Analysis, Financial Services and Groups - Information Management Today

'Hack-for-Hire' Groups Spoof WHO Emails to Steal Data

Data Breach Today

MAY 28, 2020

Google: Hackers Using COVID-19 Phishing Themes to Target Businesses "Hack-for-hire" groups operating in India are spoofing World Health Organization emails to steal credentials from financial services and healthcare firms around the world, according to Google's Threat Analysis Group.

Financial Services

Financial Services Phishing

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. Members of the Trickbot Group publicly gloated over the ease of targeting the medical facilities and the speed with which the ransoms were paid to the group.”

Ransomware

Ransomware Government Cybersecurity Blockchain

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Krebs on Security

DECEMBER 10, 2020

In 2019, TSYS was acquired by financial services firm Global Payments Inc. Conti is one of several cybercriminal groups that maintains a blog which publishes data stolen from victims in a bid to force the negotiation of ransom payments. NYSE:GPN ].

Ransomware

Ransomware Financial Services Access IT

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

Security Affairs

DECEMBER 15, 2023

Resecurity has uncovered a meaningful link between three major ransomware groups, BianLian, White Rabbit, and Mario Ransomware. Resecurity’s HUNTER (HUMINT) unit spotted the BianLian , White Rabbit , and Mario ransomware gangs collaborating in a joint extortion campaign targeting publicly-traded financial services firms.

Ransomware

Ransomware Financial Services Cybersecurity Passwords

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

” reads the analysis published by Proofpoint. ” The TA505 group was first spotted by Proofpoint back 2017, it has been active at least since 2015 and targets organizations in financial and retail industries. .” ” reads the analysis published by Proofpoint. ” concluded Proofpoint.

IT

IT Financial Services Retail Ransomware

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Security Affairs

DECEMBER 26, 2023

These projections stem from an in-depth analysis of the underground economy’s evolution on the Dark Web and a thorough examination of significant cybersecurity incidents targeting corporations and governments.

Energy and Utilities

Energy and Utilities Artificial Intelligence Ransomware Data breaches

BlackCocaine Ransomware, a new malware in the threat landscape

Security Affairs

JUNE 5, 2021

Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021, by Nucleus Software, an India-based IT company in the Banking and Financial Services sector. Nucleus Software declared that it does not store customers’ financial data. ” reads the post published by Cyble.

Ransomware

Ransomware Encryption File names Financial Services

6 benefits of data lineage for financial services

IBM Big Data Hub

FEBRUARY 26, 2024

The financial services industry has been in the process of modernizing its data governance for more than a decade. How can banks, credit unions, and financial advisors keep up with demanding regulations while battling restricted budgets and higher employee turnover? One often-overlooked area of impact analysis is IT resilience.

Financial Services

Financial Services Cloud Metadata Digital transformation

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

The LockBit ransomware group successfully extorted roughly $91 million from approximately 1,700 U.S. According to a joint advisory published by cybersecurity agencies, the LockBit ransomware group has successfully extorted roughly $91 million in about 1,700 attacks against U.S. organizations since 2020. organizations since 2020.

Ransomware

Ransomware Cybersecurity Agriculture Education

Unmasking 2024’s Email Security Landscape

Security Affairs

FEBRUARY 28, 2024

VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year. Amidst this dynamic landscape, email stands as a primary battleground for cyber defense.

Security

Security Phishing Communications Financial Services

Experts linked ransomware attacks to China-linked APT27

Security Affairs

JANUARY 4, 2021

Researchers from security firms Profero and Security Joes linked a series of ransomware attacks to the China-linked APT27 group. Security researchers from security firms Profero and Security Joes investigated a series of ransomware attacks against multiple organizations and linked them to China-linked APT groups.

Ransomware

Ransomware Encryption Financial Services Cybersecurity

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July.

Insurance

Insurance Data breaches Financial Services Passwords

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

OCTOBER 6, 2021

Agent Tesla , first discovered in late 2014, is an extremely popular “malware-as-a-service” Remote Access Trojan (RAT) tool used by threat actors to steal information such as credentials, keystrokes, clipboard data and other information from its operators’ targets.

