Access, Authentication, Financial Services and Passwords

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. OTP Agency took itself offline within hours of that story. .

Passwords

Passwords Authentication Phishing Access

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. c)); – monitor privileged access activity by implementing a privileged access management (“PAM”) solution, and automatically blocking commonly used passwords (500.7(c));

Financial Services

Financial Services Cybersecurity Compliance Government

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. By using the services, cybercriminals can gain access to victims’ accounts to steal money.

Authentication

Authentication Phishing Financial Services Passwords

How Multi-factor Authentication Can Benefit Your Industry

Rocket Software

AUGUST 17, 2020

Financial services organizations typically experience the most data breaches and hacks, which makes security a priority. For almost every industry, multi-factor authentication can be beneficial. What is Multi-factor Authentication? It isn’t a specific means of confirmation, but it can include various password components.

Authentication

Authentication Financial Services Passwords Insurance

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

The Last Watchdog

JULY 11, 2023

Having access to a partner focused in cybersecurity brings fresh perspectives and allows for an unbiased evaluation of the systems in use. It’s important to implement robust monitoring systems that analyze activities and network traffic, which identify unauthorized access or suspicious behavior. Foster collaborative partnerships.

IT

IT Encryption Risk Financial Services

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

These recommendations are further detailed below, but two to note in particular: The Advisory recommends that organizations “require multi-factor authentication for all users, without exception.” Require multi-factor authentication (MFA) for all users. Enable Controlled Folder Access.

Cybersecurity

Cybersecurity Financial Services Authentication Government

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. NYDFS also found that Carnival had failed to implement basic protocols to prevent data breaches.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

According to the settlement agreement, the threat actor obtained access to the EyeMed email account on approximately June 24, 2020 and not only obtained access to six years’ worth of information, but also began sending 2,000 phishing emails on July 1. EyeMed blocked the threat actor’s access on July 1. SHIELD Act.

Passwords

Passwords Financial Services Authentication Insurance

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

. “As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” reads the FBI’s flash alert.

Ransomware

Ransomware Passwords Financial Services Manufacturing

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

financial services firm Ameriprise uses the domain ameriprise.com; the Disneyland Team’s domain for Ameriprise customers is [link] [brackets added to defang the domain], which displays in the browser URL bar as ? ” The user manual says this option blocks the user from accessing their account for two hours.

Phishing

Phishing Authentication Financial Services Access

Microsoft warns of multi-stage AiTM phishing and BEC attacks

Security Affairs

JUNE 11, 2023

Microsoft discovered multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attacks against banking and financial services organizations. The proxy server allows attackers to access the traffic and capture the target’s password and the session cookie. .”

Phishing

Phishing Financial Services Passwords Authentication

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

Hunton Privacy

OCTOBER 24, 2022

On October 18, 2022, the New York State Department of Financial Services (“NYDFS”) announced that EyeMed Vision Care LLC (“EyeMed”) agreed to a $4.5 On October 18, 2022, the New York State Department of Financial Services (“NYDFS”) announced that EyeMed Vision Care LLC (“EyeMed”) agreed to a $4.5

Cybersecurity

Cybersecurity Financial Services Risk Phishing

What is credential stuffing? And how to prevent it?

Security Affairs

MARCH 29, 2022

In other words, bad actors glean lists of breached usernames and passwords and run them against desired logins until they find some that work. And, there remains general bad hygiene surrounding the creation of usernames and passwords, with many being reused over multiple websites. Good password hygiene and password managers. “If

IT

IT Passwords Authentication Data Privacy

Microsoft: Russia-linked SolarWinds hackers breached three new entities

Security Affairs

JUNE 26, 2021

Threat actors carried out brute-force and password spraying attacks in an attempt to gain access to Microsoft customer accounts. The hackers also targeted non-governmental organizations and think tanks, as well as financial services. The IT giant quickly removed the access and secured the device. .

Financial Services

Financial Services Access Passwords Authentication

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. Disable unused ports.

Ransomware

Ransomware Passwords Encryption Financial Services

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

This follows the FCA’s announcement in its 2020-21 business plan that payment services were one of its main supervisory priorities 1 and its temporary guidance of July 9, 2020, on prudential risk management and safeguarding in light of the COVID-19 pandemic ( Temporary COVID Guidance ). TPP access. Authentication code.

Authentication

Authentication Paper Risk Insurance

Billions of FBS Records Exposed in Online Trading Broker Data Leak

Security Affairs

MARCH 24, 2021

comprised millions of confidential records including names, passwords, email addresses, passport numbers, national IDs, credit cards, financial transactions and more. Despite containing very sensitive financial data, the server was left open without any password protection or encryption. Plain Text (base64) Passwords.

Passwords

Passwords Phishing Authentication Access

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Cookies are a precious source of intelligence about victims’ habits and could be abused to access the person’s online accounts of the victims. . These included logins for social media, online games, online marketplaces, job-search sites, consumer electronics, financial services, email services, and more.

