Financial Services, Government and Security - Information Management Today

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 19, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Ransomware Financial Services

U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours

Security Affairs

NOVEMBER 20, 2021

banking regulators this week approved a rule that obliges banks to report any major cybersecurity incidents to the government within 36 hours of discovery. Major cybersecurity incidents are attacks that impact operations of the victims or the stability of the US financial sector. Follow me on Twitter: @securityaffairs and Facebook.

Cybersecurity

Cybersecurity Financial Services Insurance Ransomware

Emissary Panda APT group hit Government Organizations in the Middle East

Security Affairs

MAY 30, 2019

Chinese Cyber-Spies Target Government Organizations in Middle East. Chinese APT group Emissary Panda has been targeting government organizations in two different countries in the Middle East. defense contractors , financial services firms, and a national data center in Central Asia.

Government

Government Financial Services Security Cybersecurity

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Unmasking 2024’s Email Security Landscape

Security Affairs

FEBRUARY 28, 2024

Analyzing the Email Security Landscape and exploring Emerging Threats and Trends. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year. million as malicious.

Security

Security Phishing Communications Financial Services

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Ransomware Artificial Intelligence

Papua New Guinea ‘s finance ministry was hit by a ransomware

Security Affairs

OCTOBER 29, 2021

A ransomware attack hit Papua New Guinea ‘s finance ministry and disrupted government payments and operations. Government officials confirmed that Papua New Guinea’s finance ministry was hit by a ransomware attack that disrupted government payments and operations. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware

Ransomware Financial Services Government Data breaches

Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 10, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Data breaches Phishing

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Security Affairs

MAY 24, 2023

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against four entities and one individual for their role in malicious cyber operations conducted to support the government of North Korea. ” reads the announcement. correspondent or payable-through account sanctions.”

Government

Government Military Financial Services Security

Data Protection in Financial Services Week 2022

Data Matters

FEBRUARY 25, 2022

Sidley and OneTrust DataGuidance are pleased to announce that registration is now open for their annual Data Protection in Financial Services (DPFS) Week. Join us from February 28 – March 3 for DPFS Week 2022 , a series of webinars looking at the impacts of data privacy across the financial sector.

Financial Services

Financial Services Privacy Data Privacy Cybersecurity

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

The Last Watchdog

MARCH 24, 2025

Quantum computings ability to break todays encryption may still be years awaybut security leaders cant afford to wait. Forresters The Future of Quantum Security makes it clear: the transition to quantum-safe cryptography must start now. So where should security leaders focus? Why is that a dangerous mindset?

Encryption

Encryption Financial Services Risk Libraries

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Security Affairs

DECEMBER 26, 2023

Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 100 and government agencies worldwide, has compiled a comprehensive forecast outlining the imminent threats and novel security challenges anticipated in the upcoming year. Cybersecurity company Resecurity has published the 2024 Cyber Threat Landscape Forecast.

Energy and Utilities

Energy and Utilities Artificial Intelligence Ransomware Data breaches

U.S. Indicts North Korean Hackers in Theft of $200 Million

Krebs on Security

FEBRUARY 17, 2021

Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings.

Financial Services

Financial Services Phishing Blockchain Government

LockBit on a Roll – ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

Security Affairs

DECEMBER 4, 2023

According to the report released by Resecurity, a Los Angeles-based company protecting Fortune 500 and governments worldwide, the attack against ICBC may be a precursor for significant malicious cyber activity against global financial system. LockBit specifically targeted ICBC Financial Services (ICBC FS), a wholly owned U.S.

Ransomware

Ransomware Financial Services Marketing Government

Law enforcement operation seized Ragnar Locker group’s infrastructure

Security Affairs

OCTOBER 19, 2023

“As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” reads the FBI’s flash alert.

Ransomware

Ransomware Financial Services Manufacturing Government

US SEC warns investors of ongoing fraudulent communications claiming from the SEC

Security Affairs

NOVEMBER 21, 2021

The Securities and Exchange Commission (SEC) warns investors of attacks impersonating its officials in government impersonator schemes. The Securities and Exchange Commission (SEC) is warning investors of scammers impersonating SEC officials in fraudulent schemes. “Beware of government impersonator schemes.

Communications

Communications Financial Services Government Education

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were used in a massive surveillance campaign aimed at users working in the financial services, oil and gas, media and entertainment, healthcare, government organizations, and pharmaceuticals. ” reads the analysis published by Awake Security. appeared first on Security Affairs.

Healthcare

Healthcare Financial Services Security Communications

Microsoft: Russia-linked SolarWinds hackers breached three new entities

Security Affairs

JUNE 26, 2021

Most of the targeted organizations are IT companies (57%), followed by government organizations (20%). The hackers also targeted non-governmental organizations and think tanks, as well as financial services. The IT giant quickly removed the access and secured the device. . Pierluigi Paganini.

Financial Services

Financial Services Access Passwords Authentication

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. ” reads the report published by Crowdstrike. ” continues the report. Pierluigi Paganini.

