2019, Financial Services and Security - Information Management Today

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment

Thales Cloud Protection & Licensing

NOVEMBER 4, 2020

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment. Even “traditional banks” seek to drive more revenue from digital products, personalized services and experiences. At the same time, financial services organizations need to adapt to a shifting global environment.

Financial Services

Financial Services Security Digital transformation Encryption

New: 2019 State of the Internet / Security: Financial Services Attack Economy

Dark Reading

NOVEMBER 25, 2019

Every organization should be paying attention to the attacks targeting financial services systems.

Financial Services

Financial Services Security

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Security Affairs

APRIL 10, 2019

SAP released the April 2019 Security Patch Day that is included 6 Security Notes, two of which address High severity flaws in Crystal Reports and NetWeaver. SAP released 6 Security Notes as part of the April 2019 Security Patch Day, two of which address High severity flaws in Crystal Reports and NetWeaver.

Security

Security Financial Services Risk Access

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Krebs on Security

DECEMBER 10, 2020

(TSYS) is the third-largest third-party payment processor for financial institutions in North America, and a major processor in Europe. TSYS provides payment processing services, merchant services and other payment solutions, including prepaid debit cards and payroll cards. NYSE:GPN ].

Ransomware

Ransomware Financial Services Access IT

SAP Security Patch Day for May 2019 fixes many missing authorization checks

Security Affairs

MAY 15, 2019

SAP released SAP Security Patch Day for May 2019 that includes 8 Security Notes, 5 of which are updates to previously released Notes. “Today, being the second Tuesday of the month, SAP released May’s Security Notes. “Today, being the second Tuesday of the month, SAP released May’s Security Notes.

Security

Security Financial Services Risk IT

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. Thereafter, in 2019, the department created a Cybersecurity Division to focus specifically on protecting industries and consumers from cyberthreats. regulator concerning the increasingly critical issue of cyberinsurance.

Insurance

Insurance Financial Services Cybersecurity Risk

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. billion in 2019. Securities and Exchange Commission each announced they were investigating the company. had exposed approximately 885 million records related to mortgage deals going back to 2003.

Insurance

Insurance Financial Services Mining Access

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Security Affairs

FEBRUARY 26, 2019

Threat actors in the wild are exploiting the recently patched CVE-2019-6340 flaw in the Drupal CMS to deliver cryptocurrency miners and other payloads. Just three days after the CVE-2019-6340 flaw in Drupal was addressed, threat actors in the wild started exploiting the issue to deliver cryptocurrency miners and other payloads.

Financial Services

Financial Services CMS Government Security

Credit Union Sues Fintech Giant Fiserv Over Security Claims

Krebs on Security

MAY 3, 2019

A Pennsylvania credit union is suing financial industry technology giant Fiserv , alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers. Most alarmingly, this security control was purely illusory. Justice Department.

Security

Security Passwords Financial Services Sales

NY Investigates Exposure of 885 Million Mortgage Documents

Krebs on Security

MAY 31, 2019

New York regulators are investigating a weakness that exposed 885 million mortgage records at First American Financial Corp. On May 29, The New York Times reported that the inquiry by New York’s Department of Financial Services is likely to be followed by other investigations from regulators and law enforcement.

Financial Services

Financial Services Insurance Sales Authentication

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S.

Insurance

Insurance Risk Financial Services Mining

RSAC insights: Introducing ‘CWPP’ and ‘CSPM,’ new frameworks to secure cloud infrastructure

The Last Watchdog

MAY 17, 2021

In pulling off that milestone hack, Paige Thompson took advantage of CapOne’s lack of focus on cloud security as the banking giant rushed headlong into leveraging Amazon Web Services. Luckily, Thompson left an easy trail for the FBI to follow and affect her arrest in August 2019. It’s going to take a paradigm shift, Simzer says.