Computer and Electronics

Computer and Electronics Archiving Encryption Passwords

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

Most companies have only a vague sense of all of the IoT sensors tied into their networks, and each device represents an access path beckoning intruders. Hacking collectives are very proficient at “exploiting weak authentication schemes to gain persistence inside of a targeted network,” Sherman says.

IoT

IoT Passwords Artificial Intelligence Risk

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

Although he didn’t technically have an account with MSF, their authentication system is based on email addresses, so Jim requested that a password reset link be sent to his email address. ” According to the Native American Financial Services Association (NAFSA), a trade group in Washington, D.C.

Financial Services

Financial Services IT Data breaches Passwords

Multi-Factor Authentication Best Practices & Solutions

eSecurity Planet

OCTOBER 5, 2021

Passwords are the most common authentication tool used by enterprises, yet they are notoriously insecure and easily hackable. But even when passwords are secure, it’s not enough. Recently, hackers leaked 87,000 Fortinet VPN passwords , mostly from companies who hadn’t yet patched a two-year-old vulnerability.

Authentication

Authentication Passwords Access Computer and Electronics

GUEST ESSAY: ‘Continuous authentication’ is driving passwordless sessions into the mainstream

The Last Watchdog

DECEMBER 6, 2022

Much more effective authentication is needed to help protect our digital environment – and make user sessions smoother and much more secure. Consider that some 80 percent of hacking-related breaches occur because of weak or reused passwords, and that over 90 percent of consumers continue to re-use their intrinsically weak passwords.

Authentication

Authentication Passwords Artificial Intelligence Financial Services

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

What measures does the provider have in place to protect various access components? Which roles or individuals from the provider have access to the data stored in the cloud? What authentication methods does the provider support? Deploy an identity and access management solution. Train your staff.

Cloud

Cloud Security Encryption Risk

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. EyeMed blocked the threat actor’s access on July 1. The settlement requires EyeMed to pay $4.5 Background.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

50 Ways to Avoid Getting Scammed on Black Friday

Adam Levin

NOVEMBER 17, 2020

Mobile payment platforms, like Apple Pay and Google Pay, use advanced technology, like fingerprint authentication and tokenization (in which credit card account numbers are replaced by randomly generated numbers) to provide brick-and-mortar shoppers with an added layer of security. Create long and strong passwords. Lock your devices.

Retail

Retail e-Delivery Passwords Phishing

Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed

Adam Levin

SEPTEMBER 5, 2019

They did it again this week with news that 419 million records, including phone numbers and user IDs, were scraped from Facebook and stored in a database that was just sitting online accessible to anyone who might like to peruse it. More than 130 million of those compromised by the discovery were American users. What You Can Do.

Mining

Mining Authentication Financial Services Privacy

Marriott Breach: More than 500 Million Guest Affected

Adam Levin

NOVEMBER 30, 2018

The vulnerability that the hackers took advantage of had been in place and used for “unauthorized access,” according to the company statement, since 2014. . “The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it,” Marriott disclosed in a statement.

Financial Services

Financial Services Encryption Passwords Communications

What’s Good IAM? The Answer may depend on your Industry

The Security Ledger

JUNE 23, 2020

Mature identity and access management (IAM) is a pillar of enterprise security. » Related Stories As Cyber Attacks Mount, Small Businesses seek Authentication Fix New LastPass report finds consumer behavior affects the workplace With Remote Work: MFA Makes Everyone Happy. The post What’s Good IAM? Read the whole entry. »

Authentication

Authentication Access Security Financial Services

Popular apps left biometric data, IDs of millions of users in danger

Security Affairs

JANUARY 27, 2022

Onfido, a London-based company, offers photo-based IDV services for businesses. Financial service providers, car rentals, and many other suppliers that need to confirm customer identities employ similar third-party services. From our preliminary findings, we can find no evidence of malicious access by a third party.

Personal data

Personal data Phishing Data breaches Passwords

Why CISA is Warning CISOs About a Breach at Sisense

Krebs on Security

APRIL 11, 2024

New York City based Sisense has more than 1,000 customers across a range of industry verticals, including financial services, telecommunications, healthcare and higher education. ” “We are taking this matter seriously and promptly commenced an investigation,” Dash continued.

Encryption

Encryption Passwords Access Financial Services

NYDFS Requires COVID-19 Plans by April 9

Data Protection Report

APRIL 2, 2020

On March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic.

Risk

Risk Communications Authentication Financial Services

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

However, basic cybersecurity tools and practices, like patching , strong passwords , and multi-factor authentication (MFA), “can prevent 80 to 90% of cyberattacks,” said Anne Neuberger, deputy national security advisor for cyber and emerging technologies, during a White House press conference in Sept. Other methods.

Ransomware

Ransomware Cybersecurity Phishing Encryption

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

NOVEMBER 19, 2021

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family.

IT

IT Passwords Authentication Phishing

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

As of October 23, 2019, much of that will change: New York will no longer be a purely “acquisition” state but will be “access or acquisition” of personal information in order to constitute a breach requiring notice. Biometric information that is used to authenticate or ascertain the individual identity.