Financial Services

Financial Services Retail Education Information Security

Ireland: Large-scale inquiries progress as DPC budget and staff numbers ramp up

DLA Piper Privacy Matters

FEBRUARY 28, 2022

Our analysis of the WhatsApp decision can be read here. The Annual Report notes that forthcoming EU legislation (NIS2 Directive, Digital Markets Act, Digital Services Act, Artificial Intelligence Act and Data Governance Act) will drive further consideration and priority of data issues. Financial Services Sector Focus.

Financial Services

Financial Services Data breaches Personal data Compliance

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

Sophos researchers discovered that the group is now leveraging a new technique called “intermittent encryption” to speed up the encryption process. This trick can be successful against ransomware detection software that relies on inspecting content using statistical analysis to detect encryption.”

Encryption

Encryption Ransomware Financial Services Manufacturing

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

North Korea-linked Lazarus APT group is behind new campaigns against South Korean supply chains that leverage stolen security certificates. . The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. ” reads the analysis published by ESET.

Financial Services

Financial Services Phishing Government Security

Driving innovation and growth, Reltio powers into 2024

Reltio

FEBRUARY 22, 2024

We unveiled the velocity packs in February, featuring pre-built connectors and smooth integrations to speed deployment for clients in sectors like healthcare, financial services, and insurance. Marquee brands, including a leading international hotel group, joined the Reltio customer roster. As measured by revenue, as of 2024.

Customer Experience

Customer Experience MDM Healthcare Digital transformation

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

Security experts observed the LuckyMouse APT group using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks. The APT group has been active since at least 2010, the crew targeted U.S. defense contractors and financial services firms worldwide. ” concludes Kaspersky.

Communications

Communications Financial Services Phishing Encryption

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

The largest Russian bank Sberbank hit by a massive DDoS attack

Security Affairs

NOVEMBER 9, 2023

Sberbank , the Russian banking and financial services giant, announced that it was recently hit by a record-breaking distributed denial of service (DDoS) attack that reached 1 million RPS. We provide further analysis of this new Rapid Reset technique and discuss the evolution of Layer 7 attacks in a companion blog.”

Personal data

Personal data Financial Services Marketing Cloud

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Security Affairs

APRIL 10, 2019

Update to security note release on January 2019 Patch Day: [ CVE-2018-2484 ] Missing Authorization check in SAP Enterprise Financial Services. ” reads the analysis published by security firm Onapsis. This time, Missing Authorization Check is still the largest group in terms of the number of vulnerabilities.”

Security

Security Financial Services Risk Access

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. According to BleepingComputer , the ALPHV/BlackCat ransomware group took responsibility for an attack on McLaren’s network on 4 October.

Data Privacy

Data Privacy Privacy Security Data breaches

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Security Affairs

MAY 10, 2022

Frappo” is actively advertised in the Dark Web and on Telegram where it has a group with over 1,965 active members – there cybercriminals discuss how successful they’ve been at attacking the customers of various online services. Detailed analysis of the Phishing-As-A-Service Frappo is available here: [link].

Phishing

Phishing Retail Financial Services Data breaches

Critical RCE affects older Diebold Nixdorf ATMs

Security Affairs

JUNE 9, 2019

The group of security researchers NightSt0rm published technical details about the vulnerability in a blog post on Medium. The experts explained that had access to an ATM of Diebold vendor and started analyzing the machine a simple PC running Windows OS and exposing some services implemented by the ATM provider.

Libraries

Libraries Communications Financial Services Risk

Emissary Panda updated its weapons for attacks in the past 2 years

Security Affairs

MARCH 1, 2019

Experts analyzed tools and intrusion methods used by the China-linked cyber-espionage group Emissary Panda in attacks over the past 2 years. The Emissary Panda APT (aka LuckyMouse , APT27, Threat Group 3390, and Bronze Union) has been active since 2010, targeted organizations worldwide, including U.S. ” continues the analysis.

IT

IT File names Financial Services Communications

“Cryptoassets are here to stay”: EU Authorities to Provide Guidance on Cryptocurrencies and ICOs

Data Matters

SEPTEMBER 12, 2018

ESMA gave some interesting insights into work it has been doing during 2018 regarding cryptocurrency and ICO regulation, following the publication of its work program for the year that noted that ESMA would be undertaking a “thorough analysis of the regulatory implications of ICOs with an effort to determine when they fall into regulatory scope.”.