Cloud

Cloud Security Risk Financial Services

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

Security Affairs

APRIL 3, 2024

Resecurity researchers warn that a new Version of JsOutProx is targeting financial institutions in APAC and MENA via Gitlab abuse. Resecurity has detected a new version of JSOutProx , which is targeting financial services and organizations in the APAC and MENA regions.

Financial Services

Financial Services Phishing IT Information Security

Law enforcement operation seized Ragnar Locker group’s infrastructure

Security Affairs

OCTOBER 19, 2023

The ransomware operation has been active since late December 2019, the FBI published two flash alert to warn of the operation of the group. This is an important achievement in the fight against cybercrime. Both FBI and Europol declined to comment on the events. More details are expected to be released tomorrow.

Ransomware

Ransomware Financial Services Manufacturing Government

$8 million penalty to NYDFS – and another case of over-retention

Data Protection Report

JANUARY 18, 2024

On January 3, 2024, the New York Department of Financial Services announced a consent order with GGT, where GGT agreed to pay NYDFS $8 million and to surrender its BitLicense (for cryptocurrency trading), due to alleged violations of NYDFS’ cybersecurity and its virtual currency regulations.

Cybersecurity

Cybersecurity Financial Services Compliance Encryption

The Future of Payments Security

Thales Cloud Protection & Licensing

JANUARY 26, 2021

The Future of Payments Security. Even when banking organizations are upgrading security posture to safeguard sensitive financial information, hackers can steal the data intelligently by tying known vulnerabilities together, and making it turn out to be a potential attack. Securing digital transactions. Stolen credentials.

Security

Security Retail Authentication Big data

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

pic.twitter.com/SvpbeslrCd — vx-underground (@vxunderground) February 19, 2024 LockBit is a prominent ransomware operation that first emerged in September 2019. Lockbit ransomware group administrative staff has confirmed with us their websites have been seized.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Financial Services

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Insurance

Regulatory Update: NAIC Summer 2019 National Meeting

Data Matters

SEPTEMBER 4, 2019

The National Association of Insurance Commissioners (NAIC) held its Summer 2019 National Meeting (Summer Meeting) in New York City from August 3 to 6, 2019. The amended regulation took effect on August 1, 2019, for annuity products and will become effective on February 1, 2020, for life insurance products.

Insurance

Insurance Paper Risk Analytics

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Third-party service provider risk management program.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

New Anti Anti-Money Laundering Services for Crooks

Krebs on Security

AUGUST 13, 2021

But with countless criminals now making millions from ransomware, there is certainly a vast, untapped market for services that help those folks improve their operational security. “To date, this type of analysis has been used primarily by regulated financial service providers.” AMLBot’s user interface.

Blockchain

Blockchain Analytics Marketing Ransomware

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

You’d therefore expect that the sector fares better at data security than your average organisation. The public data set on the ICO (Information Commissioner’s Office) website shows that data security isn’t necessarily better for financial organisations. What do the statistics say?

Risk

Risk Data breaches Authentication Financial Services

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

NYDFS settles cybersecurity regulation matter for $1.8 million

Data Protection Report

JUNE 2, 2021

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. Affiliate #1 notified NYDFS on November 25, 2019.

Cybersecurity

Cybersecurity Insurance Financial Services Phishing

Automation Anywhere Named a Leader in the 2019 Gartner Magic Quadrant for RPA Software

Info Source

JULY 11, 2019

July 11, 2019 – Automation Anywhere , a global leader in Robotic Process Automation Software, today announced that Gartner, Inc. has named it a Leader in Gartner’s 2019 Magic Quadrant for RPA Software. [1]. 8 July 2019. Inaugural Magic Quadrant for RPA Software Recognizes Automation Anywhere. SAN JOSE, Calif.

Marketing

Marketing Financial Services IT Security

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. According to the consent order, the matter began when NSC reported a cybersecurity event to NYDFS on October 23, 2019. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Financial Services Phishing Compliance

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. billion per month.

