Analysis and Financial Services - Information Management Today

2024 Thales Global Data Threat Report: Trends in Financial Services

Thales Cloud Protection & Licensing

OCTOBER 14, 2024

2024 Thales Global Data Threat Report: Trends in Financial Services madhav Tue, 10/15/2024 - 05:17 Financial services (FinServ) firms are key players in the global economy. As a result, FinServ organizations have some of the largest cybersecurity budgets and most advanced defenses.

Financial Services

Financial Services Cloud Compliance Authentication

'Hack-for-Hire' Groups Spoof WHO Emails to Steal Data

Data Breach Today

MAY 28, 2020

Google: Hackers Using COVID-19 Phishing Themes to Target Businesses "Hack-for-hire" groups operating in India are spoofing World Health Organization emails to steal credentials from financial services and healthcare firms around the world, according to Google's Threat Analysis Group.

Financial Services

Financial Services Phishing

Vendor Email Compromise Attacks Against Financial Services Surge 137% Last Year

KnowBe4

FEBRUARY 2, 2024

Analysis of 2023 attacks shows how the financial services industry had a very bad year, with increases in both vendor email compromise (VEC) and business email compromise (BEC) attacks, targeting millions of dollars using very specific methods.

Financial Services

Financial Services Security awareness Security

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe.

Financial Services

Financial Services Libraries Encryption Authentication

Why Marketing Compliance for Financial Services Is A Big Deal

Hanzo Learning Center

SEPTEMBER 5, 2023

In today's fiercely competitive business landscape, financial services companies, like their counterparts in other industries, rely on advertising and digital marketing strategies to create brand recognition, promote their products and services to potential customers, and engage with their existing client base.

Financial Services

Financial Services Marketing Compliance

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Krebs on Security

DECEMBER 10, 2020

TSYS provides payment processing services, merchant services and other payment solutions, including prepaid debit cards and payroll cards. In 2019, TSYS was acquired by financial services firm Global Payments Inc. NYSE:GPN ].

Ransomware

Ransomware Financial Services Access IT

Analysis: Fallout From the Snowden Memoir

Data Breach Today

SEPTEMBER 20, 2019

Also featured: An update on Lumen PDF's breach disclosure; insights on financial services identity management issues. The latest edition of the ISMG Security Report features a discussion of the controversies surrounding the release of whistleblower Edward Snowden's memoir.

Financial Services

Financial Services Security

Microsoft seized 240 sites used by the ONNX phishing service

Security Affairs

NOVEMBER 23, 2024

Abanoub Nady (known online as “MRxC0DER”) developed and sold “do it yourself” phish kits and fraudulently used the brand name “ONNX” to sell these services.” ” reads the analysis published by Microsoft. Microsoft states that phishing heavily targets financial services, risking losses like life savings.

Phishing

Phishing Financial Services Risk Access

Financial Services Industry Experiences a Massive Increase in Brand Abuse

KnowBe4

OCTOBER 4, 2024

Industry analysis of the domains used behind phishing and brand impersonation attacks show financial institutions are being leveraged at an alarming rate.

Financial Services

Financial Services Phishing

SharkBot, a new Android Trojan targets banks in Europe

Security Affairs

NOVEMBER 15, 2021

The malware implements multiple anti-analysis techniques, including string obfuscation routine, emulator detection and a domain generation algorithm (DGA). ” reads the analysis published by the researchers. ” SharkBot abuses Accessibility Service to carry out ATS attacks inside the infected device. .

Financial Services

Financial Services Access Security IT

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

Security Affairs

DECEMBER 26, 2018

Researchers at Menlo Labs uncovered a malicious email campaign targeting employees of banks and financial services companies abusing Google Cloud Storage. ” reads the analysis published by security researchers at Menlo. The spam campaign uses messages including links that point to archive files such as.zip or.gz.

Cloud

Cloud Financial Services Archiving Phishing

BlackCocaine Ransomware, a new malware in the threat landscape

Security Affairs

JUNE 5, 2021

Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021, by Nucleus Software, an India-based IT company in the Banking and Financial Services sector. Nucleus Software declared that it does not store customers’ financial data. ” reads the post published by Cyble.