Financial Services

Financial Services Marketing Privacy IT

Customer experience examples that drive value

IBM Big Data Hub

JANUARY 25, 2024

It is also likely to increase the organization’s net promoter score (NPS), which determines whether an individual recommends products to their peer group. Engaging in transparent pricing Organizations will often use data-driven analysis to identify the precise price point that drives profitability.

Customer Experience

Customer Experience Retail Sales Artificial Intelligence

What can AI and generative AI do for governments?

IBM Big Data Hub

SEPTEMBER 20, 2023

With this can come improved productivity, as technologies such as natural language processing (NLP) hold the promise of relieving the need for heavy text data reading and analysis. Along with healthcare organizations and financial services entities, government and public sector entities must strive to be seen as the most trusted institutions.

Government

Government Artificial Intelligence Privacy Digital transformation

New Trickbot module implements Remote App Credential-Grabbing features

Security Affairs

FEBRUARY 18, 2019

The new variant is being spread via spam emails that pose as tax-incentive notification purporting to be from the financial services company Deloitte. ” concludes the analysis. The new strain of the Trickbot banking trojan that a updated info-stealing module. llows it to harvest remote desktop application credentials.

Passwords

Passwords Financial Services Encryption Authentication

Identifying E-signature Requirements to Accelerate Digital Adoption and Meet Global Compliance

AIIM

OCTOBER 15, 2018

Go for a holistic four-dimensional requirements analysis. Allianz – a global financial services and insurance company – is one of those organizations which had to rethink their approach on e-signatures. Millennials or Generation X).

Compliance

Compliance Insurance Digital transformation Authentication

The Intersection of Innovation, Enterprise Architecture and Project Delivery

erwin

MAY 16, 2019

Today there’s an unprecedented, rapid rate of change across all industry sectors, even those that have been historically slow to innovate like healthcare and financial services. Of course, focusing on future state (desired business outcome) first, helps to reduce the scope of current-state analysis and speed up the delivery of value.

Marketing

Marketing Financial Services Access IT

NYDFS issues significant guidance on insurers using AI or external data

Data Protection Report

FEBRUARY 2, 2024

On January 17, 2024 the New York Department of Financial Services (“NYDFS”) published a Proposed Insurance Circular Letter (“Proposed Circular”) regarding the use of artificial intelligence systems (“AIS”) and external consumer data and information sources (“ECDIS”) in insurance underwriting and pricing.

Insurance

Insurance Artificial Intelligence Risk Compliance

Malware researchers analyzed an intriguing Java ATM Malware

Security Affairs

JULY 30, 2019

Experts spotted a Java ATM malware that was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. In that case, the malware was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. Introduction. Static strings embedded into HTTP server code.

Financial Services

Financial Services Communications Access IT

Data monetization in banking: Driving customer centricity and business value

CGI

JANUARY 7, 2020

While all data is stored, banks use it for different purposes, such as regulatory compliance, customer behavior analysis, and other strategies. Using this information, the bank also can create a reasonable estimate of the borrower’s net worth to supplement or even replace financial statements, depending on the loan amount.

Analytics

Analytics Marketing Compliance Risk

IBM teams up with organizations on AI incubator for social impact

IBM Big Data Hub

MARCH 2, 2022

Alabama Appleseed is a public policy and direct service organization based in Montgomery and Birmingham that uses policy analysis, original research, public education, and community organizing to build a more just and equitable Alabama.

Data science

Data science Analytics Education Financial Services

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

These aim to reduce a firm’s dependence on, and exposure to, its group affiliates (i.e., to ensure that there is an adequate level of financial resources within each individual regulated entity at all times to absorb losses). Transaction risk analysis.

Authentication

Authentication Paper Risk Insurance

FRANCE: CNIL adopts new single authorization on fraud prevention systems

DLA Piper Privacy Matters

SEPTEMBER 29, 2017

Pursuant to several provisions of the French Code Monétaire et Financier , entities from the banking and financial sector are required to implement processes and strategies to detect, measure and manage operational risks within their group (on a consolidated basis).

Personal data

Personal data Financial Services Risk Insurance

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

Group-IB uncovered a new sophisticated phishing campaign, tracked as PerSwaysion, against high-level executives of more than 150 companies worldwide. . ybercriminals behind the PerSwaysion campaign gained access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups.

