2014, Analysis, Financial Services and Security

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. In the days that followed, the DFS and U.S.

Insurance

Insurance Financial Services Mining Access

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR (among other legal requirements in the EU and elsewhere) can expose multinational organizations to hefty financial penalties, additional rules for disclosing data breaches, and increased scrutiny of the adequacy of their data security.

Data Privacy

Data Privacy Compliance Privacy Security

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe.

Financial Services

Financial Services Libraries Encryption Authentication

Corporate Finance firms leak 500K+ legal and financial documents online

Security Affairs

MARCH 17, 2020

Security experts from vpnMentor have discovered two corporate finance companies that leak half a million legal and financial documents online. vpnMentor experts uncovered a database exposed online on Amazon Web Services (AWS) that is leaking a huge amount of sensitive legal and financial documents. Pierluigi Paganini.

Financial Services

Financial Services Access Privacy Security

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Security Affairs

APRIL 10, 2019

SAP released the April 2019 Security Patch Day that is included 6 Security Notes, two of which address High severity flaws in Crystal Reports and NetWeaver. SAP released 6 Security Notes as part of the April 2019 Security Patch Day, two of which address High severity flaws in Crystal Reports and NetWeaver.

Security

Security Financial Services Risk Access

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

Security Affairs

DECEMBER 26, 2018

Researchers at Menlo Labs uncovered a malicious email campaign targeting employees of banks and financial services companies abusing Google Cloud Storage. With this attack scheme, threat actors are able to bypass security controls in place within targeted organizations. ” Menlo Labs concludes. Pierluigi Paganini.

Cloud

Cloud Financial Services Archiving Phishing

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

OCTOBER 6, 2021

Agent Tesla , first discovered in late 2014, is an extremely popular “malware-as-a-service” Remote Access Trojan (RAT) tool used by threat actors to steal information such as credentials, keystrokes, clipboard data and other information from its operators’ targets. Follow me on Twitter: @securityaffairs and Facebook.

Financial Services

Financial Services Retail Education Information Security

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were used in a massive surveillance campaign aimed at users working in the financial services, oil and gas, media and entertainment, healthcare, government organizations, and pharmaceuticals. ” reads the analysis published by Awake Security. appeared first on Security Affairs.

Healthcare

Healthcare Financial Services Communications Security

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. billion per month.

Insurance

Insurance Data breaches Financial Services Passwords

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Also charged with treason was Ruslan Stoyanov , then a senior employee at Russian security firm Kaspersky Lab [the Forbes.ru National Security Agency (NSA). In a major shakeup in 2017, the Kremlin levied treason charges against Sergey Mikhaylov , then deputy chief of Russia’s top anti-cybercrime unit. This is not the U.S.

Ransomware

Ransomware Government Cybersecurity Blockchain

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

Security Affairs

MARCH 19, 2020

Security experts from Bitdefender recently discovered a new TrickBot variant that is targeting telecommunications organizations in the United States and Hong Kong. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Financial Services

Financial Services Education Communications IT

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Security Affairs

FEBRUARY 26, 2019

Last week, Drupal core team released security updates that address a “highly critical” remote code execution vulnerability. reads the security advisory published by Drupal. The flaw was discovered by Samuel Mortenson of the Drupal Security Team. ” reads the technical analysis published by Ambionics security.

Financial Services

Financial Services CMS Government Security

Critical RCE affects older Diebold Nixdorf ATMs

Security Affairs

JUNE 9, 2019

Automated teller machine vendor Diebold Nixdorf has released security updates to address a remote code execution vulnerability in older ATMs. Diebold Nixdorf discovered a remote code execution vulnerability in older ATMs and is urging its customers in installing security updates it has released to address the flaw. Pierluigi Paganini.

Libraries

Libraries Communications Financial Services Risk

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

Researchers uncovered an ongoing campaign delivering the Qbot malware to steal credentials from customers of dozens of US financial institutions. Security researchers at F5 Labs have spotted ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. Pierluigi Paganini.

Phishing

Phishing Financial Services Personal data Security

September 2018 Security Notes address a total of 14 flaws in SAP products

Security Affairs

SEPTEMBER 12, 2018

SAP today just released the September 2018 set of Security Notes that address a total of 14 flaws in its products, including a critical flaw in SAP Business Client. The September 2018 Security Patch Day includes other 13 Security Notes, three were rated High severity, 9 Medium risk, and 1 Low severity. Pierluigi Paganini.

Security

Security Financial Services Libraries Authentication

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

North Korea-linked Lazarus APT group is behind new campaigns against South Korean supply chains that leverage stolen security certificates. . Security experts from ESET reported that North-Korea-linked Lazarus APT (aka HIDDEN COBRA ) is behind cyber campaigns targeting South Korean supply chains.

Financial Services

Financial Services Phishing Government Security

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. ” reads the analysis published by Proofpoint. ” reads the analysis published by Proofpoint. Pierluigi Paganini.

IT

IT Financial Services Retail Ransomware

eIDAS 2.0 REGULATION WILL CHANGE IDP USE CASES INCLUDING ID CAPTURE IN THE EU

Info Source

JULY 18, 2023

The EC initiated the European electronic Identification, Authentication and trust Services initiative (eIDAS Regulation). 910/2014 was implemented on July 23, 2014 by the European Parliament and Council. It also lacked provisions for use of digital ID for private services, or with mobile devices.

