Krebs on Security

MAY 3, 2019

A Pennsylvania credit union is suing financial industry technology giant Fiserv , alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers. Most alarmingly, this security control was purely illusory.

Security 180

Security Passwords Financial Services Sales 180

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. But those aren’t the only laws or regulations that affect IT security teams.

Data Privacy 142

Data Privacy Compliance Privacy Security 142

Security Affairs

SEPTEMBER 12, 2018

SAP today just released the September 2018 set of Security Notes that address a total of 14 flaws in its products, including a critical flaw in SAP Business Client. The September 2018 Security Patch Day includes other 13 Security Notes, three were rated High severity, 9 Medium risk, and 1 Low severity.

Security 46

Security Financial Services Libraries Authentication 46

IT Governance

JANUARY 10, 2018

Security in the Digital World outlines these tactics in more detail and looks at how you can protect your organisation. New report reveals technology concerns for financial and public sectors in 2018. Traditional security measures such as firewalls and antivirus software are proving inadequate in the evolving threat landscape.

Customer Experience 84

Customer Experience Financial Services GDPR Phishing 84

Hunton Privacy

SEPTEMBER 1, 2021

Securities and Exchange Commission (“SEC”) announced that it had settled three administrative cases involving a total of eight registered broker-dealers and investment advisers for failures in their cybersecurity policies and procedures. 34-92806 ; and In the Matter of KMS Financial Services, Inc. , Release No.

Cybersecurity 113

Cybersecurity Financial Services Cloud Access 113

The Last Watchdog

SEPTEMBER 21, 2018

It’s rise in popularity has helped drive a new trend for start-ups to go “Cloud Native,” erecting their entire infrastructure, from the ground up, leveraging cloud services like Amazon Web Services, Microsoft Azure and Google Cloud. Security burden. Rising API exposures are another big security concern, by the way.

Cloud 152

Cloud Security Mining Financial Services 152

Krebs on Security

JUNE 18, 2021

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. First American Financial Corp.

Insurance 269

Insurance Risk Financial Services Mining 269

Data Matters

JANUARY 2, 2018

We expect each of these trends to continue in 2018. As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: EU GDPR. The May 25, 2018 effective date for the EU’s General Data Protection Regulation (GDPR) will no doubt be a central focus of 2018. Data breach litigation risks.

Cybersecurity 68

Cybersecurity Privacy Data breaches GDPR 68

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. Like an incident response plan, MFA has become a critical element of cybersecurity programs.

Cybersecurity 157

Cybersecurity Financial Services Authentication Government 157

Security Affairs

APRIL 10, 2019

SAP released the April 2019 Security Patch Day that is included 6 Security Notes, two of which address High severity flaws in Crystal Reports and NetWeaver. SAP released 6 Security Notes as part of the April 2019 Security Patch Day, two of which address High severity flaws in Crystal Reports and NetWeaver.

Security 66

Security Financial Services Risk Access 66

Data Protection Report

JANUARY 18, 2024

NYDFS conducted its first audit of GGT for the period of May 17, 2018 through March 31 2019. 2024 was not a happy new year for Genesis Global Trading, Inc. (“GGT”).

Cybersecurity 109

Cybersecurity Financial Services Compliance Encryption 109

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Financial Services 83

Financial Services Cybersecurity Cloud Security 83

The Last Watchdog

AUGUST 15, 2018

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). Related: How PKI can secure IoT. This makes any personal information and details of financial transactions typed on HTTP web pages easy pickings.

Security 152

Security Encryption Authentication Financial Services 152

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. billion per month.

Insurance 86

Insurance Data breaches Financial Services Passwords 86

Data Protection Report

JUNE 2, 2021

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. NYDFS Cybersecurity Regulation.

Cybersecurity 70

Cybersecurity Insurance Financial Services Phishing 70

The Schedule

AUGUST 22, 2018

Outgoing RMS chair Eira Tansey addresses the joint meeting of the Acquisition & Appraisal and Records Management Sections at SAA’s 2018 annual meeting. ” The first speaker was Lauren Gaines from Thrivent Financial, which is a fraternal benefit society and Fortune 500 financial services organization.

Archiving 58

Archiving FOIA Records Management Compliance 58

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020. NYDFS Cybersecurity Regulation.

Cybersecurity 94

Cybersecurity Financial Services Phishing Compliance 94

The Last Watchdog

NOVEMBER 13, 2018

And innovation is percolating among newer entrants, like PerimeterX, Shape Security and Signal Sciences. This week a new entrant in this field, Cequence Security , formally launched what it describes as a “game-changing” application security platform. Shifting security challenge.

Security 104

Security Digital transformation B2C B2B 104

Security Affairs

MARCH 17, 2020

Security experts from vpnMentor have discovered two corporate finance companies that leak half a million legal and financial documents online. vpnMentor experts uncovered a database exposed online on Amazon Web Services (AWS) that is leaking a huge amount of sensitive legal and financial documents. Pierluigi Paganini.

Financial Services 111

Financial Services Access Privacy Security 111

ForAllSecure

JANUARY 31, 2023

On October 3, 2022, the Federal Financial Institutions Examination Council's ( FFIEC ) updated its 2018 Cybersecurity Resource Guide for Financial Institutions. The guide also serves as an educational resource on the latest security technologies.

