Authentication, Financial Services, IT and Security

Defending Financial Services Against Fraud in a Shifting Cyber Landscape

Thales Cloud Protection & Licensing

NOVEMBER 13, 2023

Defending Financial Services Against Fraud in a Shifting Cyber Landscape sparsh Tue, 11/14/2023 - 05:05 As we approach International Fraud Awareness Week during 12-18 November 2023, taking stock of the evolving threat landscape and the vulnerabilities that financial services organizations face is crucial.

Financial Services

Financial Services Blockchain Encryption Cloud

IBM Cloud releases 2023 IBM Cloud for Financial Services Agreed-Upon Procedures (AUP) Report

IBM Big Data Hub

MAY 23, 2023

IBM Cloud completed its 2023 independent review of IBM Cloud services and processes. The review report demonstrates to its clients, partners and other interested parties that IBM Cloud services have implemented and adhere to the technical, administrative and physical control requirements of IBM Cloud Framework for Financial Services.

Financial Services

Financial Services Cloud Compliance Risk

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

Thales Cloud Protection & Licensing

JANUARY 16, 2024

Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds madhav Wed, 01/17/2024 - 05:46 The Digital Operational Resilience Act (DORA) will apply to the EU financial sector from 17 January 2025. As set out in its Article 2, DORA applies to the entire financial services sector.

Financial Services

Financial Services Cloud Cybersecurity Encryption

News Alert: W3C advances technology to streamline payment authentication

The Last Watchdog

JUNE 15, 2023

The World Wide Web Consortium today announced a standardization milestone for a new browser capability that helps to streamline user authentication and enhance payment security during Web checkout. W3C will seek additional implementation experience prior to advancing this version of Secure Payment Confirmation to Recommendation.

Authentication

Authentication Communications Financial Services Retail

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. This notice requirement explicitly applies to cybersecurity incidents occurring to the covered entity itself, its affiliates, or a third-party service provider.

Financial Services

Financial Services Cybersecurity Compliance Government

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

Thales Cloud Protection & Licensing

AUGUST 31, 2022

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor. However, all this attention from cyber criminals, as well as regulators and governments, has produced an extremely resilient industry with some of the best cyber security practices of any sector. Thu, 09/01/2022 - 05:15.

Financial Services

Financial Services Cybersecurity Computer and Electronics Cloud

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

The Last Watchdog

JULY 11, 2023

Related: Preserving the privacy of the elderly As more traders and investors engage in these investment avenues, it is crucial to adopt robust security measures to safeguard sensitive and regulated information. Continuous threat detection is a proactive approach to maintaining trading environment security.

IT

IT Encryption Risk Financial Services

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Covered Entities must have a monitoring process that ensures prompt notification of any new security vulnerabilities. Multifactor Authentication.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. By using the services, cybercriminals can gain access to victims’ accounts to steal money.

Authentication

Authentication Phishing Financial Services Passwords

How Multi-factor Authentication Can Benefit Your Industry

Rocket Software

AUGUST 17, 2020

Depending on what industry you’re in, your approach to security may be very different. For some sectors, like finance, security and data protection are top of mind for everything that is done. Financial services organizations typically experience the most data breaches and hacks, which makes security a priority.

Authentication

Authentication Financial Services Passwords Insurance

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

HL Chronicle of Data Protection

APRIL 17, 2020

Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic. For more information on the risks COVID-19 places on IT service providers and mitigating those risks, click here.

Financial Services

Financial Services Risk Cybersecurity Phishing

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

Security Affairs

NOVEMBER 10, 2023

Treasury market and impacted some fixed income and equities transactions “The Securities Industry and Financial Markets Association first told members on Wednesday that ICBC Financial Services had been hit by ransomware software, which paralyses computer systems unless a payment is made, several people familiar with the discussions said.”

Ransomware

Ransomware Financial Services Marketing Authentication

How Can We Secure The Future of Digital Payments?

Thales Cloud Protection & Licensing

JANUARY 10, 2022

How Can We Secure The Future of Digital Payments? The financial services ecosystem has evolved tremendously over the past few years driven by a surge in the adoption of digital payments. The biggest challenge for both retailers and financial organizations was the rapidness of that change. Tue, 01/11/2022 - 06:35.

Retail

Retail Security Financial Services Authentication

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action

Thales Cloud Protection & Licensing

MARCH 6, 2024

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action madhav Thu, 03/07/2024 - 04:56 APIs (Application Programming Interfaces) are the backbone of modern digital innovation. Attackers increasingly exploit vulnerabilities, frequently targeting API business logic to bypass traditional security measures.

Security

Security Authentication Risk Cybersecurity

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. An ad for the OTP interception service/bot “SMSRanger.”

Passwords

Passwords Authentication Phishing Access

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Thales Cloud Protection & Licensing

JANUARY 11, 2023

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List. Throughout 2022, Thales hosted more than 40 webinars on a wide variety of cybersecurity topics, including, cloud security, data sovereignty, compliance, data threat trends, and rethinking approaches to role-based authentication.

