has compiled a comprehensive forecast outlining the imminent threats and novel security challenges anticipated in the upcoming year.

Energy and Utilities

Energy and Utilities Artificial Intelligence Ransomware Data breaches

News Alert: Vaultree partners with Tableau to uniquely blend encryption, data visualization

The Last Watchdog

AUGUST 3, 2023

3, 2023 — Vaultree, a cybersecurity leader pioneering Fully Functional Data-In-Use Encryption (FFDUE), today announces a strategic integration with Tableau, a renowned platform for data visualization and business intelligence. San Francisco and Cork, Ireland, Aug. You can schedule a meeting to meet with our team at [link].

Encryption

Encryption Analytics Data Privacy Cybersecurity

Was RI Advice a watershed for cybersecurity law in Australia or a damp squib?

Data Protection Report

MAY 25, 2022

Boards and organisations should assess their cybersecurity risk management activities in light of the decision and ask whether current approaches are adequately resourced and operating effectively? Despite these requirements, RI Advice’s ARs suffered nine cybersecurity incidents in the period from 2014 to 2021. Introduction.

Cybersecurity

Cybersecurity Risk Financial Services Retail

FFIEC Announces Plans to Update Cybersecurity Guidance in Wake of Cybersecurity Assessments

Hunton Privacy

NOVEMBER 4, 2014

The Report summarizes themes from the assessments and provides suggested questions for chief executive officers and boards of directors to ask when assessing their institutions’ cybersecurity preparedness. In light of the assessments, the FFIEC announced that its members will review and update current FFIEC cybersecurity guidance.

Cybersecurity

Cybersecurity Financial Services Risk Government

Infosys McCamish Systems data breach impacted over 6 million people

Security Affairs

JUNE 29, 2024

IMS specializes in providing business process outsourcing (BPO) and information technology (IT) services specifically tailored for the insurance and financial services industries. McCamish immediately launched an investigation into the incident and worked on the remediation with the help of cybersecurity consultants.

Data breaches

Data breaches e-Discovery Ransomware Insurance

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Periodic risk-based assessments of third parties. Upcoming certifications.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

However, basic cybersecurity tools and practices, like patching , strong passwords , and multi-factor authentication (MFA), “can prevent 80 to 90% of cyberattacks,” said Anne Neuberger, deputy national security advisor for cyber and emerging technologies, during a White House press conference in Sept. The average cost of a breach is $3.6

Ransomware

Ransomware Cybersecurity Phishing Encryption

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action

Thales Cloud Protection & Licensing

MARCH 6, 2024

This report serves as a critical wake-up call for company executives and security professionals, emphasizing the urgent need to prioritize API security as a core component of their overall cybersecurity strategy. Cybersecurity has always been a team game. billion, which is linked to the increasing volume of automated attacks on APIs.

Security

Security Authentication Risk Cybersecurity

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe.

Financial Services

Financial Services Libraries Encryption Authentication

FCA sets out plans to make Big Tech a priority and provides update on its approach to AI

Data Protection Report

APRIL 23, 2024

He noted that whilst the growing emergence of Big Tech in financial services has already made life easier for consumers, it remains unclear how valuable their data will become in financial markets. cybersecurity, financial stability, interconnectedness, data concerns or market integrity).

Financial Services

Financial Services IT Marketing Retail

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

OCTOBER 6, 2021

The majority of intercepted credentials by Agent Tesla related to financial services, online-retailers, e-government systems and personal and business e-mail accounts. . Researchers found active instances of Agent Tesla and developed a mechanism to enumerate the affected clients and extract compromised data.

Financial Services

Financial Services Retail Education Information Security

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

FEBRUARY 6, 2015

On February 3, 2015, the Securities and Exchange Commission (“SEC”) released a Risk Alert , entitled Cybersecurity Examination Sweep Summary, summarizing observations from the recent round of cybersecurity examinations of registered broker-dealers and investment advisers under the Cybersecurity Examination Initiative.

Cybersecurity

Cybersecurity Insurance Financial Services Risk

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Risk

Risk Financial Services Insurance Cybersecurity

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

In September 2021, the Kremlin issued treason charges against Ilya Sachkov , formerly head of the cybersecurity firm Group-IB. Mikhaylov was given a 22 year prison sentence ; Stoyanov was sentenced to 14 years in prison. ” Sachkov remains imprisoned in Russia pending his treason trial. This is not the U.S.