Phishing

Phishing Financial Services Cloud Authentication

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Two LockBit actors have been arrested in Poland and Ukraine, and over 200 cryptocurrency accounts linked to the group have been frozen. He faces a maximum of 40 years’ imprisonment.

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

Was RI Advice a watershed for cybersecurity law in Australia or a damp squib?

Data Protection Report

MAY 25, 2022

In this article we distil critical lessons from the Federal Court’s recent decision in Australian Securities and Investments Commission v RI Advice Group Pty Ltd [1] and practical actions to be taken by Boards and executive management. Introduction.

Cybersecurity

Cybersecurity Risk Financial Services Retail

Regulatory Update: NAIC Summer 2019 National Meeting

Data Matters

SEPTEMBER 4, 2019

The New York State Department of Financial Services recently amended its annuity suitability regulation to apply a “best interest” standard in connection with both life insurance and annuity transactions with consumers. Annuity Disclosure (A) Working Group Compromises on Age Restriction on Indices Used in Annuity Illustrations.

Insurance

Insurance Paper Risk Analytics

Regulatory Update: NAIC Summer 2018 National Meeting

Data Matters

AUGUST 24, 2018

The Big Data (EX) Working Group heard a presentation from LIMRA regarding how insurers are utilizing consumer data in underwriting life insurance products. NAIC Continues Working to Develop a Group Capital Calculation. At the Summer Meeting, the Working Group agreed to expose the Trades Letter for a 45-day comment period.

Insurance

Insurance Big data e-Delivery Risk

How ATB Financial drives agile data ops with Collibra and GCP

Collibra

MARCH 23, 2021

ATB Financial provides a diversified set of financial services to more than 770,000 residents of Alberta, Canada. Being a regionally focused institution, the group is dedicated to knowing its customers intimately, understanding their needs and providing products and services that help them achieve their goals.

Cloud

Cloud Government Access Metadata

CCAR MRAs: 6 abilities you need

Collibra

NOVEMBER 3, 2020

As banks continue to work diligently to prepare for the Federal Reserve’s Capital Analysis and Review matter requiring attention (CCAR MRA) , many of them are finding that a mind shift is required. It’s no longer sufficient to think in terms of data management.

Metadata

Metadata Government Compliance Financial Services

'Hack-for-Hire' Groups Spoof WHO Emails to Steal Data

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Webinars

Trending Sources

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Webinars

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Resecurity Released a 2024 Cyber Threat Landscape Forecast

BlackCocaine Ransomware, a new malware in the threat landscape

6 benefits of data lineage for financial services

Cybersecurity agencies published a joint LockBit ransomware advisory

Unmasking 2024’s Email Security Landscape

Experts linked ransomware attacks to China-linked APT27

American Insurance firm State Farm victim of credential stuffing attacks

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Ireland: Large-scale inquiries progress as DPC budget and staff numbers ramp up

LockFile Ransomware uses a new intermittent encryption technique

Lazarus malware delivered to South Korean users via supply chain attacks

Driving innovation and growth, Reltio powers into 2024

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

The largest Russian bank Sberbank hit by a massive DDoS attack

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Critical RCE affects older Diebold Nixdorf ATMs

Emissary Panda updated its weapons for attacks in the past 2 years

“Cryptoassets are here to stay”: EU Authorities to Provide Guidance on Cryptocurrencies and ICOs

Customer experience examples that drive value

What can AI and generative AI do for governments?

New Trickbot module implements Remote App Credential-Grabbing features

Identifying E-signature Requirements to Accelerate Digital Adoption and Meet Global Compliance

The Intersection of Innovation, Enterprise Architecture and Project Delivery

NYDFS issues significant guidance on insurers using AI or external data

Malware researchers analyzed an intriguing Java ATM Malware

Data monetization in banking: Driving customer centricity and business value

IBM teams up with organizations on AI incubator for social impact

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

FRANCE: CNIL adopts new single authorization on fraud prevention systems

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

Was RI Advice a watershed for cybersecurity law in Australia or a damp squib?

Regulatory Update: NAIC Summer 2019 National Meeting

Regulatory Update: NAIC Summer 2018 National Meeting

How ATB Financial drives agile data ops with Collibra and GCP

CCAR MRAs: 6 abilities you need

Stay Connected