Compliance

Compliance Cloud Security Financial Services

Recycle Your Phone, Sure, But Maybe Not Your Number

Krebs on Security

MAY 19, 2021

New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online. While you’re at it, consider removing your phone number as a primary or secondary authentication mechanism wherever possible.

Authentication

Authentication Passwords Financial Services Risk

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity

Cybersecurity IT Compliance Financial Services

The Future of Payments Security

Thales Cloud Protection & Licensing

JANUARY 26, 2021

The Future of Payments Security. Even when banking organizations are upgrading security posture to safeguard sensitive financial information, hackers can steal the data intelligently by tying known vulnerabilities together, and making it turn out to be a potential attack. Tue, 01/26/2021 - 09:17. Fraud and scams move to the web.

Security

Security Retail Authentication Big data

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 20, 2023

The IBM 2023 Cost of a Data Breach Report , for example, highlights the continuous financial burden on retailers, which, coupled with potential reputational damage, emphasizes the dire need for retailers to prioritize and bolster their cybersecurity measures. Behind every system, software, and security protocol stands a human being.

Retail

Retail Cybersecurity Financial Services Encryption

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

-based First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. The documents were available without authentication to anyone with a Web browser. Securities and Exchange Commission each announced they were investigating the company. billion in 2019.

Insurance

Insurance Financial Services Mining Access

FFIEC Updates Its Cybersecurity Guidelines For Financial Institutions

ForAllSecure

JANUARY 31, 2023

On October 3, 2022, the Federal Financial Institutions Examination Council's ( FFIEC ) updated its 2018 Cybersecurity Resource Guide for Financial Institutions. The guide also serves as an educational resource on the latest security technologies.

Cybersecurity

Cybersecurity IT Financial Services Risk

NY Investigates Exposure of 885 Million Mortgage Documents

Krebs on Security

MAY 31, 2019

On May 24, KrebsOnSecurity broke the news that First American had just fixed a weakness in its Web site that exposed approximately 885 million documents — many of them with Social Security and bank account numbers — going back at least 16 years. No authentication was needed to access the digitized records. ” .”

Financial Services

Financial Services Insurance Sales Authentication

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

AUGUST 15, 2018

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). Related: How PKI can secure IoT. This makes any personal information and details of financial transactions typed on HTTP web pages easy pickings.

Security

Security Encryption Authentication Financial Services

What is credential stuffing? And how to prevent it?

Security Affairs

MARCH 29, 2022

Earmarked by the FBI as a particular threat to the financial service industry just over a year ago, the increase of internet traffic, data breaches and API usage all contribute to the perfect conditions for successful credential stuffing attacks. Here’s what you need to know about how they work, and how you can stay safe. .

IT

IT Passwords Authentication Data Privacy

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. Require multi-factor authentication (MFA) for all users. Best Practices to Minimize Disruptions.

Cybersecurity

Cybersecurity Financial Services Authentication Government

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself. That InfraGard member, who is head of security at a major U.S. InfraGard , a program run by the U.S.

Sales

Sales Energy and Utilities Communications Data breaches

Central Bank Digital Currency (CBDC) and blockchain enable the future of payments

IBM Big Data Hub

AUGUST 17, 2023

Banks and governments are actively seeking CBDC because it is a more secure alternative to crypto. CBDC operates on a secure, transparent blockchain network, and it uses blockchain technology to create an immutable record of all transactions. Blockchain technology is characterized by its transparency, security and immutability.

Blockchain

Blockchain Financial Services Risk Authentication

Credit Union Sues Fintech Giant Fiserv Over Security Claims

Krebs on Security

MAY 3, 2019

A Pennsylvania credit union is suing financial industry technology giant Fiserv , alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers. Most alarmingly, this security control was purely illusory. billion in earnings last year.

Security

Security Passwords Financial Services Sales

RSAC insights: Introducing ‘CWPP’ and ‘CSPM,’ new frameworks to secure cloud infrastructure

The Last Watchdog

MAY 17, 2021

In pulling off that milestone hack, Paige Thompson took advantage of CapOne’s lack of focus on cloud security as the banking giant rushed headlong into leveraging Amazon Web Services. A slew of new cloud-security frameworks have gained traction since the Capital One hack. Protecting workloads.

Cloud

Cloud Security Risk Financial Services

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

financial services firm Ameriprise uses the domain ameriprise.com; the Disneyland Team’s domain for Ameriprise customers is [link] [brackets added to defang the domain], which displays in the browser URL bar as ? Most Web browser makers, however, have spent years adding security protections to block such nefarious activity.

Phishing

Phishing Authentication Financial Services Access

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware

Ransomware Security Financial Services Cybersecurity

Catches of the Month: Phishing Scams for October 2023

IT Governance

OCTOBER 13, 2023

October is both Cybersecurity Awareness Month in the US and European Cyber Security Month in the EU – twin campaigns on either side of the Atlantic that aim to improve awareness of the importance of cyber security both at work and at home, and provide tips on how to stay secure.

