Analysis and Financial Services - Information Management Today

2024 Thales Global Data Threat Report: Trends in Financial Services

Thales Cloud Protection & Licensing

OCTOBER 14, 2024

2024 Thales Global Data Threat Report: Trends in Financial Services madhav Tue, 10/15/2024 - 05:17 Financial services (FinServ) firms are key players in the global economy. As a result, FinServ organizations have some of the largest cybersecurity budgets and most advanced defenses.

Financial Services

Financial Services Cloud Compliance Authentication

'Hack-for-Hire' Groups Spoof WHO Emails to Steal Data

Data Breach Today

MAY 28, 2020

Google: Hackers Using COVID-19 Phishing Themes to Target Businesses "Hack-for-hire" groups operating in India are spoofing World Health Organization emails to steal credentials from financial services and healthcare firms around the world, according to Google's Threat Analysis Group.

Financial Services

Financial Services Phishing

Vendor Email Compromise Attacks Against Financial Services Surge 137% Last Year

KnowBe4

FEBRUARY 2, 2024

Analysis of 2023 attacks shows how the financial services industry had a very bad year, with increases in both vendor email compromise (VEC) and business email compromise (BEC) attacks, targeting millions of dollars using very specific methods.

Financial Services

Financial Services Security awareness Security

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe.

Financial Services

Financial Services Libraries Encryption Authentication

Why Marketing Compliance for Financial Services Is A Big Deal

Hanzo Learning Center

SEPTEMBER 5, 2023

In today's fiercely competitive business landscape, financial services companies, like their counterparts in other industries, rely on advertising and digital marketing strategies to create brand recognition, promote their products and services to potential customers, and engage with their existing client base.

Financial Services

Financial Services Marketing Compliance

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Krebs on Security

DECEMBER 10, 2020

TSYS provides payment processing services, merchant services and other payment solutions, including prepaid debit cards and payroll cards. In 2019, TSYS was acquired by financial services firm Global Payments Inc. NYSE:GPN ].

Ransomware

Ransomware Financial Services Access IT

Analysis: Fallout From the Snowden Memoir

Data Breach Today

SEPTEMBER 20, 2019

Also featured: An update on Lumen PDF's breach disclosure; insights on financial services identity management issues. The latest edition of the ISMG Security Report features a discussion of the controversies surrounding the release of whistleblower Edward Snowden's memoir.

Financial Services

Financial Services Security

Microsoft seized 240 sites used by the ONNX phishing service

Security Affairs

NOVEMBER 23, 2024

Abanoub Nady (known online as “MRxC0DER”) developed and sold “do it yourself” phish kits and fraudulently used the brand name “ONNX” to sell these services.” ” reads the analysis published by Microsoft. Microsoft states that phishing heavily targets financial services, risking losses like life savings.

Phishing

Phishing Financial Services Risk Access

Financial Services Industry Experiences a Massive Increase in Brand Abuse

KnowBe4

OCTOBER 4, 2024

Industry analysis of the domains used behind phishing and brand impersonation attacks show financial institutions are being leveraged at an alarming rate.

Financial Services

Financial Services Phishing

SharkBot, a new Android Trojan targets banks in Europe

Security Affairs

NOVEMBER 15, 2021

The malware implements multiple anti-analysis techniques, including string obfuscation routine, emulator detection and a domain generation algorithm (DGA). ” reads the analysis published by the researchers. ” SharkBot abuses Accessibility Service to carry out ATS attacks inside the infected device. .

Financial Services

Financial Services Access Security IT

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

Security Affairs

DECEMBER 26, 2018

Researchers at Menlo Labs uncovered a malicious email campaign targeting employees of banks and financial services companies abusing Google Cloud Storage. ” reads the analysis published by security researchers at Menlo. The spam campaign uses messages including links that point to archive files such as.zip or.gz.

Cloud

Cloud Financial Services Archiving Phishing

BlackCocaine Ransomware, a new malware in the threat landscape

Security Affairs

JUNE 5, 2021

Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021, by Nucleus Software, an India-based IT company in the Banking and Financial Services sector. Nucleus Software declared that it does not store customers’ financial data. ” reads the post published by Cyble.

