Financial Services, Phishing and Security - Information Management Today

Microsoft seized 240 sites used by the ONNX phishing service

Security Affairs

NOVEMBER 23, 2024

Microsoft disrupted the ONNX phishing service, seizing 240 sites and naming an Egyptian man as the operator behind the operation. Microsoft announced the disruption of the ONNX phishing service, another success against cybercrime which led to the seizure of 240 sites. ” reads the analysis published by Microsoft.

Phishing

Phishing Financial Services Risk Access

Phishing Campaigns Target Senior Executives via Office 365

Data Breach Today

MAY 1, 2020

Top Victims Include Financial Services and Law Firms, Group-IB Warns A sophisticated, highly targeted phishing campaign has hit high-level executives at more than 150 businesses, stealing confidential documents and contact lists, says security firm Group-IB.

Phishing

Phishing Financial Services Security

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

Group-IB uncovered a new sophisticated phishing campaign, tracked as PerSwaysion, against high-level executives of more than 150 companies worldwide. . ybercriminals behind the PerSwaysion campaign gained access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups.

Phishing

Phishing Cloud Financial Services Authentication

Webinars

How to Achieve High-Accuracy Results When Using LLMs

Maximizing Profit and Productivity: The New Era of AI-Powered Accounting

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Unmasking 2024’s Email Security Landscape

Security Affairs

FEBRUARY 28, 2024

Analyzing the Email Security Landscape and exploring Emerging Threats and Trends. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year. million as malicious.

Security

Security Phishing Communications Financial Services

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Security Affairs

MAY 10, 2022

“Frappo” acts as a Phishing-as-a-Service and enables cybercriminals the ability to host and generate high-quality phishing pages which impersonate major online banking, e-commerce, popular retailers, and online-services to steal customer data.

Phishing

Phishing Retail Financial Services Data breaches

Microsoft warns of multi-stage AiTM phishing and BEC attacks

Security Affairs

JUNE 11, 2023

Microsoft researchers warn of banking adversary-in-the-middle (AitM) phishing and BEC attacks targeting banking and financial organizations. Microsoft discovered multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attacks against banking and financial services organizations.

Phishing

Phishing Financial Services Passwords Authentication

Fake Microsoft Teams notifications aim at stealing Office365 logins

Security Affairs

MAY 2, 2020

Phishing attacks impersonating notifications from Microsoft Teams targeted as many as 50,000 Teams users to steal Office365 logins. Abnormal Security experts observed two separate phishing attacks impersonating notifications from Microsoft Teams that targeted as many as 50,000 Teams users to steal Office365 logins.

Phishing

Phishing Financial Services Cybersecurity Access

A massive phishing campaign using QR codes targets the energy sector

Security Affairs

AUGUST 16, 2023

A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. “Beginning in May 2023, Cofense has observed a large phishing campaign utilizing QR codes targeting the Microsoft credentials of users from a wide array of industries.” com (Cloudflare’s Web3 services).

Phishing

Phishing Energy and Utilities Insurance Manufacturing

2024 Thales Global Data Threat Report: Trends in Financial Services

Thales Cloud Protection & Licensing

OCTOBER 14, 2024

2024 Thales Global Data Threat Report: Trends in Financial Services madhav Tue, 10/15/2024 - 05:17 Financial services (FinServ) firms are key players in the global economy. Nearly two-thirds (64%) of FinServ said it’s more complex to secure data in the cloud than on-prem, compared to 55% of general respondents.

Financial Services

Financial Services Cloud Compliance Authentication

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

Security Affairs

NOVEMBER 20, 2023

The economically motivated APT group used specially crafted archives in phishing attacks against forum users through online trading forum posts. NSFOCUS Research Labs pointed out that exploitation of the CVE-2023-38831 flaw can be integrated into watering hole and phishing attacks. ” reads the report published by NSFOCUS.