Authentication

Authentication e-Delivery B2C Marketing

New Trickbot module implements Remote App Credential-Grabbing features

Security Affairs

FEBRUARY 18, 2019

The new variant is being spread via spam emails that pose as tax-incentive notification purporting to be from the financial services company Deloitte. ” concludes the analysis. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Passwords

Passwords Financial Services Encryption Authentication

“Cryptoassets are here to stay”: EU Authorities to Provide Guidance on Cryptocurrencies and ICOs

Data Matters

SEPTEMBER 12, 2018

As part of the public discussion, the Commission, the European Securities and Markets Authority (ESMA), the European Banking Authority (EBA) and the UK Financial Conduct Authority (FCA) were present to provide their thoughts. Firms interested in cryptoassets should watch for EU regulatory guidance later this year.

Financial Services

Financial Services Marketing Privacy IT

Malware researchers analyzed an intriguing Java ATM Malware

Security Affairs

JULY 30, 2019

Experts spotted a Java ATM malware that was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. In that case, the malware was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. Security Affairs – Java ATM malware, hacking).

Financial Services

Financial Services Communications Access IT

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

Security experts observed the LuckyMouse APT group using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks. defense contractors and financial services firms worldwide. ” reads the analysis published by Kaspersky. We informed the company about the issue via CN-CERT.”

Communications

Communications Financial Services Phishing Encryption

Identifying E-signature Requirements to Accelerate Digital Adoption and Meet Global Compliance

AIIM

OCTOBER 15, 2018

Hence the concept of electronic identification and trust services ( eIDAS ) as defined in EU regulation 910/2014 is centered around trust and security and certificate-based signing. Go for a holistic four-dimensional requirements analysis.

Compliance

Compliance Insurance Digital transformation Authentication

Emissary Panda updated its weapons for attacks in the past 2 years

Security Affairs

MARCH 1, 2019

defense contractors , financial services firms, and a national data center in Central Asia. ” continues the analysis. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Emissary Panda updated its weapons for attacks in the past 2 years appeared first on Security Affairs.

IT

IT File names Financial Services Communications

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

FEBRUARY 6, 2015

On February 3, 2015, the Securities and Exchange Commission (“SEC”) released a Risk Alert , entitled Cybersecurity Examination Sweep Summary, summarizing observations from the recent round of cybersecurity examinations of registered broker-dealers and investment advisers under the Cybersecurity Examination Initiative.

Cybersecurity

Cybersecurity Insurance Financial Services Risk

Was RI Advice a watershed for cybersecurity law in Australia or a damp squib?

Data Protection Report

MAY 25, 2022

In this article we distil critical lessons from the Federal Court’s recent decision in Australian Securities and Investments Commission v RI Advice Group Pty Ltd [1] and practical actions to be taken by Boards and executive management. Introduction.

Cybersecurity

Cybersecurity Risk Financial Services Retail

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

ybercriminals behind the PerSwaysion campaign gained access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups. The detailed technical analysis of PerSwaysion operations and attack scheme is available in Group-IB’s blog post. Who are “The PerSwayders”?

Phishing

Phishing Financial Services Cloud Authentication

Google TAG report Q1 details about nation-state hacking and disinformation

Security Affairs

MAY 28, 2020

Google Threat Analysis Group (TAG) has published today its first TAG quarterly report that analyzes rising trends in nation-state and financially motivated attacks. The Google Threat Analysis Group (TAG) is a group inside the Google’s security team that tracks operations conducted by nation-state actors and cybercrime groups.

Financial Services

Financial Services Government Phishing Marketing

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Recent guidance from the Securities and Exchange Commission (SEC) on disclosure and enforcement actions by the Federal Trade Commission (FTC) make clear that cybersecurity is no longer a niche topic, but a concern significant enough to warrant the oversight of corporate boards of directors. Designing an Enterprise-Level Approach.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Information Management Today

NY Charges First American Financial for Massive Data Leak

Security Compliance & Data Privacy Regulations

Trending Sources

EventBot, a new Android mobile targets financial institutions across Europe

Corporate Finance firms leak 500K+ legal and financial documents online

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Hundreds of malicious Chrome browser extensions used to spy on you!

American Insurance firm State Farm victim of credential stuffing attacks

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Critical RCE affects older Diebold Nixdorf ATMs

An ongoing Qbot campaign targeted customers of tens of US banks

September 2018 Security Notes address a total of 14 flaws in SAP products

Lazarus malware delivered to South Korean users via supply chain attacks

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

eIDAS 2.0 REGULATION WILL CHANGE IDP USE CASES INCLUDING ID CAPTURE IN THE EU

New Trickbot module implements Remote App Credential-Grabbing features

“Cryptoassets are here to stay”: EU Authorities to Provide Guidance on Cryptocurrencies and ICOs

Malware researchers analyzed an intriguing Java ATM Malware

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Identifying E-signature Requirements to Accelerate Digital Adoption and Meet Global Compliance

Emissary Panda updated its weapons for attacks in the past 2 years

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Was RI Advice a watershed for cybersecurity law in Australia or a damp squib?

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Google TAG report Q1 details about nation-state hacking and disinformation

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Stay Connected