Ransomware

Ransomware Encryption File names Financial Services

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

Security Affairs

DECEMBER 15, 2023

Resecurity’s HUNTER (HUMINT) unit spotted the BianLian , White Rabbit , and Mario ransomware gangs collaborating in a joint extortion campaign targeting publicly-traded financial services firms. This is why it is critical to share such intelligence for further analysis with the broader cybersecurity community.

Ransomware

Ransomware Financial Services Cybersecurity Passwords

Mitigating the impact of climate change in insurance and other financial services

IBM Big Data Hub

MARCH 25, 2024

For other financial services firms outside of the insurance sector, property accepted as loan security might face climate-related risks as well. Across the financial sector, there are transition risks to consider as we move to a low-carbon economy. Financial services firms can use the tool for “what if?”

Financial Services

Financial Services Insurance Risk Agriculture

Corporate Finance firms leak 500K+ legal and financial documents online

Security Affairs

MARCH 17, 2020

Advantage and Argus seem to be the same company working under two different names, they offer funding and startup capital to business owners without access to traditional lending and financial services. The researchers discovered the unsecured database in December 2019.

Financial Services

Financial Services Access Privacy Security

6 benefits of data lineage for financial services

IBM Big Data Hub

FEBRUARY 26, 2024

The financial services industry has been in the process of modernizing its data governance for more than a decade. How can banks, credit unions, and financial advisors keep up with demanding regulations while battling restricted budgets and higher employee turnover? One often-overlooked area of impact analysis is IT resilience.

Financial Services

Financial Services Cloud Metadata Digital transformation

Half of all Financial Services Cyber Attacks Start with a Very Costly Phish

KnowBe4

SEPTEMBER 23, 2024

New analysis of attacks on the financial sector shows that the combination of phishing emails and compromised credentials is a recurring — and financially impactful — threat.

Financial Services

Financial Services Phishing Security

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. billion per month.

Insurance

Insurance Data breaches Financial Services Passwords

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

According to a filing (PDF) by the New York State Department of Financial Services (DFS), the weakness that exposed the documents was first introduced during an application software update in May 2014 and went undetected for years. The documents were available without authentication to anyone with a Web browser.

Insurance

Insurance Financial Services Mining Access

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

” reads the analysis published by Lumen Technologies. The experts were able to enumerate the C2s and targets of multiple distinct Chaos clusters, some of which were employed in recent DDoS attacks against the gaming, financial services and technology, and media and entertainment industries. ” continues the report.

Mining

Mining Financial Services IT Security

Twitter Hack Analysis Drives Calls for Greater Security Regulation

Dark Reading

OCTOBER 15, 2020

New York's Department of Financial Services calls for more cybersecurity regulation at social media firms following the "jarringly easy" Twitter breach.

Financial Services

Financial Services Security Cybersecurity

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Security Affairs

DECEMBER 26, 2023

These projections stem from an in-depth analysis of the underground economy’s evolution on the Dark Web and a thorough examination of significant cybersecurity incidents targeting corporations and governments.

Energy and Utilities

Energy and Utilities Artificial Intelligence Ransomware Data breaches

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

This trick can be successful against ransomware detection software that relies on inspecting content using statistical analysis to detect encryption.” ransomware: The victims of the Lockfile ransomware gang are in the manufacturing, financial services, engineering, legal, business services, and travel and tourism sectors.

Encryption

Encryption Ransomware Financial Services Manufacturing

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Security Affairs

APRIL 10, 2019

Update to security note release on January 2019 Patch Day: [ CVE-2018-2484 ] Missing Authorization check in SAP Enterprise Financial Services. ” reads the analysis published by security firm Onapsis. CVE-2019-0279 ] Missing Authorization check for ABAP INST function module. [

Security

Security Financial Services Risk Access

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were used in a massive surveillance campaign aimed at users working in the financial services, oil and gas, media and entertainment, healthcare, government organizations, and pharmaceuticals. ” reads the analysis published by Awake Security.

