Authentication, Financial Services and Security

Defending Financial Services Against Fraud in a Shifting Cyber Landscape

Thales Cloud Protection & Licensing

NOVEMBER 13, 2023

Defending Financial Services Against Fraud in a Shifting Cyber Landscape sparsh Tue, 11/14/2023 - 05:05 As we approach International Fraud Awareness Week during 12-18 November 2023, taking stock of the evolving threat landscape and the vulnerabilities that financial services organizations face is crucial.

Financial Services

Financial Services Blockchain Encryption Cloud

IBM Cloud releases 2023 IBM Cloud for Financial Services Agreed-Upon Procedures (AUP) Report

IBM Big Data Hub

MAY 23, 2023

The review report demonstrates to its clients, partners and other interested parties that IBM Cloud services have implemented and adhere to the technical, administrative and physical control requirements of IBM Cloud Framework for Financial Services. What is the IBM Cloud Framework for Financial Services?

Financial Services

Financial Services Cloud Compliance Risk

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

Thales Cloud Protection & Licensing

JANUARY 16, 2024

Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds madhav Wed, 01/17/2024 - 05:46 The Digital Operational Resilience Act (DORA) will apply to the EU financial sector from 17 January 2025. As set out in its Article 2, DORA applies to the entire financial services sector.

Financial Services

Financial Services Cloud Cybersecurity Encryption

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

News Alert: W3C advances technology to streamline payment authentication

The Last Watchdog

JUNE 15, 2023

The World Wide Web Consortium today announced a standardization milestone for a new browser capability that helps to streamline user authentication and enhance payment security during Web checkout. W3C will seek additional implementation experience prior to advancing this version of Secure Payment Confirmation to Recommendation.

Authentication

Authentication Communications Financial Services Retail

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. Two Years from Publication in State Register 500.12: Multi-factor authentication requirements; and, 500.13(a): One Year from Publication in State Register 500.4:

Financial Services

Financial Services Cybersecurity Compliance Government

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

Thales Cloud Protection & Licensing

AUGUST 31, 2022

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor. However, all this attention from cyber criminals, as well as regulators and governments, has produced an extremely resilient industry with some of the best cyber security practices of any sector. Thu, 09/01/2022 - 05:15.

Financial Services

Financial Services Cybersecurity Computer and Electronics Cloud

Business Resilience through ‘Zero Trust’: Navigating through People, Process and Platforms

Data Breach Today

SEPTEMBER 23, 2021

CyberEdBoard Executive Member, Maria Filomena Gibe, guest speaks on panel at ISMG Virtual Cybersecurity Summit Asia: Financial Services The panel discusses: • How ‘zero trust’ has made security as a business enabler • Building a multi-factor authentication model based on ‘zero trust’ • Building ‘zero trust’ framework aligned with people, process and (..)

Financial Services

Financial Services Authentication Cybersecurity Security

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Covered Entities must have a monitoring process that ensures prompt notification of any new security vulnerabilities. Multifactor Authentication.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Why Financial Service Companies Are Turning to Cloud PKI

HID Global

JANUARY 17, 2023

PKI enables companies to securely authenticate and authorize users, servers, applications and devices and encrypt all data and communication between them.

Financial Services

Financial Services Cloud Encryption Authentication

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. By using the services, cybercriminals can gain access to victims’ accounts to steal money.

Authentication

Authentication Phishing Financial Services Passwords

Sizing Up the Roles of Behavioral Analytics, 'Zero Trust'

Data Breach Today

FEBRUARY 26, 2020

Security Experts Discuss Authentication Challenges in the Financial Services Sector Improvements in behavioral biometrics and analytics are changing the way many financial services firms approach authentication.

Analytics

Analytics Financial Services Authentication Access

Business Resilience Through ‘Zero Trust’

Data Breach Today

SEPTEMBER 23, 2021

CyberEdBoard Executive Member Maria Filomena Gibe Speaks on Panel at ISMG Virtual Cybersecurity Summit Asia: Financial Services CyberEdBoard member Maria Filomena Gibe speaks on a panel at ISMG Virtual Cybersecurity Summit Asia: Financial Services.