Access

Access Financial Services Retail Insurance

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

Microsoft’s Defender team, FS-ISAC , ESET , Lumen’s Black Lotus Labs , NTT , and Broadcom’s cyber-security division Symantec joint the forces and announced today a coordinated effort to take down the command and control infrastructure of the infamous TrickBot botnet. ” reads the post published by Microsoft.

Security

Security Financial Services Ransomware Access

France and Germany will block Facebook’s Libra cryptocurrency

Security Affairs

SEPTEMBER 16, 2019

France and Germany governments announced that they will block Facebook’s Libra cryptocurrency , the news was reported by French finance ministry Bruno Le Maire. “We reads a joint statement issued by the two governments, “I want to be absolutely clear: in these conditions, we cannot authorise the development of Libra on European soil.”

Financial Services

Financial Services Government IT Security

Russia-linked GRU Unit 29155 targeted critical infrastructure globally

Security Affairs

SEPTEMBER 6, 2024

The government expert pointed out that Unit 29155 operates independently from other GRU-affiliated groups like Unit 26165 and Unit 74455. The threat actors targeted critical infrastructure sectors such as government, finance, transportation, energy, and healthcare. Since 2022, the unit focused on disrupting aid efforts for Ukraine.

Financial Services

Financial Services Government IoT Communications

Securely Moving Financial Services to the Cloud

Dark Reading

OCTOBER 10, 2023

Financial services organizations migrating applications to the cloud need to think about cloud governance, applying appropriate policies and oversight, and compliance and regulatory requirements.

Financial Services

Financial Services Cloud Compliance Security

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

A report published by security firm Digital Shadows r evealed the availability of more than 15 billion credentials shared on cybercrime marketplaces, paste sites, file sharing services, and code sharing websites. The price depends on the targeted industry, with the local government and financial sectors are the most requested ones.

Marketing

Marketing Passwords Financial Services Access

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

OCTOBER 6, 2021

The majority of intercepted credentials by Agent Tesla related to financial services, online-retailers, e-government systems and personal and business e-mail accounts. . The post Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs appeared first on Security Affairs. Pierluigi Paganini.

Financial Services

Financial Services Retail Education Information Security

Nissan Oceania data breach impacted roughly 100,000 people

Security Affairs

MARCH 14, 2024

Nissan immediately notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre. The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. ” reads the update published by the company.

Data breaches

Data breaches Financial Services Ransomware Government

DIVD discloses three new unpatched Kaseya Unitrends zero-days

Security Affairs

JULY 27, 2021

Experts found three new zero-day flaws in the Kaseya Unitrends service and warn users to avoid exposing the service to the Internet. Security researchers warn of three new zero-day vulnerabilities in the Kaseya Unitrends service. An employee published the alert on an online analyzing platform. Pierluigi Paganini.

Financial Services

Financial Services Authentication Cloud Government

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Security Affairs

FEBRUARY 26, 2019

Last week, Drupal core team released security updates that address a “highly critical” remote code execution vulnerability. reads the security advisory published by Drupal. The flaw was discovered by Samuel Mortenson of the Drupal Security Team. ” reads the technical analysis published by Ambionics security.

Financial Services

Financial Services CMS Government Security

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

Help us #StopRansomware by visiting [link] pic.twitter.com/G5jpxtB0Fw — Cybersecurity and Infrastructure Security Agency (@CISAgov) June 14, 2023 The LockBit ransomware operation was the most active in 2022 and according to the researchers it is one of the most prolific RaaS in 2023. law enforcement). was the prevalent variant in 2023.

Ransomware

Ransomware Cybersecurity Agriculture Education

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. The Amendment also includes new governance requirements and responsibilities applicable to the CISO of all covered entities.

Financial Services

Financial Services Cybersecurity Compliance Government

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs

DECEMBER 2, 2022

Dollars (USD) and received more than $60 million in ransom payments from over 100 victims worldwide as of August 2022, the US government states. entities Financial Services, Government Facilities, Healthcare and Public Health, Critical Manufacturing, and Information Technology. ” reads the report.

Ransomware

Ransomware Financial Services Manufacturing Phishing

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The Budworm cyber espionage group (aka APT27 , Bronze Union , Emissary Panda , Lucky Mouse , TG-3390 , and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S.

File names

File names Financial Services Manufacturing Libraries

Google TAG report Q1 details about nation-state hacking and disinformation

Security Affairs

MAY 28, 2020

The Google Threat Analysis Group (TAG) is a group inside the Google’s security team that tracks operations conducted by nation-state actors and cybercrime groups. Experts confirm that threat actor continues to use COVID-19 lures, the pandemic has taken center stage in the world of government-backed hacking. Pierluigi Paganini.

Financial Services

Financial Services Government Phishing Marketing

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. First American Financial Corp.

