Analysis, Cybersecurity, Encryption and Financial Services

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. This notice requirement explicitly applies to cybersecurity incidents occurring to the covered entity itself, its affiliates, or a third-party service provider.

Financial Services

Financial Services Cybersecurity Compliance Government

News Alert: Vaultree partners with Tableau to uniquely blend encryption, data visualization

The Last Watchdog

AUGUST 3, 2023

3, 2023 — Vaultree, a cybersecurity leader pioneering Fully Functional Data-In-Use Encryption (FFDUE), today announces a strategic integration with Tableau, a renowned platform for data visualization and business intelligence. San Francisco and Cork, Ireland, Aug.

Encryption

Encryption Analytics Data Privacy Cybersecurity

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. Sophos researchers discovered that the group is now leveraging a new technique called “intermittent encryption” to speed up the encryption process.

Encryption

Encryption Ransomware Financial Services Manufacturing

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 CEOs who say that cybersecurity is the biggest threat to short-term growth have doubled in the past year. The average cost of a breach is $3.6

Ransomware

Ransomware Cybersecurity Phishing Encryption

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action

Thales Cloud Protection & Licensing

MARCH 6, 2024

This report serves as a critical wake-up call for company executives and security professionals, emphasizing the urgent need to prioritize API security as a core component of their overall cybersecurity strategy. Cybersecurity has always been a team game. Encryption Lebin Cheng | VP, API Security More About This Author > Schema

Security

Security Authentication Risk Cybersecurity

BlackCocaine Ransomware, a new malware in the threat landscape

Security Affairs

JUNE 5, 2021

Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021, by Nucleus Software, an India-based IT company in the Banking and Financial Services sector. Nucleus Software declared that it does not store customers’ financial data. BlackCocaine ” to the filenames of encrypted files.

Ransomware

Ransomware Encryption File names Financial Services

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe.

Financial Services

Financial Services Libraries Encryption Authentication

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Periodic risk-based assessments of third parties. Upcoming certifications.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Other industry standards too can have the force of “pseudo-law” – notably, the NIST Cybersecurity Framework, which federal regulators often apply to financial-services firms and government contractors. See the Best Cybersecurity Awareness Training for Employees. The result is arguably a perverse jumble of priorities.

Data Privacy

Data Privacy Compliance Privacy Security

Experts linked ransomware attacks to China-linked APT27

Security Affairs

JANUARY 4, 2021

defense contractors , financial services firms, and a national data center in Central Asia. The hackers used the Windows drive encryption tool BitLocker to lock the servers. “Earlier this year, Security Joes and Profero responded to an incident involving ransomware and the encryption of several core servers.

Ransomware

Ransomware Encryption Financial Services Cybersecurity

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

FEBRUARY 6, 2015

On February 3, 2015, the Securities and Exchange Commission (“SEC”) released a Risk Alert , entitled Cybersecurity Examination Sweep Summary, summarizing observations from the recent round of cybersecurity examinations of registered broker-dealers and investment advisers under the Cybersecurity Examination Initiative.

Cybersecurity

Cybersecurity Insurance Financial Services Risk

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

CloudPassage’s 2021 AWS Cloud Security Report found that misconfiguration of cloud platforms (71 percent), exfiltration of sensitive data (59 percent), and insecure APIs (54 percent) are the top cloud security threats facing cybersecurity professionals. Does the provider encrypt data while in transit and at rest?

Cloud

Cloud Security Encryption Risk

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Customer data, which was encrypted, was reported to be unaffected. Welcome to this week’s round-up of the biggest and most interesting news stories.

Data Privacy

Data Privacy Privacy Security Data breaches

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Security Affairs

MAY 10, 2022

Initially, the service popped up in the Dark Web around 22 nd March 2021, and has been significantly upgraded since then. The last update of the service was registered May 1, 2022. Frappo” grants cybercriminals the ability to work with stolen data anonymously and in an encrypted format.

Phishing

Phishing Retail Financial Services Data breaches

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. Obtain cybersecurity expertise to properly understand and evaluate cyber risk.

Insurance

Insurance Cybersecurity Risk Education

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

All of your files are encrypted with RSA-2048 and AES-128 ciphers.” ” Or you might see a readme.txt stating, “Your files have been replaced by these encrypted containers and aren’t accessible; you will lose your files on [enter date] unless you pay $2500 in Bitcoin.” Forensic Analysis.

Ransomware

Ransomware Encryption Insurance Cloud

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

New York will exclude from “private information” any encrypted data elements or “combination of personal information plus data elements”—as long as the encryption key has not been acquired by the unauthorized person. by a person without valid authorization or by an unauthorized person.

Security

Security Financial Services Passwords Risk

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Recent guidance from the Securities and Exchange Commission (SEC) on disclosure and enforcement actions by the Federal Trade Commission (FTC) make clear that cybersecurity is no longer a niche topic, but a concern significant enough to warrant the oversight of corporate boards of directors. Adopting the NIST Cybersecurity Framework.