Cybersecurity 52

Cybersecurity IT Financial Services Risk 52

Security Affairs

JUNE 11, 2021

million Windows systems between 2018 and 2020. The software includes illegal Adobe Photoshop 2018, a Windows cracking tool, and several cracked games.” million unique email addresses, NordLocker found, for an array of different apps and services. terabyte of stolen data. The database includes 6.6 million computers.

Computer and Electronics 111

Computer and Electronics Archiving Encryption Passwords 111

Data Matters

JUNE 24, 2021

In the Order, the SEC alleges that First American’s disclosures concerning the vulnerability were deficient because senior executives were not provided all available and relevant information, specifically that First American’s information security personnel had identified and failed to remediate the vulnerability months earlier in January 2019.

Cybersecurity 68

Cybersecurity Financial Services Risk Compliance 68

Collibra

FEBRUARY 11, 2020

Regulators are focusing on the data relationships financial services organizations have with third parties, including how well personal information is being managed. There are several areas that the international financial services regulatory community is engaged in that touch on third party personal data relationships.

Financial Services 59

Financial Services Digital transformation Personal data Compliance 59

The Last Watchdog

APRIL 7, 2020

I had the chance to discuss this with Matt Keil, director of product marketing at Cequence Security , a Sunnyvale, Calif.-based based application security vendor that’s in the thick of helping businesses mitigate web application exposures. A security mindset still needs to take hold at many more levels. We spoke at RSA 2020.

Digital transformation 220

Digital transformation Financial Services Retail Marketing 220

Security Affairs

JANUARY 18, 2019

The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper. The flaw also affected the Financial Services Analytical Applications Infrastructure, the Fusion Middleware MapViewer, and four three Oracle Retail components. ” reads the d escription provided by.

Financial Services 67

Financial Services Libraries Mining Retail 67

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Risk 117

Risk Financial Services Insurance Cybersecurity 117

eSecurity Planet

FEBRUARY 26, 2024

They’re particularly dangerous because it’s difficult for security or development teams to see an XSS vulnerability, and it’s also hard to see the effects of an attack until the ensuing breach is well underway. XSS attacks have multiple security and business risks, including credential theft and damaged company reputation.

Risk 98

Risk Financial Services Security Libraries 98

Data Matters

SEPTEMBER 12, 2018

As part of the public discussion, the Commission, the European Securities and Markets Authority (ESMA), the European Banking Authority (EBA) and the UK Financial Conduct Authority (FCA) were present to provide their thoughts. ESMA and the EBA will publish their findings later in 2018. 3 Available at [link].

Financial Services 68

Financial Services Marketing Privacy IT 68

Security Affairs

JANUARY 13, 2019

Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. “In November 2018, TA505 , a prolific actor that has been at the forefront of this trend, began distributing a new backdoor we named “ServHelper”.

IT 91

IT Financial Services Retail Ransomware 91

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. ” reads the report published by Crowdstrike. Pierluigi Paganini.

Access 88

Access Financial Services Retail Insurance 88

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); Application Security (Section 500.08).

Cybersecurity 65

Cybersecurity Encryption Financial Services Compliance 65

Hunton Privacy

NOVEMBER 25, 2020

The Collective Redress Directive was presented in April 2018 by the European Commission and is part of the European Commission’s New Deal for Consumers. The Collective Redress Directive was proposed as a response to several scandals related to breaches of consumers’ rights by multinational companies.

Financial Services 80

Financial Services GDPR IT Information Security 80

Security Affairs

MARCH 1, 2019

defense contractors , financial services firms, and a national data center in Central Asia. “In 2018, CTU researchers identified evidence of BRONZE UNION leveraging tools that have been publicly available for years. However, the variants used in 2018 included updated code.” ” Secureworks concludes.

IT 78

IT File names Financial Services Communications 78

Adam Levin

APRIL 6, 2020

This is the second major data breach that Marriott has experienced in recent years; in 2018, the company announced that the information of 327 million customers of subsidiary Starwoodhad been compromised in a similar incident. . The post How Marriott Customers Can Protect Themselves From The Latest Breach appeared first on Adam Levin.

Data breaches 75

Data breaches Passwords Financial Services Insurance 75

Hunton Privacy

JULY 24, 2020

On Wednesday, July 22, the New York Department of Financial Services (the “NYDFS”) announced that it had filed administrative charges against First American Title Insurance Co. under the NYDFS Cybersecurity Regulation , marking the agency’s first enforcement action since the rules went into effect in March 2017.

Cybersecurity 85

Cybersecurity Risk Financial Services Insurance 85

Security Affairs

NOVEMBER 19, 2018

Other participants were teams from universities, Tencent, financial service provider Ant Financial, and independent researchers. Recently participants to another contest, the Zero Day Initiative’s Pwn2Own Tokyo 2018 earned over $300,000 for disclosing flaws affecting iPhone X, Xiaomi Mi 6 and Samsung Galaxy S9 smartphones.

Financial Services 84

Financial Services Cybersecurity Security 84

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Third-party service provider risk management program. Upcoming certifications.

Cybersecurity 40

Cybersecurity Compliance Financial Services Risk 40