Ransomware

Ransomware Government Cybersecurity Blockchain

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

The Last Watchdog

DECEMBER 6, 2018

And, in doing so, the IC has developed an effective set of data handling and cybersecurity best practices. The IC gathers, stores and processes large amounts of data, from a variety of sources, in order to provide actionable information for key stakeholders. Related video: Using the NIST framework as a starting point. Collection. Processing.

Security

Security Financial Services Manufacturing Data collection

How to Prevent Data Breaches: Data Breach Prevention Tips

eSecurity Planet

AUGUST 22, 2023

Here are some data breach prevention and response practices that have stood the test of time, followed by a reference list of some vendor resources that can help you improve your own cybersecurity and incident response capabilities. See the Top Cybersecurity Employee Training Programs 4. This varies between organizations.

Data breaches

Data breaches Big data Cybersecurity Security

BlackCocaine Ransomware, a new malware in the threat landscape

Security Affairs

JUNE 5, 2021

Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021, by Nucleus Software, an India-based IT company in the Banking and Financial Services sector. Nucleus Software declared that it does not store customers’ financial data. ” reads the post published by Cyble.

Ransomware

Ransomware Encryption File names Financial Services

Experts linked ransomware attacks to China-linked APT27

Security Affairs

JANUARY 4, 2021

defense contractors , financial services firms, and a national data center in Central Asia. Other malware found on infected computers includes the PlugX remote access trojan, regularly mentioned in cybersecurity reports about campaigns linked to China. ” concludes the report. Pierluigi Paganini.

Ransomware

Ransomware Encryption Financial Services Cybersecurity

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

6 Best Threat Intelligence Feeds to Use in 2023

eSecurity Planet

AUGUST 10, 2023

Threat intelligence feeds are continually updated streams of data that inform users of different cybersecurity threats, their sources, and any infrastructure impacted or at risk of being impacted by those threats. May have redundant features with other cybersecurity tools in your existing toolset.

Cybersecurity

Cybersecurity Access Metadata Energy and Utilities

Cybersecurity: Managing Risks With Third Party Companies

Cyber Info Veritas

JULY 19, 2018

This is according to a recent survey conducted by Soha Systems, and according to one of the speeches delivered by the Superintendent of the New York State Department of Financial Services, Mr. Benjamin Lawsky, “ A company’s cybersecurity is only as strong as the cybersecurity of its third-party vendors ”.

Risk

Risk Cybersecurity Compliance Data breaches

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were used in a massive surveillance campaign aimed at users working in the financial services, oil and gas, media and entertainment, healthcare, government organizations, and pharmaceuticals. ” reads the analysis published by Awake Security.

Healthcare

Healthcare Financial Services Communications Security

Enterprise SIEMs Miss 76 Percent of MITRE ATT&CK Techniques

eSecurity Planet

JUNE 27, 2023

.” The Third Annual Report on the State of SIEM Detection Risk by detection posture management vendor CardinalOps is based on analysis of configuration metadata from a wide variety of SIEM instances, including Splunk, Microsoft Sentinel, IBM QRadar, and Sumo Logic, across verticals that include banking and financial services, insurance, manufacturing, (..)

Metadata

Metadata Financial Services Insurance Manufacturing

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

This trick can be successful against ransomware detection software that relies on inspecting content using statistical analysis to detect encryption.” ransomware: The victims of the Lockfile ransomware gang are in the manufacturing, financial services, engineering, legal, business services, and travel and tourism sectors.

Encryption

Encryption Ransomware Financial Services Manufacturing

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Security Affairs

MAY 10, 2022

Resecurity® is an Affiliate Member of FS-ISAC and an Official Member of Infragard which aim to combat cybercriminal activity targeting financial services and Internet users globally. Detailed analysis of the Phishing-As-A-Service Frappo is available here: [link].

Phishing

Phishing Retail Financial Services Data breaches

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Security Affairs

FEBRUARY 26, 2019

.” reads the technical analysis published by Ambionics security. ” Cybersecurity experts at Imperva observed hundreds of attacks against its customers exploiting the CVE-2019-6340 flaw on February 23. ” reads the analysis published by Imperva. ” reads the post from Imperva.

Financial Services

Financial Services CMS Government Security

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Other industry standards too can have the force of “pseudo-law” – notably, the NIST Cybersecurity Framework, which federal regulators often apply to financial-services firms and government contractors. See the Best Cybersecurity Awareness Training for Employees. The result is arguably a perverse jumble of priorities.

Data Privacy

Data Privacy Compliance Privacy Security

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Welcome to this week’s round-up of the biggest and most interesting news stories. DP World Australia’s investigation and ongoing remediation work are likely to continue for some time.”