Phishing

Phishing Archiving Financial Services Cybersecurity

OnDemand | From Endpoint to Cloud: 2021 Best Practices for Securing a Data Path

Data Breach Today

MAY 10, 2021

50% of phishing attacks targeting financial services intend on stealing corporate login credentials View this session to learn why mobile threat exposures continue to increase & best practices for mitigating the threats.

Financial Services

Financial Services Cloud Phishing Security

Half of all Financial Services Cyber Attacks Start with a Very Costly Phish

KnowBe4

SEPTEMBER 23, 2024

New analysis of attacks on the financial sector shows that the combination of phishing emails and compromised credentials is a recurring — and financially impactful — threat.

Financial Services

Financial Services Phishing Security

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

Security Affairs

DECEMBER 26, 2018

Researchers at Menlo Labs uncovered a malicious email campaign targeting employees of banks and financial services companies abusing Google Cloud Storage. With this attack scheme, threat actors are able to bypass security controls in place within targeted organizations. ” Menlo Labs concludes.

Cloud

Cloud Financial Services Archiving Phishing

The G7 expresses its concern over ransomware attacks

Security Affairs

OCTOBER 14, 2020

Experts are observing a significant increase in the number of Ransomware attacks against hospitals, financial institutions, schools, and other critical infrastructure in G7 countries. Researchers have observed a surge in COVID-19-related phishing campaign aimed at distributing malware, including ransomware. Pierluigi Paganini.

Ransomware

Ransomware IT Financial Services Data Privacy

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

Researchers uncovered an ongoing campaign delivering the Qbot malware to steal credentials from customers of dozens of US financial institutions. Security researchers at F5 Labs have spotted ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. Pierluigi Paganini.

Phishing

Phishing Financial Services Personal data Security

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July.

Insurance

Insurance Data breaches Financial Services Passwords

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. com — which was created to phish U.S.

Phishing

Phishing Authentication Financial Services Access

Senior Executives Beware: The Rise of EvilProxy Phishing Campaigns

KnowBe4

OCTOBER 5, 2023

Menlo Security warns that a social engineering campaign is using the EvilProxy phishing kit to target senior executives across a range of industries, including banking and financial services, insurance, property management and real estate, and manufacturing.

Phishing

Phishing Financial Services Insurance Manufacturing

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

Security Affairs

SEPTEMBER 9, 2023

Instead of the dialogue, they decided to play tricks with us, they even tried to catch us with phishing. Ragnar Locker ransomware gang claims to have attempted to get in touch with the administration of the MYMC, but someone involved in the discussion with the crooks attempted to unmask them with phishing. Come on guys, seriously?

Ransomware

Ransomware Phishing Encryption Privacy

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs

APRIL 16, 2023

The phishing attacks began in February 2023, the IT giant reported. In 2021, CISA added Remcos to the list of top malware strains due to its use in mass phishing attacks using COVID-19 pandemic themes targeting businesses and individuals. Crooks use lures masquerading as tax documentation sent by a client. LNK) files.

Phishing

Phishing Financial Services Education Cybersecurity

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

Security Affairs

APRIL 3, 2024

Resecurity researchers warn that a new Version of JsOutProx is targeting financial institutions in APAC and MENA via Gitlab abuse. Resecurity has detected a new version of JSOutProx , which is targeting financial services and organizations in the APAC and MENA regions.

Financial Services

Financial Services Phishing IT Information Security

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

The Last Watchdog

MAY 1, 2019

Social engineering, especially phishing, continues to trigger the vast majority of breach attempts. Lucy’s’s software allows companies to easily set-up customizable mock attacks to test employees’ readiness to avoid phishing, ransomware and other attacks with a social engineering component. It is headquartered in Zurich, with a U.S

Phishing

Phishing Financial Services Manufacturing Education

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang.

IT

IT Financial Services Ransomware Retail

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. ransomware and phishing scams).

Ransomware

Ransomware Passwords Encryption Financial Services

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs

DECEMBER 2, 2022

Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint advisory that provides technical details about the gang’s operations, including tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Cuba ransomware. ” reads the report.

