Krebs on Security

MAY 3, 2019

A Pennsylvania credit union is suing financial industry technology giant Fiserv , alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers. Most alarmingly, this security control was purely illusory.

Security 194

Security Passwords Financial Services Sales 194

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”). As part of the “access privileges” requirements under Section 500.7 Additional Requirements.

Financial Services 55

Financial Services Cybersecurity Risk Passwords 55

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. Require multi-factor authentication (MFA) for all users. The following are the best practices highlighted by the Advisory, Microsoft report, PANW report, and Mandiant report.

Cybersecurity 157

Cybersecurity Financial Services Authentication Government 157

Krebs on Security

NOVEMBER 16, 2022

financial services firm Ameriprise uses the domain ameriprise.com; the Disneyland Team’s domain for Ameriprise customers is [link] [brackets added to defang the domain], which displays in the browser URL bar as ? Most Web browser makers, however, have spent years adding security protections to block such nefarious activity.

Phishing 281

Phishing Authentication Financial Services Access 281

Data Protection Report

FEBRUARY 8, 2022

The latter is the 2019 data security law known as the Stop Hacks and Improve Electronic Data Security (SHIELD) Act. The settlement also stated that “the password that the attacker used to gain access to the account was insufficiently complex given the sensitivity of the information in the enrollment account.” Background.

Passwords 98

Passwords Financial Services Authentication Insurance 98

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity 115

Cybersecurity Insurance Phishing Financial Services 115

The Security Ledger

DECEMBER 21, 2022

Paul speaks with Caleb Sima, the CSO of the online trading platform Robinhood, about his journey from teenage cybersecurity phenom and web security pioneer, to successful entrepreneur to an executive in the trenches of protecting high value financial services firms from cyberattacks. As Mobile Fraud Rises, The Password Persists.

Financial Services 52

Financial Services Cybersecurity Data breaches Passwords 52

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. hard drive, storage device, the cloud).

Ransomware 99

Ransomware Passwords Encryption Financial Services 99

eSecurity Planet

SEPTEMBER 10, 2021

From the very beginning of the cloud computing era, security has been the biggest concern among enterprises considering the public cloud. In addition, 95 percent of survey respondents confirmed that they are extremely to moderately concerned about public cloud security. What is cloud security?

Cloud 132

Cloud Security Encryption Risk 132

Security Affairs

JUNE 11, 2023

Microsoft discovered multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attacks against banking and financial services organizations. The proxy server allows attackers to access the traffic and capture the target’s password and the session cookie. .”

Phishing 91

Phishing Financial Services Passwords Authentication 91

IT Governance

OCTOBER 13, 2023

October is both Cybersecurity Awareness Month in the US and European Cyber Security Month in the EU – twin campaigns on either side of the Atlantic that aim to improve awareness of the importance of cyber security both at work and at home, and provide tips on how to stay secure.

Phishing 105

Phishing Financial Services Manufacturing Personal data 105

Security Affairs

MARCH 29, 2022

In other words, bad actors glean lists of breached usernames and passwords and run them against desired logins until they find some that work. And, there remains general bad hygiene surrounding the creation of usernames and passwords, with many being reused over multiple websites. Good password hygiene and password managers. “If

IT 76

IT Passwords Authentication Data Privacy 76

Security Affairs

MARCH 8, 2022

. “As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” reads the FBI’s flash alert.

Ransomware 86

Ransomware Passwords Financial Services Manufacturing 86

Data Matters

FEBRUARY 25, 2021

This follows the FCA’s announcement in its 2020-21 business plan that payment services were one of its main supervisory priorities 1 and its temporary guidance of July 9, 2020, on prudential risk management and safeguarding in light of the COVID-19 pandemic ( Temporary COVID Guidance ). Authentication code. Transaction risk analysis.

Authentication 68

Authentication Paper Risk Insurance 68

Security Affairs

JUNE 26, 2021

Threat actors carried out brute-force and password spraying attacks in an attempt to gain access to Microsoft customer accounts. The hackers also targeted non-governmental organizations and think tanks, as well as financial services. The IT giant quickly removed the access and secured the device. . Pierluigi Paganini.

Financial Services 94

Financial Services Access Passwords Authentication 94

Security Affairs

MARCH 24, 2021

comprised millions of confidential records including names, passwords, email addresses, passport numbers, national IDs, credit cards, financial transactions and more. We notified FBS of the breach so they could take appropriate action to secure the data. Plain Text (base64) Passwords. Financial details such as.

Passwords 123

Passwords Phishing Authentication Access 123

Hunton Privacy

OCTOBER 24, 2022

On October 18, 2022, the New York State Department of Financial Services (“NYDFS”) announced that EyeMed Vision Care LLC (“EyeMed”) agreed to a $4.5 According to the consent order, the mailbox containing sensitive consumer information was protected by a weak password that was shared by nine employees.

Cybersecurity 67

Cybersecurity Financial Services Risk Phishing 67

The Last Watchdog

NOVEMBER 9, 2020

The challenge of the moment is that many companies already have their hands full trying to improve their security posture as they migrate their legacy, on premises, IT systems to the cloud. The operating systems of home IoT devices today typically get shipped with minimal logon security. This is a sign of IoT attacks to come.

IoT 279

IoT Passwords Artificial Intelligence Risk 279

Security Affairs

JUNE 11, 2021

These included logins for social media, online games, online marketplaces, job-search sites, consumer electronics, financial services, email services, and more. Most of the stolen files (50%+) were text files, some of them containing software logs, passwords, personal notes, and other sensitive information.