Cybersecurity

Cybersecurity Risk Passwords Authentication

In High Demand - How Thales and DigiCert Protect Against Software Supply Chain Attacks

Thales Cloud Protection & Licensing

APRIL 15, 2024

The news has already captured some very high-profile incidents, including attacks on an American retailer, a software vendor, and more recently a multinational investment and financial services bank. Encryption Melody Wood | Partner Solutions Marketing Manager, Thales More About This Author > Schema

Risk

Risk Financial Services Retail Cloud

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

LogicManager’s GRC solution has specific use cases across financial services, education, government, healthcare, retail, and technology industries, among others. IT risk & cybersecurity management. Additionally, Forrester named it a Contender in its Q1 2020 GRC Wave. See our in-depth look at RSA Archer. LogicManager.

Compliance

Compliance Risk Government Retail

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

LogicManager’s GRC solution has specific use cases across financial services, education, government, healthcare, retail, and technology industries, among others. IT risk & cybersecurity management. Additionally, Forrester named it a Contender in its Q1 2020 GRC Wave. See our in-depth look at RSA Archer. LogicManager.

Compliance

Compliance Risk Government Retail

Best Digital Forensics Tools & Software for 2021

eSecurity Planet

AUGUST 13, 2021

While several open-source tools exist for disk and data capture, network analysis, and specific device forensics, a growing number of vendors are building off what’s publicly available. Critical capabilities include timeline analysis, hash filtering, file and folder flagging, and multimedia extraction. The Sleuth Kit and Autopsy.

e-Discovery

e-Discovery Computer and Electronics Marketing Compliance

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. 66,702,148 known records breached in 103 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories.

Data Privacy

Data Privacy Privacy Security Data breaches

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

IT Governance

JANUARY 16, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Welcome to this week’s round-up of the biggest and most interesting news stories. Interested parties are invited to submit their responses to the calls for contributions by 11 March.

Data Privacy

Data Privacy Privacy Manufacturing Retail

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. Investors recognize the potential too, as funding for cybersecurity ventures more than doubled from previous years to almost $22 billion in 2021. Series B SECURITI.ai

Cybersecurity

Cybersecurity Cloud Compliance Analytics

Best Network Security Tools 2021

eSecurity Planet

MAY 27, 2021

Larger organizations most targeted by advanced persistent threats (APTs) like enterprises and government agencies, financial services, energy, and telecommunications make up Kaspersky EDR’s clientele. Read more about the solution in our comparative analysis of Kaspersky and Symantec. Runner up: Trend Micro Vision One.

Security

Security Cloud Analytics Access

Q&A: Here’s why securing mobile apps is an essential key to tempering political division

The Last Watchdog

JANUARY 11, 2021

Vastly improving the secure development and distribution of mobile apps is something the technology and cybersecurity communities are going to have to address, hopefully sooner rather than later. Sadly, there are apps that still send traffic via the HTTP protocol instead of the encrypted equivalent HTTPS protocol.

Security

Security Libraries Encryption Privacy

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

Duff: What MITRE does is provide usually high level understanding to our government customers on problems that they face, and that can range anything from work we do with the FAA to work we do with the NCC OE so the National Cybersecurity Center of Excellence, which is operated by NIST, a variety of programs in between.

Government

Government IT Access Analytics

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

Duff: What MITRE does is provide usually high level understanding to our government customers on problems that they face, and that can range anything from work we do with the FAA to work we do with the NCC OE so the National Cybersecurity Center of Excellence, which is operated by NIST, a variety of programs in between.

Government

Government IT Access Analytics

Information Management Today

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

News Alert: Vaultree partners with Tableau to uniquely blend encryption, data visualization

Webinars

Trending Sources

LockFile Ransomware uses a new intermittent encryption technique

Webinars

What is a Cyberattack? Types and Defenses

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action

BlackCocaine Ransomware, a new malware in the threat landscape

EventBot, a new Android mobile targets financial institutions across Europe

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Security Compliance & Data Privacy Regulations

Experts linked ransomware attacks to China-linked APT27

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Top 12 Cloud Security Best Practices for 2021

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Ransomware Protection in 2021

New York’s Breach Law Amendments and New Security Requirements

An Approach to Cybersecurity Risk Oversight for Corporate Directors

In High Demand - How Thales and DigiCert Protect Against Software Supply Chain Attacks

Top GRC Tools & Software for 2021

Top 10 Governance, Risk and Compliance (GRC) Vendors

Best Digital Forensics Tools & Software for 2021

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

Top Cybersecurity Startups to Watch in 2022

Best Network Security Tools 2021

Q&A: Here’s why securing mobile apps is an essential key to tempering political division

The Hacker Mind: MITRE ATT&CK Evaluations

The Hacker Mind: MITRE ATT&CK Evaluations

Stay Connected