Phishing

Phishing Financial Services Manufacturing Personal data

Access:7 flaws impact +150 device models from over 100 manufacturers

Security Affairs

MARCH 8, 2022

Most of the impacted vendors are in the healthcare sector (55%), followed by IoT (24%), IT (8%), financial services (5%), and manufacturing (4%). PTC has released security patches for Axeda despite it has reached the end of life, it also released mitigations and workarounds for the vulnerabilities. Pierluigi Paganini.

Manufacturing

Manufacturing Access IoT Authentication

Would You Have Fallen for This Phone Scam?

Krebs on Security

APRIL 28, 2020

Last week, KrebsOnSecurity told the harrowing tale of a reader (a security expert, no less) who tried to turn the tables on his telephonic tormentors and failed spectacularly. In another test, the automated system asked for the account holder’s full Social Security number. “I was appalled that Citi would do that.

Financial Services

Financial Services Sales Authentication Risk

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

On January 28, 2021, the UK Financial Conduct Authority (FCA) published Consultation Paper CP21/3 , “Changes to the SCA-RTS and to the guidance in ‘Payment Services and Electronic Money – Our Approach’ and the Perimeter Guidance Manual” (Consultation Paper). its Perimeter Guidance Manual (PERG). Temporary COVID Guidance. Safeguarding.

Authentication

Authentication Paper Risk Insurance

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Krebs on Security

JULY 1, 2021

Financial services giant Intuit this week informed 1.4 Intuit says the change is tied to an “exciting” and “free” new service that will let millions of small business employees get easy access to employment and income verification services when they wish to apply for a loan or line of credit.

Financial Services

Financial Services Government Authentication IT

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

The financial sector is quite heavily regulated, and involves a lot of confidential data. You’d therefore expect that the sector fares better at data security than your average organisation. Perhaps even more concerning to EU lawmakers is how dependent society at large is on banking and other financial services.

Risk

Risk Data breaches Authentication Financial Services

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

FEBRUARY 4, 2019

Attackers exploited the flaw in the SS7 protocol to defeat the 2FA authentication used by Metro Bank to protect its customers. “At Metro Bank we take our customers’ security extremely seriously and have a comprehensive range of safeguards in place to help protect them against fraud. ” said the Bank spokesman.

IT

IT Authentication Financial Services Access

Oracle Critical Patch Update for January 2022 will fix 483 new flaws

Security Affairs

JANUARY 17, 2022

This pre-release announcement for Critical Patch Update (CPU) for January 2022 confirms that Oracle security updates will address 483 new security patches. “A Critical Patch Update is a collection of patches for multiple security vulnerabilities. This Critical Patch Update addresses 483 new security patches.

Communications

Communications Financial Services Big data Retail

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

The Security Ledger

DECEMBER 21, 2022

Paul speaks with Caleb Sima, the CSO of the online trading platform Robinhood, about his journey from teenage cybersecurity phenom and web security pioneer, to successful entrepreneur to an executive in the trenches of protecting high value financial services firms from cyberattacks. Read the whole entry. »

Financial Services

Financial Services Cybersecurity Data breaches Authentication

The Clock is Ticking for PCI DSS 4.0 Compliance

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

Compliance madhav Tue, 09/19/2023 - 05:17 It is essential for any business that stores, processes, and transmits payment card information to comply with the Payment Card Industry Data Security Standard (PCI DSS). Consumers’ payment data is a compelling target for criminals who continue to circumvent IT security defenses.

Compliance

Compliance Financial Services Data breaches Encryption

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

From the very beginning of the cloud computing era, security has been the biggest concern among enterprises considering the public cloud. In addition, 95 percent of survey respondents confirmed that they are extremely to moderately concerned about public cloud security. What is cloud security?

Cloud

Cloud Security Encryption Risk

Defending Financial Services Against Fraud in a Shifting Cyber Landscape

IBM Cloud releases 2023 IBM Cloud for Financial Services Agreed-Upon Procedures (AUP) Report

Trending Sources

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

News Alert: W3C advances technology to streamline payment authentication

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

How Multi-factor Authentication Can Benefit Your Industry

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

How Can We Secure The Future of Digital Payments?

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action

The Rise of One-Time Password Interception Bots

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Recycle Your Phone, Sure, But Maybe Not Your Number

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

The Future of Payments Security

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

NY Charges First American Financial for Massive Data Leak

FFIEC Updates Its Cybersecurity Guidelines For Financial Institutions

NY Investigates Exposure of 885 Million Mortgage Documents

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

What is credential stuffing? And how to prevent it?

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Central Bank Digital Currency (CBDC) and blockchain enable the future of payments

Credit Union Sues Fintech Giant Fiserv Over Security Claims

RSAC insights: Introducing ‘CWPP’ and ‘CSPM,’ new frameworks to secure cloud infrastructure

Disneyland Malware Team: It’s a Puny World After All

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Catches of the Month: Phishing Scams for October 2023

Access:7 flaws impact +150 device models from over 100 manufacturers

Would You Have Fallen for This Phone Scam?

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Risk Management under the DORA Regulation

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Oracle Critical Patch Update for January 2022 will fix 483 new flaws

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

The Clock is Ticking for PCI DSS 4.0 Compliance

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Top 12 Cloud Security Best Practices for 2021

Stay Connected