Ransomware

Ransomware Encryption File names Financial Services

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

Security Affairs

DECEMBER 15, 2023

Resecurity’s HUNTER (HUMINT) unit spotted the BianLian , White Rabbit , and Mario ransomware gangs collaborating in a joint extortion campaign targeting publicly-traded financial services firms. This is why it is critical to share such intelligence for further analysis with the broader cybersecurity community.

Ransomware

Ransomware Financial Services Cybersecurity Passwords

6 benefits of data lineage for financial services

IBM Big Data Hub

FEBRUARY 26, 2024

The financial services industry has been in the process of modernizing its data governance for more than a decade. How can banks, credit unions, and financial advisors keep up with demanding regulations while battling restricted budgets and higher employee turnover? One often-overlooked area of impact analysis is IT resilience.

Financial Services

Financial Services Cloud Metadata Digital transformation

Corporate Finance firms leak 500K+ legal and financial documents online

Security Affairs

MARCH 17, 2020

Advantage and Argus seem to be the same company working under two different names, they offer funding and startup capital to business owners without access to traditional lending and financial services. The researchers discovered the unsecured database in December 2019.

Financial Services

Financial Services Access Security Privacy

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

According to a filing (PDF) by the New York State Department of Financial Services (DFS), the weakness that exposed the documents was first introduced during an application software update in May 2014 and went undetected for years. The documents were available without authentication to anyone with a Web browser.

Insurance

Insurance Financial Services Mining Access

Half of all Financial Services Cyber Attacks Start with a Very Costly Phish

KnowBe4

SEPTEMBER 23, 2024

New analysis of attacks on the financial sector shows that the combination of phishing emails and compromised credentials is a recurring — and financially impactful — threat.

Financial Services

Financial Services Phishing Security

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. billion per month.

Insurance

Insurance Data breaches Financial Services Passwords

Mitigating the impact of climate change in insurance and other financial services

IBM Big Data Hub

MARCH 25, 2024

For other financial services firms outside of the insurance sector, property accepted as loan security might face climate-related risks as well. Across the financial sector, there are transition risks to consider as we move to a low-carbon economy. Financial services firms can use the tool for “what if?”

Financial Services

Financial Services Insurance Risk Agriculture

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

” reads the analysis published by Lumen Technologies. The experts were able to enumerate the C2s and targets of multiple distinct Chaos clusters, some of which were employed in recent DDoS attacks against the gaming, financial services and technology, and media and entertainment industries. ” continues the report.

Mining

Mining Financial Services IT Security

Twitter Hack Analysis Drives Calls for Greater Security Regulation

Dark Reading

OCTOBER 15, 2020

New York's Department of Financial Services calls for more cybersecurity regulation at social media firms following the "jarringly easy" Twitter breach.

Financial Services

Financial Services Security Cybersecurity

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

The Last Watchdog

MARCH 24, 2025

We recommend using Dr. Michele Moscas theorem of quantum risk against an optimistic vs. pessimistic probability analysis. Financial services firms have to protect sensitive data like customers bank account information. This is where the concern of harvest now, decrypt later attacks apply.

Encryption

Encryption Financial Services Risk Libraries

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Security Affairs

DECEMBER 26, 2023

These projections stem from an in-depth analysis of the underground economy’s evolution on the Dark Web and a thorough examination of significant cybersecurity incidents targeting corporations and governments.

Energy and Utilities

Energy and Utilities Artificial Intelligence Ransomware Data breaches

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

This trick can be successful against ransomware detection software that relies on inspecting content using statistical analysis to detect encryption.” ransomware: The victims of the Lockfile ransomware gang are in the manufacturing, financial services, engineering, legal, business services, and travel and tourism sectors.

Encryption

Encryption Ransomware Financial Services Manufacturing

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

OCTOBER 6, 2021

The majority of intercepted credentials by Agent Tesla related to financial services, online-retailers, e-government systems and personal and business e-mail accounts. . Researchers found active instances of Agent Tesla and developed a mechanism to enumerate the affected clients and extract compromised data.

