2014, Analysis and Financial Services - Information Management Today

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

According to a filing (PDF) by the New York State Department of Financial Services (DFS), the weakness that exposed the documents was first introduced during an application software update in May 2014 and went undetected for years. The documents were available without authentication to anyone with a Web browser.

Insurance

Insurance Financial Services Mining Access

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe.

Financial Services

Financial Services Libraries Encryption Authentication

Corporate Finance firms leak 500K+ legal and financial documents online

Security Affairs

MARCH 17, 2020

Advantage and Argus seem to be the same company working under two different names, they offer funding and startup capital to business owners without access to traditional lending and financial services. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Financial Services

Financial Services Access Privacy Security

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

Security Affairs

DECEMBER 26, 2018

Researchers at Menlo Labs uncovered a malicious email campaign targeting employees of banks and financial services companies abusing Google Cloud Storage. ” reads the analysis published by security researchers at Menlo. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Cloud

Cloud Financial Services Archiving Phishing

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. billion per month.

Insurance

Insurance Data breaches Financial Services Passwords

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

OCTOBER 6, 2021

Agent Tesla , first discovered in late 2014, is an extremely popular “malware-as-a-service” Remote Access Trojan (RAT) tool used by threat actors to steal information such as credentials, keystrokes, clipboard data and other information from its operators’ targets.

Financial Services

Financial Services Retail Education Information Security

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were used in a massive surveillance campaign aimed at users working in the financial services, oil and gas, media and entertainment, healthcare, government organizations, and pharmaceuticals. ” reads the analysis published by Awake Security. Pierluigi Paganini.

Healthcare

Healthcare Financial Services Communications Security

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Security Affairs

FEBRUARY 26, 2019

” reads the technical analysis published by Ambionics security. Hackers targeted dozens of Imperva’s customers, including organizations in the government and financial services sectors. ” reads the analysis published by Imperva. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Financial Services

Financial Services CMS Government Security

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

Security Affairs

MARCH 19, 2020

.” The module appears to be under development, but experts pointed out that threat actors already used it to target organizations, mostly in telecoms, education, and financial services sectors. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Financial Services

Financial Services Education Communications IT

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Blockchain analysis firm Chainalysis estimates that in 2021 alone, Conti extorted more than USD $100 million from its hacking victims; Chainalysis estimates Ryuk extorted more than USD $150 million from its ransomware victims. .” Sachkov remains imprisoned in Russia pending his treason trial. This is not the U.S.

Ransomware

Ransomware Government Cybersecurity Blockchain

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Security Affairs

APRIL 10, 2019

Update to security note release on January 2019 Patch Day: [ CVE-2018-2484 ] Missing Authorization check in SAP Enterprise Financial Services. ” reads the analysis published by security firm Onapsis. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. by CVSS base score.

Security

Security Financial Services Risk Access

Critical RCE affects older Diebold Nixdorf ATMs

Security Affairs

JUNE 9, 2019

The experts explained that had access to an ATM of Diebold vendor and started analyzing the machine a simple PC running Windows OS and exposing some services implemented by the ATM provider. The focused their analysis on the Spiservice service listening on post 8043. ” reads the post published by the experts.

Libraries

Libraries Communications Financial Services Risk

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

financial institutions and two banks in Canada and the Netherlands. “Analysis of the latest Qbot campaign shows that it is mainly focused on the United States (see Figure 1), targeting approximately 36 U.S. financial institutions and two banks in Canada and the Netherlands;” reads the report published by F5 Labs.

Phishing

Phishing Financial Services Personal data Security

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

” reads the analysis published by Proofpoint. ” The TA505 group was first spotted by Proofpoint back 2017, it has been active at least since 2015 and targets organizations in financial and retail industries. ” reads the analysis published by Proofpoint. Pierluigi Paganini.

IT

IT Financial Services Retail Ransomware

“Cryptoassets are here to stay”: EU Authorities to Provide Guidance on Cryptocurrencies and ICOs

Data Matters

SEPTEMBER 12, 2018

As part of the public discussion, the Commission, the European Securities and Markets Authority (ESMA), the European Banking Authority (EBA) and the UK Financial Conduct Authority (FCA) were present to provide their thoughts. Firms interested in cryptoassets should watch for EU regulatory guidance later this year. 3 Available at [link].

Financial Services

Financial Services Marketing Privacy IT

New Trickbot module implements Remote App Credential-Grabbing features

Security Affairs

FEBRUARY 18, 2019

The new variant is being spread via spam emails that pose as tax-incentive notification purporting to be from the financial services company Deloitte. ” concludes the analysis. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Passwords

Passwords Financial Services Encryption Authentication

eIDAS 2.0 REGULATION WILL CHANGE IDP USE CASES INCLUDING ID CAPTURE IN THE EU

Info Source

JULY 18, 2023

The EC initiated the European electronic Identification, Authentication and trust Services initiative (eIDAS Regulation). 910/2014 was implemented on July 23, 2014 by the European Parliament and Council. The initial Regulation (EU) No.

Authentication

Authentication e-Delivery B2C Marketing

Malware researchers analyzed an intriguing Java ATM Malware

Security Affairs

JULY 30, 2019

Experts spotted a Java ATM malware that was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. In that case, the malware was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. Introduction. Static strings embedded into HTTP server code.

Financial Services

Financial Services Communications Access IT

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. ” reads the analysis published by ESET. According to the experts the nation-state actors leverage stolen security certificates from two separate, legitimate South Korean companies. .