Healthcare

Healthcare Financial Services Security Communications

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

” reads the analysis published by Proofpoint. ” The TA505 group was first spotted by Proofpoint back 2017, it has been active at least since 2015 and targets organizations in financial and retail industries. ” reads the analysis published by Proofpoint.

IT

IT Financial Services Ransomware Retail

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Security Affairs

FEBRUARY 26, 2019

” reads the technical analysis published by Ambionics security. Hackers targeted dozens of Imperva’s customers, including organizations in the government and financial services sectors. ” reads the analysis published by Imperva. ” reads the post from Imperva.

Financial Services

Financial Services CMS Government Security

BingoMod Android RAT steals money from victims’ bank accounts and wipes data

Security Affairs

JULY 31, 2024

. “These techniques have several advantages: they require less skilled developers, expand the malware’s target base to any bank, and bypass various behavioural detection countermeasures put in place by multiple banks and financial services.”

Authentication

Authentication Financial Services Communications Access

Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw

Security Affairs

NOVEMBER 8, 2021

” reads the analysis published by Palo Alto Networks. The analysis of the global telemetry from Palo Alto Networks revealed that attackers targeted at least 370 Zoho ManageEngine servers in the United States alone. ” continues the analysis.

Communications

Communications Blockchain Passwords Financial Services

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017.

Financial Services

Financial Services Cybersecurity Compliance Government

Critical RCE affects older Diebold Nixdorf ATMs

Security Affairs

JUNE 9, 2019

The experts explained that had access to an ATM of Diebold vendor and started analyzing the machine a simple PC running Windows OS and exposing some services implemented by the ATM provider. The focused their analysis on the Spiservice service listening on post 8043. ” reads the post published by the experts.

Libraries

Libraries Communications Financial Services Security

Experts linked ransomware attacks to China-linked APT27

Security Affairs

JANUARY 4, 2021

defense contractors , financial services firms, and a national data center in Central Asia. “Combining all the links we discovered during our analysis of our incident, it is not out of the question that Winnti is behind the Clambling backdoor, or at least a sub-group operating under the Winnti umbrella.”

Ransomware

Ransomware Encryption Financial Services Cybersecurity

New Anti Anti-Money Laundering Services for Crooks

Krebs on Security

AUGUST 13, 2021

“To date, this type of analysis has been used primarily by regulated financial service providers.” . “It is also significant because it makes blockchain analytics available to the public for the first time,” Robinson wrote. ” That may not be entirely true.

Blockchain

Blockchain Analytics Marketing Ransomware

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

JANUARY 28, 2024

Scientists at NTT Research are working on an advanced type of cryptography that enables businesses to perform aggregate data analysis on user data — without infringing upon individual privacy rights. Both regulations have profound implications for companies seeking to collect and apply aggregate statistical analysis to consumer data.

Privacy

Privacy Data Privacy GDPR Personal data

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024

Thales Cloud Protection & Licensing

OCTOBER 24, 2024

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024 madhav Fri, 10/25/2024 - 06:09 The next major deadline for compliance with the updated cybersecurity rules from the New York State Department of Financial Services (NYDFS) is November 1, 2024.

Cybersecurity

Cybersecurity Financial Services Encryption Compliance

Microsoft warns of multi-stage AiTM phishing and BEC attacks

Security Affairs

JUNE 11, 2023

Microsoft researchers warn of banking adversary-in-the-middle (AitM) phishing and BEC attacks targeting banking and financial organizations. Microsoft discovered multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attacks against banking and financial services organizations.

Phishing

Phishing Financial Services Passwords Authentication

New Trickbot module implements Remote App Credential-Grabbing features

Security Affairs

FEBRUARY 18, 2019

The new variant is being spread via spam emails that pose as tax-incentive notification purporting to be from the financial services company Deloitte. ” concludes the analysis. The new strain of the Trickbot banking trojan that a updated info-stealing module. llows it to harvest remote desktop application credentials.

Passwords

Passwords Financial Services Encryption Authentication

Accelerate hybrid cloud transformation through IBM Cloud for Financial Service Validation Program

IBM Big Data Hub

APRIL 4, 2024

IBM has created the solution for this problem with its Financial Services Cloud offering, and its ISV Financial Services validation program, which is designed to de-risk the partner ecosystem for clients. IBM Cloud Framework for Financial services is uniquely positioned for that, meeting all these requirements.