Computer and Electronics 113

Computer and Electronics Archiving Encryption Passwords 113

Krebs on Security

JANUARY 25, 2022

But Jim has long had a security freeze on his credit file with the three major consumer credit reporting bureaus , and none of the lenders seemed willing to proceed without at least a peek at his credit history. ” According to the Native American Financial Services Association (NAFSA), a trade group in Washington, D.C.

Financial Services 225

Financial Services IT Data breaches Passwords 225

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity 113

Cybersecurity IT Compliance Financial Services 113

The Last Watchdog

DECEMBER 6, 2022

Much more effective authentication is needed to help protect our digital environment – and make user sessions smoother and much more secure. Consider that some 80 percent of hacking-related breaches occur because of weak or reused passwords, and that over 90 percent of consumers continue to re-use their intrinsically weak passwords.

Authentication 203

Authentication Passwords Artificial Intelligence Financial Services 203

eSecurity Planet

OCTOBER 5, 2021

Passwords are the most common authentication tool used by enterprises, yet they are notoriously insecure and easily hackable. But even when passwords are secure, it’s not enough. Recently, hackers leaked 87,000 Fortinet VPN passwords , mostly from companies who hadn’t yet patched a two-year-old vulnerability.

Authentication 104

Authentication Passwords Access Computer and Electronics 104

Adam Levin

NOVEMBER 17, 2020

Mobile payment platforms, like Apple Pay and Google Pay, use advanced technology, like fingerprint authentication and tokenization (in which credit card account numbers are replaced by randomly generated numbers) to provide brick-and-mortar shoppers with an added layer of security. Browse online using secure networks.

Retail 97

Retail e-Delivery Passwords Phishing 97

Security Affairs

FEBRUARY 18, 2019

The new variant is being spread via spam emails that pose as tax-incentive notification purporting to be from the financial services company Deloitte. Using the settings the module could retrieve an array of useful information, including host name, user name, and the private key files used for authentication. Pierluigi Paganini.

Passwords 80

Passwords Financial Services Encryption Authentication 80

Adam Levin

NOVEMBER 30, 2018

If you prefer a more laid back approach, sign up for free transaction alerts from financial services institutions and credit card companies, or subscribe to a credit and identity monitoring program, 3. Minimize your exposure. Monitor your accounts. Manage the damage.

Financial Services 66

Financial Services Encryption Passwords Communications 66

Data Protection Report

OCTOBER 1, 2019

Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y. Readers may recall that New York’s security breach notification law (N.Y.

Security 40

Security Financial Services Passwords Risk 40

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. The settlement requires EyeMed to pay $4.5 million, among other things. Background. million.

Cybersecurity 52

Cybersecurity Personal data Risk Financial Services 52

Thales Cloud Protection & Licensing

NOVEMBER 2, 2017

The conference features a variety of topics and sessions regarding all aspects of financial services, from cryptocurrency to banking. Three topics that piqued my interest at the 2017 show included authentication, blockchain and digital payments. Authentication.

Blockchain 63

Blockchain IT Authentication e-Delivery 63

Adam Levin

SEPTEMBER 5, 2019

Once the number has been transferred, the criminal has control of any accounts that are identified by caller ID (including many financial institutions) as well as any accounts protected by two-factor authentication. It is believed this was the method used to recently hack Jack Dempsey’s Twitter account. . What You Can Do.

Mining 79

Mining Authentication Financial Services Privacy 79

eSecurity Planet

JUNE 16, 2022

However, basic cybersecurity tools and practices, like patching , strong passwords , and multi-factor authentication (MFA), “can prevent 80 to 90% of cyberattacks,” said Anne Neuberger, deputy national security advisor for cyber and emerging technologies, during a White House press conference in Sept. Types of Cyberattacks.

Ransomware 145

Ransomware Cybersecurity Phishing Encryption 145

Data Matters

MAY 17, 2022

Two months later, on July 19, 2021, the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and FBI assessed that People’s Republic of China state-sponsored malicious cyber activity is a major threat to U.S. and Allied cyberspace assets. supply chain attacks). More recently, on Feb.

Cybersecurity 97

Cybersecurity Government Authentication Ransomware 97

Security Affairs

JANUARY 27, 2022

Millions of customers of large businesses have been left vulnerable to identity theft, thanks to a security flaw that exposes their personal data to illicit download. Among those affected are clients of Europcar, a vehicle rental service, and FxPro, a trading platform. ” -Mikail Tunç, a security researcher. First contact.

Personal data 88

Personal data Phishing Data breaches Passwords 88

Data Protection Report

APRIL 2, 2020

On March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic.

Risk 59

Risk Communications Authentication Financial Services 59

The Security Ledger

JUNE 23, 2020

Mature identity and access management (IAM) is a pillar of enterprise security. » Related Stories As Cyber Attacks Mount, Small Businesses seek Authentication Fix New LastPass report finds consumer behavior affects the workplace With Remote Work: MFA Makes Everyone Happy. The post What’s Good IAM? Read the whole entry. »

Authentication 52

Authentication Access Security Financial Services 52

Data Protection Report

AUGUST 11, 2022

On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500. Notifications to DFS.

Cybersecurity 59

Cybersecurity Risk Passwords Compliance 59

Krebs on Security

APRIL 11, 2024

Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense , whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. “We will provide updates as more information becomes available.”

Encryption 257

Encryption Passwords Access Financial Services 257