Insurance

Insurance Data breaches Financial Services Passwords

SEC Charges Investment Advisers and Broker-Dealers with Deficient Cybersecurity Procedures

Hunton Privacy

SEPTEMBER 1, 2021

Securities and Exchange Commission (“SEC”) announced that it had settled three administrative cases involving a total of eight registered broker-dealers and investment advisers for failures in their cybersecurity policies and procedures. 34-92806 ; and In the Matter of KMS Financial Services, Inc. , Release No.

Cybersecurity

Cybersecurity Financial Services Cloud Access

Improve your data relationships with third parties

Collibra

FEBRUARY 11, 2020

Regulators are focusing on the data relationships financial services organizations have with third parties, including how well personal information is being managed. There are several areas that the international financial services regulatory community is engaged in that touch on third party personal data relationships.

Financial Services

Financial Services Digital transformation Personal data Compliance

NEW TECH: Baffin Bay Networks takes a ‘cloud-first’ approach to securing web applications

The Last Watchdog

SEPTEMBER 10, 2019

That experiment conducted by a reporter for The Atlantic crystalizes the seemingly intractable security challenge businesses face today. We met at Black Hat USA 2019 , where Baffin Bay touted its cloud-first, full-stack suite of threat protection services.

Cloud

Cloud Security Digital transformation Financial Services

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. ” reads the report published by Crowdstrike. Pierluigi Paganini.

Access

Access Financial Services Retail Insurance

MY TAKE: Coping with security risks, compliance issues spun up by ‘digital transformation’

The Last Watchdog

AUGUST 22, 2019

A core security challenge confronts just about every company today. While the benefits of DX are highly-touted , this shift has also spawned a whole new tier of unprecedented privacy and security challenges. The cloud is kind of dragging this movement along and DevOps and security are center stage, at the moment.”

Digital transformation

Digital transformation Compliance Risk Security

NEW TECH: Cequence Security deploys defense against botnets’ assault on business logic

The Last Watchdog

MARCH 26, 2019

Pick any company in any vertical – financial services, government, defense, manufacturing, insurance, healthcare, retailing, travel and hospitality – and you’ll find employees, partners, third-party suppliers and customers all demanding remote access to an expanding menu of apps — using their smartphones and laptops.

Security

Security Digital transformation Financial Services Risk

Cryptoassets and Smart Contracts – UK Offers Legal Clarity

Data Matters

DECEMBER 4, 2019

On November 18, 2019, the UK Jurisdiction Taskforce, which is part of The English Law Society’s LawTech Delivery Panel , published its Legal Statement on the status of cryptoassets and smart contracts (the Legal Statement). 1 Available at [link].

Blockchain

Blockchain Financial Services Healthcare Marketing

Cryptoassets and Smart Contracts – UK Offers Legal Clarity

Data Matters

DECEMBER 4, 2019

On November 18, 2019, the UK Jurisdiction Taskforce, which is part of The English Law Society’s LawTech Delivery Panel , published its Legal Statement on the status of cryptoassets and smart contracts (the Legal Statement). 1 Available at [link].

Blockchain

Blockchain Financial Services Healthcare Marketing

NYDFS Cybersecurity Regulations: A glimpse into the future

Thales Cloud Protection & Licensing

NOVEMBER 27, 2018

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. The 2017 bill, the first of its kind, will be fully implemented as of March 1st, 2019. Application layer security ensures secure development practices for in-house developed applications.

Cybersecurity

Cybersecurity Financial Services Encryption Data Privacy

Corporate Finance firms leak 500K+ legal and financial documents online

Security Affairs

MARCH 17, 2020

Security experts from vpnMentor have discovered two corporate finance companies that leak half a million legal and financial documents online. vpnMentor experts uncovered a database exposed online on Amazon Web Services (AWS) that is leaking a huge amount of sensitive legal and financial documents. Pierluigi Paganini.

Financial Services

Financial Services Access Privacy Security

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe.