Financial Services

Financial Services Retail Education Information Security

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were used in a massive surveillance campaign aimed at users working in the financial services, oil and gas, media and entertainment, healthcare, government organizations, and pharmaceuticals. ” reads the analysis published by Awake Security.

Healthcare

Healthcare Financial Services Security Communications

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Security Affairs

APRIL 10, 2019

Update to security note release on January 2019 Patch Day: [ CVE-2018-2484 ] Missing Authorization check in SAP Enterprise Financial Services. ” reads the analysis published by security firm Onapsis. CVE-2019-0279 ] Missing Authorization check for ABAP INST function module. [

Security

Security Financial Services Risk Access

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

Security Affairs

MARCH 19, 2020

.” The module appears to be under development, but experts pointed out that threat actors already used it to target organizations, mostly in telecoms, education, and financial services sectors. The module implements three attack modes, named check, trybrute and brute.

Financial Services

Financial Services Education Communications IT

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

” reads the analysis published by Proofpoint. ” The TA505 group was first spotted by Proofpoint back 2017, it has been active at least since 2015 and targets organizations in financial and retail industries. ” reads the analysis published by Proofpoint.

IT

IT Financial Services Ransomware Retail

Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw

Security Affairs

NOVEMBER 8, 2021

” reads the analysis published by Palo Alto Networks. The analysis of the global telemetry from Palo Alto Networks revealed that attackers targeted at least 370 Zoho ManageEngine servers in the United States alone. ” continues the analysis.

Communications

Communications Blockchain Passwords Financial Services

BingoMod Android RAT steals money from victims’ bank accounts and wipes data

Security Affairs

JULY 31, 2024

. “These techniques have several advantages: they require less skilled developers, expand the malware’s target base to any bank, and bypass various behavioural detection countermeasures put in place by multiple banks and financial services.”

Authentication

Authentication Financial Services Communications Access

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017.

Financial Services

Financial Services Cybersecurity Compliance Government

Google TAG report Q1 details about nation-state hacking and disinformation

Security Affairs

MAY 28, 2020

Google Threat Analysis Group (TAG) has published today its first TAG quarterly report that analyzes rising trends in nation-state and financially motivated attacks. The Google Threat Analysis Group (TAG) is a group inside the Google’s security team that tracks operations conducted by nation-state actors and cybercrime groups.

Financial Services

Financial Services Government Phishing Marketing

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Security Affairs

FEBRUARY 26, 2019

” reads the technical analysis published by Ambionics security. Hackers targeted dozens of Imperva’s customers, including organizations in the government and financial services sectors. ” reads the analysis published by Imperva. ” reads the post from Imperva.

Financial Services

Financial Services CMS Government Security

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

ybercriminals behind the PerSwaysion campaign gained access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups. The detailed technical analysis of PerSwaysion operations and attack scheme is available in Group-IB’s blog post. Who are “The PerSwayders”?

Phishing

Phishing Cloud Financial Services Authentication

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

financial institutions and two banks in Canada and the Netherlands. “Analysis of the latest Qbot campaign shows that it is mainly focused on the United States (see Figure 1), targeting approximately 36 U.S. financial institutions and two banks in Canada and the Netherlands;” reads the report published by F5 Labs.

Phishing

Phishing Financial Services Personal data Security

Experts linked ransomware attacks to China-linked APT27

Security Affairs

JANUARY 4, 2021

defense contractors , financial services firms, and a national data center in Central Asia. “Combining all the links we discovered during our analysis of our incident, it is not out of the question that Winnti is behind the Clambling backdoor, or at least a sub-group operating under the Winnti umbrella.”

Ransomware

Ransomware Encryption Financial Services Security

Critical RCE affects older Diebold Nixdorf ATMs

Security Affairs

JUNE 9, 2019

The experts explained that had access to an ATM of Diebold vendor and started analyzing the machine a simple PC running Windows OS and exposing some services implemented by the ATM provider. The focused their analysis on the Spiservice service listening on post 8043. ” reads the post published by the experts.