Ransomware

Ransomware Financial Services Manufacturing Phishing

Billions of FBS Records Exposed in Online Trading Broker Data Leak

Security Affairs

MARCH 24, 2021

We notified FBS of the breach so they could take appropriate action to secure the data. They got back to us a few days later and secured the server within 30 minutes. User information on online trading platforms should be well secured to prevent similar data leaks. Scams, Phishing and Malware. What’s Going On. Who is FBS.

Passwords

Passwords Access Phishing Authentication

Akamai Report: Credential stuffing attacks are a growing threat

Security Affairs

SEPTEMBER 25, 2018

According to Akamai report titled “[state of the internet] / security CREDENTIAL STUFFING ATTACKS “ the credential stuffing attacks are a growing threat and often underestimated. Credential stuffing attacks involve botnets to try stolen login credentials usually obtained through phishing attacks and data breaches.

Passwords

Passwords Data breaches Financial Services Retail

Financial Services Sector at Risk of More Significant Impacts of Email-Based Cyberattacks

KnowBe4

MARCH 3, 2023

Financial services businesses are already in the sights of cybercriminals, and understanding how cyberattacks impact this sector specifically can help establish the need for improved preventative measures.

Financial Services

Financial Services Risk Phishing Security

Google TAG report Q1 details about nation-state hacking and disinformation

Security Affairs

MAY 28, 2020

The Google Threat Analysis Group (TAG) is a group inside the Google’s security team that tracks operations conducted by nation-state actors and cybercrime groups. The post Google TAG report Q1 details about nation-state hacking and disinformation appeared first on Security Affairs. Pierluigi Paganini.

Financial Services

Financial Services Government Phishing Marketing

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

NOVEMBER 19, 2021

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family.

IT

IT Passwords Authentication Phishing

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security. However, despite the critical status of bank infrastructure on the national level, the security of crucial data was not ensured. million files belonging to ICICI Bank. “The

Personal data

Personal data Phishing Risk Communications

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Security Affairs

SEPTEMBER 1, 2023

EternalBlue is a Windows exploit created by the US National Security Agency (NSA) and used in the 2017 WannaCry ransomware attack. Within this network, there is a vulnerable Windows system that has not been patched with the necessary security updates to protect against EternalBlue. What is the EternalBlue vulnerability?

Phishing

Phishing Ransomware Search queries Access

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. An ad for the OTP interception service/bot “SMSRanger.” The 2fa SMS Buster bot on Telegram.

Passwords

Passwords Authentication Phishing Access

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

North Korea-linked Lazarus APT group is behind new campaigns against South Korean supply chains that leverage stolen security certificates. . Security experts from ESET reported that North-Korea-linked Lazarus APT (aka HIDDEN COBRA ) is behind cyber campaigns targeting South Korean supply chains. ” Pierluigi Paganini.

Financial Services

Financial Services Security Government Phishing

Catches of the Month: Phishing Scams for October 2023

IT Governance

OCTOBER 13, 2023

October is both Cybersecurity Awareness Month in the US and European Cyber Security Month in the EU – twin campaigns on either side of the Atlantic that aim to improve awareness of the importance of cyber security both at work and at home, and provide tips on how to stay secure.

Phishing

Phishing Financial Services Manufacturing Personal data

Ransomware Now Considered a “Crisis” in the Financial Services Sector

KnowBe4

SEPTEMBER 28, 2023

A recent panel discussion of banking CISOs and experts at the SIBOS conference focused on the current state of ransomware and what institutions should do to protect themselves.

Financial Services

Financial Services Ransomware Security awareness Phishing

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

HL Chronicle of Data Protection

APRIL 17, 2020

Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic. Increased Phishing and Fraud. Remote Working. Third Party Risk.

Financial Services

Financial Services Risk Cybersecurity Phishing

Ransomware at IT Services Provider Synoptek

Krebs on Security

DECEMBER 27, 2019

-based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries , including state and local governments, financial services, healthcare, manufacturing, media, retail and software. A now-deleted Tweet from Synoptek on Dec.