Financial Services

Financial Services Libraries Encryption Authentication

News Alert: W3C advances technology to streamline payment authentication

The Last Watchdog

JUNE 15, 2023

The World Wide Web Consortium today announced a standardization milestone for a new browser capability that helps to streamline user authentication and enhance payment security during Web checkout. Publication of Secure Payment Confirmation as a Candidate Recommendation indicates that the feature set is stable and has received wide review.

Authentication

Authentication Communications Financial Services Retail

How can banks succeed in the digital banking era?

Thales Cloud Protection & Licensing

NOVEMBER 22, 2021

Consumers have come to expect a hyper-personalized experience that is fast, convenient and secure. trillion in 2019 to $5.2 Banks have adopted technologies to enable: Secure, remote, multi-device banking transactions. Secure digital payments leveraging biometrics, tokens, and context-based security. Data security.

Digital transformation

Digital transformation Financial Services Customer Experience Risk

SEC announces sanctions against entities over email account hacking

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Financial Services

Financial Services Cybersecurity Cloud Security

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

The ransomware operation has been active since late December 2019, this is the second time that the FBI first shares IoC related to RagnarLocker operation, the FBI first became aware of this threat in April 2020. Secure your back-ups and ensure data is not accessible for modification or deletion from the system where the data resides.

Ransomware

Ransomware Passwords Financial Services Manufacturing

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

In the Order, the SEC alleges that First American’s disclosures concerning the vulnerability were deficient because senior executives were not provided all available and relevant information, specifically that First American’s information security personnel had identified and failed to remediate the vulnerability months earlier in January 2019.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment

New: 2019 State of the Internet / Security: Financial Services Attack Economy

Webinars

Trending Sources

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Webinars

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

SAP Security Patch Day for May 2019 fixes many missing authorization checks

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

NY Charges First American Financial for Massive Data Leak

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Credit Union Sues Fintech Giant Fiserv Over Security Claims

NY Investigates Exposure of 885 Million Mortgage Documents

First American Financial Pays Farcical $500K Fine

RSAC insights: Introducing ‘CWPP’ and ‘CSPM,’ new frameworks to secure cloud infrastructure

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

Law enforcement operation seized Ragnar Locker group’s infrastructure

$8 million penalty to NYDFS – and another case of over-retention

The Future of Payments Security

Operation Cronos: law enforcement disrupted the LockBit operation

New York State Expected to Increase Enforcement of Cybersecurity Practices

Regulatory Update: NAIC Summer 2019 National Meeting

Transition period under New York Cybersecurity Regulation ends March 1, 2019

New Anti Anti-Money Laundering Services for Crooks

Risk Management under the DORA Regulation

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

NYDFS settles cybersecurity regulation matter for $1.8 million

Automation Anywhere Named a Leader in the 2019 Gartner Magic Quadrant for RPA Software

NYDFS settles cybersecurity regulation matter for $3 million

American Insurance firm State Farm victim of credential stuffing attacks

SEC Charges Investment Advisers and Broker-Dealers with Deficient Cybersecurity Procedures

Improve your data relationships with third parties

NEW TECH: Baffin Bay Networks takes a ‘cloud-first’ approach to securing web applications

Iran-linked APT group Pioneer Kitten sells access to hacked networks

MY TAKE: Coping with security risks, compliance issues spun up by ‘digital transformation’

NEW TECH: Cequence Security deploys defense against botnets’ assault on business logic

Cryptoassets and Smart Contracts – UK Offers Legal Clarity

Cryptoassets and Smart Contracts – UK Offers Legal Clarity

NYDFS Cybersecurity Regulations: A glimpse into the future

Corporate Finance firms leak 500K+ legal and financial documents online

EventBot, a new Android mobile targets financial institutions across Europe

News Alert: W3C advances technology to streamline payment authentication

How can banks succeed in the digital banking era?

SEC announces sanctions against entities over email account hacking

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Stay Connected