Financial Services

Financial Services Cloud Compliance Digital transformation

Malware researchers analyzed an intriguing Java ATM Malware

Security Affairs

JULY 30, 2019

Experts spotted a Java ATM malware that was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. In that case, the malware was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. Introduction. Static strings embedded into HTTP server code.

Financial Services

Financial Services Communications Access IT

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

defense contractors and financial services firms worldwide. ” reads the analysis published by Kaspersky. Further details including IoCs are reported in the analysis published by the experts. The APT group has been active since at least 2010, the crew targeted U.S. ” concludes Kaspersky.

Communications

Communications Financial Services Government Phishing

FiXS, a new ATM malware that is targeting Mexican banks

Security Affairs

MARCH 4, 2023

XFS (extensions for financial services) provides a client-server architecture for financial applications on the Microsoft Windows platform, especially peripheral devices such as EFTPOS terminals and ATMs which are unique to the financial industry. ” reads the analysis published by the experts.

Metadata

Metadata Financial Services IT Access

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

The operation targeted many organizations in critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. organizations since 2020.

Ransomware

Ransomware Cybersecurity Agriculture Education

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

” reads the analysis published by ESET. The attackers are attempting to exploit the need to install additional security software when South Korean users visit government or financial services websites. . The WIZVERA VeraPort integration installation program is used to manage additional security software (e.g.,

Financial Services

Financial Services Security Government Phishing

The largest Russian bank Sberbank hit by a massive DDoS attack

Security Affairs

NOVEMBER 9, 2023

Sberbank , the Russian banking and financial services giant, announced that it was recently hit by a record-breaking distributed denial of service (DDoS) attack that reached 1 million RPS. We provide further analysis of this new Rapid Reset technique and discuss the evolution of Layer 7 attacks in a companion blog.”

Personal data

Personal data Financial Services Marketing Cloud

2024 Thales Global Data Threat Report: Trends in Financial Services

'Hack-for-Hire' Groups Spoof WHO Emails to Steal Data

Webinars

Trending Sources

Vendor Email Compromise Attacks Against Financial Services Surge 137% Last Year

Webinars

EventBot, a new Android mobile targets financial institutions across Europe

Why Marketing Compliance for Financial Services Is A Big Deal

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Analysis: Fallout From the Snowden Memoir

Microsoft seized 240 sites used by the ONNX phishing service

Financial Services Industry Experiences a Massive Increase in Brand Abuse

SharkBot, a new Android Trojan targets banks in Europe

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

BlackCocaine Ransomware, a new malware in the threat landscape

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

Mitigating the impact of climate change in insurance and other financial services

Corporate Finance firms leak 500K+ legal and financial documents online

6 benefits of data lineage for financial services

Half of all Financial Services Cyber Attacks Start with a Very Costly Phish

American Insurance firm State Farm victim of credential stuffing attacks

NY Charges First American Financial for Massive Data Leak

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Twitter Hack Analysis Drives Calls for Greater Security Regulation

Resecurity Released a 2024 Cyber Threat Landscape Forecast

LockFile Ransomware uses a new intermittent encryption technique

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Hundreds of malicious Chrome browser extensions used to spy on you!

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

BingoMod Android RAT steals money from victims’ bank accounts and wipes data

Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Critical RCE affects older Diebold Nixdorf ATMs

Experts linked ransomware attacks to China-linked APT27

New Anti Anti-Money Laundering Services for Crooks

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024

Microsoft warns of multi-stage AiTM phishing and BEC attacks

New Trickbot module implements Remote App Credential-Grabbing features

Accelerate hybrid cloud transformation through IBM Cloud for Financial Service Validation Program

Malware researchers analyzed an intriguing Java ATM Malware

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

FiXS, a new ATM malware that is targeting Mexican banks

Cybersecurity agencies published a joint LockBit ransomware advisory

Lazarus malware delivered to South Korean users via supply chain attacks

The largest Russian bank Sberbank hit by a massive DDoS attack

Stay Connected