Ransomware

Ransomware IT Phishing Financial Services

Solid Data Security: The Foundation of a Safe Digital World

Thales Cloud Protection & Licensing

OCTOBER 16, 2024

Solid Data Security: The Foundation of a Safe Digital World madhav Thu, 10/17/2024 - 04:58 It’s that time of year again. This year’s theme, “Secure Our World,” encourages people to safeguard the digital assets that are instrumental to their personal and professional lives. Oh, and it’s Cybersecurity Awareness Month. The result?

Security

Security Encryption Data breaches Cybersecurity

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

Security experts observed the LuckyMouse APT group using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks. defense contractors and financial services firms worldwide. The malware is distributed through already compromised networks instead of leveraging spear-phishing messages.

Communications

Communications Financial Services Government Phishing

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

Thales Cloud Protection & Licensing

AUGUST 31, 2022

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor. However, all this attention from cyber criminals, as well as regulators and governments, has produced an extremely resilient industry with some of the best cyber security practices of any sector. Thu, 09/01/2022 - 05:15.

Financial Services

Financial Services Cybersecurity Cloud Computer and Electronics

How Can We Secure The Future of Digital Payments?

Thales Cloud Protection & Licensing

JANUARY 10, 2022

How Can We Secure The Future of Digital Payments? The financial services ecosystem has evolved tremendously over the past few years driven by a surge in the adoption of digital payments. Without it, it’s close to impossible for an organization to act securely and in accordance with rules and regulations.

Retail

Retail Security Financial Services Authentication

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR (among other legal requirements in the EU and elsewhere) can expose multinational organizations to hefty financial penalties, additional rules for disclosing data breaches, and increased scrutiny of the adequacy of their data security.

Data Privacy

Data Privacy Compliance Privacy Security

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Hunton Privacy

APRIL 22, 2020

On April 13, 2020, the New York Department of Financial Services (“NYDFS”) issued guidance (“April guidance”) to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic.

Financial Services

Financial Services Cybersecurity Risk Phishing

Microsoft seized 240 sites used by the ONNX phishing service

Phishing Campaigns Target Senior Executives via Office 365

Webinars

Trending Sources

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Webinars

Unmasking 2024’s Email Security Landscape

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Microsoft warns of multi-stage AiTM phishing and BEC attacks

Fake Microsoft Teams notifications aim at stealing Office365 logins

A massive phishing campaign using QR codes targets the energy sector

2024 Thales Global Data Threat Report: Trends in Financial Services

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

OnDemand | From Endpoint to Cloud: 2021 Best Practices for Securing a Data Path

Half of all Financial Services Cyber Attacks Start with a Very Costly Phish

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

The G7 expresses its concern over ransomware attacks

An ongoing Qbot campaign targeted customers of tens of US banks

American Insurance firm State Farm victim of credential stuffing attacks

Disneyland Malware Team: It’s a Puny World After All

Senior Executives Beware: The Rise of EvilProxy Phishing Campaigns

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

Remcos RAT campaign targets US accounting and tax return preparation firms

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Avoslocker ransomware gang targets US critical infrastructure

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Billions of FBS Records Exposed in Online Trading Broker Data Leak

Akamai Report: Credential stuffing attacks are a growing threat

Financial Services Sector at Risk of More Significant Impacts of Email-Based Cyberattacks

Google TAG report Q1 details about nation-state hacking and disinformation

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Multinational ICICI Bank leaks passports and credit card numbers

UNRAVELING EternalBlue: inside the WannaCry’s enabler

The Rise of One-Time Password Interception Bots

Lazarus malware delivered to South Korean users via supply chain attacks

Catches of the Month: Phishing Scams for October 2023

Ransomware Now Considered a “Crisis” in the Financial Services Sector

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

Ransomware at IT Services Provider Synoptek

Solid Data Security: The Foundation of a Safe Digital World

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

How Can We Secure The Future of Digital Payments?

Security Compliance & Data Privacy Regulations

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Stay Connected