Security

Security Financial Services Passwords Risk

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”). As part of the “access privileges” requirements under Section 500.7

Financial Services

Financial Services Cybersecurity Risk Passwords

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

Passwords are everywhere, but they probably weren't intended to be used as much as they are today. Either they’re too weak -- and therefore trivial to guess--, or we reuse them, which means an attacker can use them to gain access to multiple sites. So we need passwords, but passwords just aren’t perfect.

Passwords

Passwords Authentication Access Data breaches

Digital Onboarding: Convenience Meets Security in Banking

Thales Cloud Protection & Licensing

JANUARY 22, 2024

Now, customers can kickstart the application process from the comfort of their homes or any place with internet access. Online banking services have become so common that according to Forbes , more than 70% of adults in the U.S. Passkeys, replacing passwords, emerge as the superior authentication choice.

Security

Security Authentication Passwords Risk

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

KnowBe4

MARCH 28, 2023

The capacity to craft compelling, well-formed text is in the hands of anyone with access to ChatGPT, and that's basically anyone with an internet connection." While researching his recent book Hacking Multifactor Authentication, Roger tested over 150 MFA solutions. And he wants to share what he learned with you!

Phishing

Phishing Security awareness Insurance Cybersecurity

SHARED INTEL: Microsoft discloses how the Nobelium hacking ring engages in routine phishing

The Last Watchdog

JUNE 28, 2021

Microsoft said it notified the targeted 150 organizations, which included “IT companies (57%), followed by government (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services.” In this case, the attackers leveraged information gleaned from a Microsoft worker’s computing device.

Phishing

Phishing Passwords Authentication Financial Services

Vulnerability Recap 4/22/24 – Cisco, Ivanti, Oracle & More

eSecurity Planet

APRIL 22, 2024

If updates can’t be performed immediately, consider deploying additional security controls or at least disconnecting vulnerable devices from direct internet access. April 13, 2024 Delinea Secret Server Patched After Researcher’s Public Disclosure Type of vulnerability: Authentication bypass.

Authentication

Authentication MDM Cloud Cybersecurity

SHARED INTEL: ‘Credential stuffers’ leverage enduring flaws to prey on video game industry

The Last Watchdog

JULY 7, 2021

Credential stuffing is a type of advanced brute force hacking that leverages software automation to insert stolen usernames and passwords into web page forms, at scale, until the attacker gains access to a targeted account. The big takeaway, to me, is how they accomplished this – by refining and advancing credential stuffing.

Passwords

Passwords Authentication Marketing Access

SHARED INTEL: Akamai reports web attack traffic spiked 62 percent in 2020 — all sectors hit hard

The Last Watchdog

MAY 24, 2021

billion hitting financial services organizations — an increase of more than 45 percent year-over-year in that sector. billion web app attacks last year, with more than 736 million targeting financial services. billion web attacks globally; 736 million in the financial services sector. A: Everything.

Financial Services

Financial Services Passwords Data breaches Authentication

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

FEBRUARY 25, 2019

Related: Applying ‘zero trust’ to managed security services. So why hasn’t the corporate sector been more effective at locking down access for users? Here are takeaways from our fascinating discussion: Access pain points. It’s not for lack of trying. Efforts to balance security and productivity sometimes backfired.

Access

Access Government Authentication Data breaches

The Rise of One-Time Password Interception Bots

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Trending Sources

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

How Multi-factor Authentication Can Benefit Your Industry

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

New York SHIELD Act $600,000 settlement

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Disneyland Malware Team: It’s a Puny World After All

Microsoft warns of multi-stage AiTM phishing and BEC attacks

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

What is credential stuffing? And how to prevent it?

Microsoft: Russia-linked SolarWinds hackers breached three new entities

Avoslocker ransomware gang targets US critical infrastructure

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Billions of FBS Records Exposed in Online Trading Broker Data Leak

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Mysterious custom malware used to steal 1.2TB of data from million PCs

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

Scary Fraud Ensues When ID Theft & Usury Collide

Multi-Factor Authentication Best Practices & Solutions

GUEST ESSAY: ‘Continuous authentication’ is driving passwordless sessions into the mainstream

Top 12 Cloud Security Best Practices for 2021

NYDFS settles with EyeMed for $4.5 million

50 Ways to Avoid Getting Scammed on Black Friday

Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed

Marriott Breach: More than 500 Million Guest Affected

What’s Good IAM? The Answer may depend on your Industry

Popular apps left biometric data, IDs of millions of users in danger

Why CISA is Warning CISOs About a Breach at Sisense

NYDFS Requires COVID-19 Plans by April 9

What is a Cyberattack? Types and Defenses

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

New York’s Breach Law Amendments and New Security Requirements

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

The Hacker Mind Podcast: Going Passwordless

Digital Onboarding: Convenience Meets Security in Banking

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

SHARED INTEL: Microsoft discloses how the Nobelium hacking ring engages in routine phishing

Vulnerability Recap 4/22/24 – Cisco, Ivanti, Oracle & More

SHARED INTEL: ‘Credential stuffers’ leverage enduring flaws to prey on video game industry

SHARED INTEL: Akamai reports web attack traffic spiked 62 percent in 2020 — all sectors hit hard

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

Stay Connected