Insurance

Insurance Risk Financial Services Mining

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

FEBRUARY 25, 2019

Related: Applying ‘zero trust’ to managed security services. based supplier of identity access management (IAM) systems, which recently announced a partnership with Omada, a Copenhagen-based provider of identity governance administration (IGA) solutions. Governance and attestation quickly became a very big deal.

Access

Access Government Authentication Data breaches

Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365

Security Affairs

NOVEMBER 17, 2019

Security Competition has started, in two days white hat hackers will attempt to exploit flaws in major software. Security Competition has started, white hat hackers will attempt to devise working zero-day exploits for popular software. The Tianfu Cup 2019 International Cyber ??Security The Tianfu Cup 2019 International Cyber ??Security

Financial Services

Financial Services Government Security Cybersecurity

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

Since January 2020, affiliates utilizing LockBit have targeted organizations of diverse sizes spanning critical infrastructure sectors such as financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Financial Services

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

North Korea-linked Lazarus APT group is behind new campaigns against South Korean supply chains that leverage stolen security certificates. . Security experts from ESET reported that North-Korea-linked Lazarus APT (aka HIDDEN COBRA ) is behind cyber campaigns targeting South Korean supply chains. ” Pierluigi Paganini.

Financial Services

Financial Services Security Government Phishing

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Krebs on Security

JULY 1, 2021

Financial services giant Intuit this week informed 1.4 Intuit says the change is tied to an “exciting” and “free” new service that will let millions of small business employees get easy access to employment and income verification services when they wish to apply for a loan or line of credit.

Financial Services

Financial Services Government Authentication IT

Kaseya fixed two of the three Kaseya Unitrends zero-days found in July

Security Affairs

AUGUST 26, 2021

Software firm Kaseya addressed Kaseya Unitrends zero-day vulnerabilities that were reported by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD). On July 26, security researchers warned of three new zero-day vulnerabilities in the Kaseya Unitrends service. Pierluigi Paganini.

Authentication

Authentication Financial Services Cloud Security

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. Consider installing and using a VPN.

Ransomware

Ransomware Passwords Encryption Financial Services

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

. “As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” reads the FBI’s flash alert.

Ransomware

Ransomware Passwords Financial Services Manufacturing

OCR Labs exposes its systems, jeopardizing major banking clients

Security Affairs

APRIL 6, 2023

A digital identification tool provided by OCR Labs to major banks and government agencies leaked sensitive credentials, putting clients at severe risk. Its services are used by companies and financial institutions including BMW, Vodafone, the Australian government, Westpac, ANZ, HSBC, and Virgin Money.

IT

IT Financial Services Access Risk

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

Security Affairs

SEPTEMBER 9, 2023

“As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” reads the FBI’s flash alert.

Ransomware

Ransomware Phishing Encryption Privacy

Tackling Data Sovereignty with DDR

Security Affairs

JUNE 20, 2023

Those who fail to take a proactive approach to secure their data often learn the hard way how vulnerable – and valuable – that data can be. Data sovereignty plays a crucial role in a robust security strategy. When data is sovereign, an organization retains control and ownership over that data.

Compliance

Compliance Cybersecurity Risk Encryption

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours

Webinars

Trending Sources

Emissary Panda APT group hit Government Organizations in the Middle East

Webinars

Unmasking 2024’s Email Security Landscape

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Papua New Guinea ‘s finance ministry was hit by a ransomware

Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Data Protection in Financial Services Week 2022

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

Resecurity Released a 2024 Cyber Threat Landscape Forecast

U.S. Indicts North Korean Hackers in Theft of $200 Million

LockBit on a Roll – ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

Law enforcement operation seized Ragnar Locker group’s infrastructure

US SEC warns investors of ongoing fraudulent communications claiming from the SEC

Hundreds of malicious Chrome browser extensions used to spy on you!

Microsoft: Russia-linked SolarWinds hackers breached three new entities

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Microsoft partnered with other security firms to takedown TrickBot botnet

France and Germany will block Facebook’s Libra cryptocurrency

Russia-linked GRU Unit 29155 targeted critical infrastructure globally

Securely Moving Financial Services to the Cloud

15 billion credentials available in the cybercrime marketplaces

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Nissan Oceania data breach impacted roughly 100,000 people

DIVD discloses three new unpatched Kaseya Unitrends zero-days

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Cybersecurity agencies published a joint LockBit ransomware advisory

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Cuba Ransomware received over $60M in Ransom payments as of August 2022

China-linked Budworm APT returns to target a US entity

Google TAG report Q1 details about nation-state hacking and disinformation

First American Financial Pays Farcical $500K Fine

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365

Operation Cronos: law enforcement disrupted the LockBit operation

Lazarus malware delivered to South Korean users via supply chain attacks

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Kaseya fixed two of the three Kaseya Unitrends zero-days found in July

Avoslocker ransomware gang targets US critical infrastructure

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

OCR Labs exposes its systems, jeopardizing major banking clients

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

Tackling Data Sovereignty with DDR

Stay Connected