Financial Services

Financial Services Phishing Government Security

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

defense contractors and financial services firms worldwide. ” reads the analysis published by Kaspersky. Further details including IoCs are reported in the analysis published by the experts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes Kaspersky.

Communications

Communications Financial Services Phishing Encryption

Identifying E-signature Requirements to Accelerate Digital Adoption and Meet Global Compliance

AIIM

OCTOBER 15, 2018

Hence the concept of electronic identification and trust services ( eIDAS ) as defined in EU regulation 910/2014 is centered around trust and security and certificate-based signing. Go for a holistic four-dimensional requirements analysis.

Compliance

Compliance Insurance Digital transformation Authentication

FFIEC Announces Plans to Update Cybersecurity Guidance in Wake of Cybersecurity Assessments

Hunton Privacy

NOVEMBER 4, 2014

The Report also contains observations on the overall cybersecurity preparedness of financial institutions, including findings on the current risk management, governance, threat intelligence, cybersecurity controls, incident response, and third party management practices of financial institutions.

Cybersecurity

Cybersecurity Financial Services Risk Government

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Other industry standards too can have the force of “pseudo-law” – notably, the NIST Cybersecurity Framework, which federal regulators often apply to financial-services firms and government contractors. A] lot of companies [still] do the compliance auditing and analysis piece manually,” said Luria.

Data Privacy

Data Privacy Compliance Privacy Security

Emissary Panda updated its weapons for attacks in the past 2 years

Security Affairs

MARCH 1, 2019

defense contractors , financial services firms, and a national data center in Central Asia. ” continues the analysis. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. “ SysUpdate Main employs HTTP communications and uses the hard-coded User-Agent “Mozilla/5.0 Windows NT 6.3;

IT

IT File names Financial Services Communications

September 2018 Security Notes address a total of 14 flaws in SAP products

Security Affairs

SEPTEMBER 12, 2018

Other SAP products addressed with the Security Notes are Business One, BEx Web Java Runtime Export Web Service, HANA, WebDynpro, NetWeaver AS Java, Hybris Commerce, Plant Connectivity, Adaptive Server Enterprise, HCM Fiori “People Profile” (GBX01HR), Mobile Platform, Enterprise Financial Services, and Business One Android application.

Security

Security Financial Services Libraries Authentication

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

FEBRUARY 6, 2015

Conducted by the SEC Office of Compliance Inspections and Examinations (“OCIE”) from 2013 through April 2014, the examinations inspected the cybersecurity practices of 57 registered broker-dealers and 49 registered investment advisers through interviews and document reviews.

Cybersecurity

Cybersecurity Insurance Financial Services Risk

Was RI Advice a watershed for cybersecurity law in Australia or a damp squib?

Data Protection Report

MAY 25, 2022

The decision has been labelled as a watershed decision in Australia – a ‘first of its kind’ case that puts financial services firms, and more broadly, corporate Australia, on notice that failures to adequately understand and manage cybersecurity and cyber resilience risks will no longer be tolerated by Australia’s regulatory agencies.

Cybersecurity

Cybersecurity Risk Financial Services Retail

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

ybercriminals behind the PerSwaysion campaign gained access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups. The detailed technical analysis of PerSwaysion operations and attack scheme is available in Group-IB’s blog post. Who are “The PerSwayders”?

Phishing

Phishing Financial Services Cloud Authentication

Google TAG report Q1 details about nation-state hacking and disinformation

Security Affairs

MAY 28, 2020

Google Threat Analysis Group (TAG) has published today its first TAG quarterly report that analyzes rising trends in nation-state and financially motivated attacks. The Google Threat Analysis Group (TAG) is a group inside the Google’s security team that tracks operations conducted by nation-state actors and cybercrime groups.

Financial Services

Financial Services Government Phishing Marketing

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Although these specific suggestions may seem counterintuitive to some, empirical analysis has found that such requirements hurt rather than enhance information security. The 2018 guidance supplements the SEC’s October 13, 2011, CF Disclosure Guidance: Topic No.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Information Management Today

NY Charges First American Financial for Massive Data Leak

EventBot, a new Android mobile targets financial institutions across Europe

Trending Sources

Corporate Finance firms leak 500K+ legal and financial documents online

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

American Insurance firm State Farm victim of credential stuffing attacks

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Hundreds of malicious Chrome browser extensions used to spy on you!

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Critical RCE affects older Diebold Nixdorf ATMs

An ongoing Qbot campaign targeted customers of tens of US banks

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

“Cryptoassets are here to stay”: EU Authorities to Provide Guidance on Cryptocurrencies and ICOs

New Trickbot module implements Remote App Credential-Grabbing features

eIDAS 2.0 REGULATION WILL CHANGE IDP USE CASES INCLUDING ID CAPTURE IN THE EU

Malware researchers analyzed an intriguing Java ATM Malware

Lazarus malware delivered to South Korean users via supply chain attacks

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Identifying E-signature Requirements to Accelerate Digital Adoption and Meet Global Compliance

FFIEC Announces Plans to Update Cybersecurity Guidance in Wake of Cybersecurity Assessments

Security Compliance & Data Privacy Regulations

Emissary Panda updated its weapons for attacks in the past 2 years

September 2018 Security Notes address a total of 14 flaws in SAP products

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Was RI Advice a watershed for cybersecurity law in Australia or a damp squib?

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Google TAG report Q1 details about nation-state hacking and disinformation

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Stay Connected