Data Privacy

Data Privacy Privacy Security Data breaches

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. Obtain cybersecurity expertise to properly understand and evaluate cyber risk.

Insurance

Insurance Cybersecurity Risk Education

What can AI and generative AI do for governments?

IBM Big Data Hub

SEPTEMBER 20, 2023

With this can come improved productivity, as technologies such as natural language processing (NLP) hold the promise of relieving the need for heavy text data reading and analysis. This could benefit cost optimization and also strengthen cybersecurity, as it can help detect threats quickly.

Government

Government Artificial Intelligence Privacy Digital transformation

The most valuable AI use cases for business

IBM Big Data Hub

FEBRUARY 14, 2024

Customer-facing AI use cases Deliver superior customer service Customers can now be assisted in real time with conversational AI. Voice-based queries use natural language processing (NLP) and sentiment analysis for speech recognition so their conversations can begin immediately.

Artificial Intelligence

Artificial Intelligence Retail Unstructured data Insurance

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

The Last Watchdog

NOVEMBER 13, 2018

Cybersecurity vendors, of course, have been responding. We ingest data into a powerful AI engine, and do a comprehensive analysis to determine if a malicious bot attack is taking place.”. Related: The ‘Golden Age’ of cyber espionage is upon us. Early traction. And the company was recently named a 2018 Gartner Cool Vendor.

Security

Security Digital transformation B2C Cloud

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

CloudPassage’s 2021 AWS Cloud Security Report found that misconfiguration of cloud platforms (71 percent), exfiltration of sensitive data (59 percent), and insecure APIs (54 percent) are the top cloud security threats facing cybersecurity professionals. Read more: Best Cybersecurity Awareness Training for Employees in 2021.

Cloud

Cloud Security Encryption Risk

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

As with the amended breach law, this new law also states that compliance with the data security requirements of HIPAA, Gramm-Leach-Bliley or New York Department of Financial Services cybersecurity regulations, or other similar agency requirements, will meet this statute.

Security

Security Financial Services Passwords Risk

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

Transaction risk analysis. The FCA plans to formally adopt EBA guidance stating that fraud rate calculations for transaction risk analysis (Article 18 of the SCA-RTS) should include only unauthorized or fraudulent remote electronic transactions for which the payment service provider was liable, and no other types of transaction.

Authentication

Authentication Paper Risk Insurance

Infosource Global Capture & IDP Vertical Market Analysis 2022-2023 Update

Info Source

DECEMBER 8, 2023

In our vertical market sizing and analysis, we cover horizontal use cases e.g., accounting, HR management, as well as vertical specific use cases e.g., bank account opening, mortgage processing and insurance claims processing. As a result, we predict single digit growth in the next 5 years.

Marketing

Marketing Customer Experience Energy and Utilities Digital transformation

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Accelerate hybrid cloud transformation through IBM Cloud for Financial Service Validation Program

Webinars

Trending Sources

Twitter Hack Analysis Drives Calls for Greater Security Regulation

Webinars

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Cybersecurity agencies published a joint LockBit ransomware advisory

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

NY Charges First American Financial for Massive Data Leak

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

Resecurity Released a 2024 Cyber Threat Landscape Forecast

News Alert: Vaultree partners with Tableau to uniquely blend encryption, data visualization

Was RI Advice a watershed for cybersecurity law in Australia or a damp squib?

FFIEC Announces Plans to Update Cybersecurity Guidance in Wake of Cybersecurity Assessments

Infosys McCamish Systems data breach impacted over 6 million people

Transition period under New York Cybersecurity Regulation ends March 1, 2019

What is a Cyberattack? Types and Defenses

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action

EventBot, a new Android mobile targets financial institutions across Europe

FCA sets out plans to make Big Tech a priority and provides update on its approach to AI

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

How to Prevent Data Breaches: Data Breach Prevention Tips

BlackCocaine Ransomware, a new malware in the threat landscape

Experts linked ransomware attacks to China-linked APT27

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

6 Best Threat Intelligence Feeds to Use in 2023

Cybersecurity: Managing Risks With Third Party Companies

Hundreds of malicious Chrome browser extensions used to spy on you!

Enterprise SIEMs Miss 76 Percent of MITRE ATT&CK Techniques

LockFile Ransomware uses a new intermittent encryption technique

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Security Compliance & Data Privacy Regulations

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

What can AI and generative AI do for governments?

The most valuable AI use cases for business

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

Top 12 Cloud Security Best Practices for 2021

New York’s Breach Law Amendments and New Security Requirements

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Infosource Global Capture & IDP Vertical Market Analysis 2022-2023 Update

Stay Connected