Libraries

Libraries Communications Financial Services Security

New Anti Anti-Money Laundering Services for Crooks

Krebs on Security

AUGUST 13, 2021

“To date, this type of analysis has been used primarily by regulated financial service providers.” . “It is also significant because it makes blockchain analytics available to the public for the first time,” Robinson wrote. ” That may not be entirely true.

Blockchain

Blockchain Marketing Analytics Ransomware

The importance of data quality in Financial Services

Collibra

JULY 21, 2021

Financial services are highly regulated and maintain a strong focus on compliance and risk management. Considering that major financial organizations handle enormous amounts of data today, they require data accuracy and integrity at all times to minimize risks. What is data quality in financial services?

Financial Services

Financial Services Analytics Compliance Risk

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

JANUARY 28, 2024

Scientists at NTT Research are working on an advanced type of cryptography that enables businesses to perform aggregate data analysis on user data — without infringing upon individual privacy rights. Both regulations have profound implications for companies seeking to collect and apply aggregate statistical analysis to consumer data.

Privacy

Privacy Data Privacy GDPR Personal data

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024

Thales Cloud Protection & Licensing

OCTOBER 24, 2024

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024 madhav Fri, 10/25/2024 - 06:09 The next major deadline for compliance with the updated cybersecurity rules from the New York State Department of Financial Services (NYDFS) is November 1, 2024.

Cybersecurity

Cybersecurity Financial Services Encryption Compliance

Microsoft warns of multi-stage AiTM phishing and BEC attacks

Security Affairs

JUNE 11, 2023

Microsoft researchers warn of banking adversary-in-the-middle (AitM) phishing and BEC attacks targeting banking and financial organizations. Microsoft discovered multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attacks against banking and financial services organizations.

Phishing

Phishing Financial Services Passwords Authentication

New Trickbot module implements Remote App Credential-Grabbing features

Security Affairs

FEBRUARY 18, 2019

The new variant is being spread via spam emails that pose as tax-incentive notification purporting to be from the financial services company Deloitte. ” concludes the analysis. The new strain of the Trickbot banking trojan that a updated info-stealing module. llows it to harvest remote desktop application credentials.

Passwords

Passwords Financial Services Encryption Authentication

2024 Thales Global Data Threat Report: Trends in Financial Services

'Hack-for-Hire' Groups Spoof WHO Emails to Steal Data

Webinars

Trending Sources

Vendor Email Compromise Attacks Against Financial Services Surge 137% Last Year

Webinars

EventBot, a new Android mobile targets financial institutions across Europe

Why Marketing Compliance for Financial Services Is A Big Deal

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Analysis: Fallout From the Snowden Memoir

Microsoft seized 240 sites used by the ONNX phishing service

Financial Services Industry Experiences a Massive Increase in Brand Abuse

SharkBot, a new Android Trojan targets banks in Europe

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

BlackCocaine Ransomware, a new malware in the threat landscape

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

6 benefits of data lineage for financial services

Corporate Finance firms leak 500K+ legal and financial documents online

NY Charges First American Financial for Massive Data Leak

Half of all Financial Services Cyber Attacks Start with a Very Costly Phish

American Insurance firm State Farm victim of credential stuffing attacks

Mitigating the impact of climate change in insurance and other financial services

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Twitter Hack Analysis Drives Calls for Greater Security Regulation

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

Resecurity Released a 2024 Cyber Threat Landscape Forecast

LockFile Ransomware uses a new intermittent encryption technique

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Hundreds of malicious Chrome browser extensions used to spy on you!

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw

BingoMod Android RAT steals money from victims’ bank accounts and wipes data

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Google TAG report Q1 details about nation-state hacking and disinformation

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

An ongoing Qbot campaign targeted customers of tens of US banks

Experts linked ransomware attacks to China-linked APT27

Critical RCE affects older Diebold Nixdorf ATMs

New Anti Anti-Money Laundering Services for Crooks

The importance of data quality in Financial Services

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024

Microsoft warns of multi-stage AiTM phishing and BEC attacks

New Trickbot module implements Remote App Credential-Grabbing features

Stay Connected