Financial Services

Financial Services Authentication Cybersecurity Security

How Multi-factor Authentication Can Benefit Your Industry

Rocket Software

AUGUST 17, 2020

Depending on what industry you’re in, your approach to security may be very different. For some sectors, like finance, security and data protection are top of mind for everything that is done. Financial services organizations typically experience the most data breaches and hacks, which makes security a priority.

Authentication

Authentication Financial Services Passwords Insurance

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

HL Chronicle of Data Protection

APRIL 17, 2020

Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic.

Financial Services

Financial Services Risk Cybersecurity Phishing

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Hunton Privacy

APRIL 22, 2020

On April 13, 2020, the New York Department of Financial Services (“NYDFS”) issued guidance (“April guidance”) to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic.

Financial Services

Financial Services Cybersecurity Phishing Risk

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

Security Affairs

NOVEMBER 10, 2023

Treasury market and impacted some fixed income and equities transactions “The Securities Industry and Financial Markets Association first told members on Wednesday that ICBC Financial Services had been hit by ransomware software, which paralyses computer systems unless a payment is made, several people familiar with the discussions said.”

Ransomware

Ransomware Financial Services Marketing Authentication

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action

Thales Cloud Protection & Licensing

MARCH 6, 2024

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action madhav Thu, 03/07/2024 - 04:56 APIs (Application Programming Interfaces) are the backbone of modern digital innovation. Attackers increasingly exploit vulnerabilities, frequently targeting API business logic to bypass traditional security measures.

Security

Security Authentication Risk Cybersecurity

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Thales Cloud Protection & Licensing

JANUARY 11, 2023

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List. Throughout 2022, Thales hosted more than 40 webinars on a wide variety of cybersecurity topics, including, cloud security, data sovereignty, compliance, data threat trends, and rethinking approaches to role-based authentication.

Compliance

Compliance Cloud Security Financial Services

How Can We Secure The Future of Digital Payments?

Thales Cloud Protection & Licensing

JANUARY 10, 2022

How Can We Secure The Future of Digital Payments? The financial services ecosystem has evolved tremendously over the past few years driven by a surge in the adoption of digital payments. Without it, it’s close to impossible for an organization to act securely and in accordance with rules and regulations. Data security.

Retail

Retail Security Financial Services Authentication

Recycle Your Phone, Sure, But Maybe Not Your Number

Krebs on Security

MAY 19, 2021

New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online. While you’re at it, consider removing your phone number as a primary or secondary authentication mechanism wherever possible.

Authentication

Authentication Passwords Financial Services Risk

The Future of Payments Security

Thales Cloud Protection & Licensing

JANUARY 26, 2021

The Future of Payments Security. Even when banking organizations are upgrading security posture to safeguard sensitive financial information, hackers can steal the data intelligently by tying known vulnerabilities together, and making it turn out to be a potential attack. Securing digital transactions. Online skimming.

Security

Security Retail Authentication Big data

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. OTP Agency took itself offline within hours of that story. .

Passwords

Passwords Authentication Phishing Access

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 20, 2023

The IBM 2023 Cost of a Data Breach Report , for example, highlights the continuous financial burden on retailers, which, coupled with potential reputational damage, emphasizes the dire need for retailers to prioritize and bolster their cybersecurity measures. Behind every system, software, and security protocol stands a human being.

Retail

Retail Cybersecurity Financial Services Encryption

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. Require multi-factor authentication (MFA) for all users. The following are the best practices highlighted by the Advisory, Microsoft report, PANW report, and Mandiant report.

Cybersecurity

Cybersecurity Financial Services Authentication Government

NY Investigates Exposure of 885 Million Mortgage Documents

Krebs on Security

MAY 31, 2019

On May 24, KrebsOnSecurity broke the news that First American had just fixed a weakness in its Web site that exposed approximately 885 million documents — many of them with Social Security and bank account numbers — going back at least 16 years. No authentication was needed to access the digitized records. ” .”

Financial Services

Financial Services Insurance Sales Authentication

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

AUGUST 15, 2018

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). Related: How PKI can secure IoT. This makes any personal information and details of financial transactions typed on HTTP web pages easy pickings.

Security

Security Encryption Authentication Financial Services

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

The Last Watchdog

JULY 11, 2023

Related: Preserving the privacy of the elderly As more traders and investors engage in these investment avenues, it is crucial to adopt robust security measures to safeguard sensitive and regulated information. Continuous threat detection is a proactive approach to maintaining trading environment security.

IT

IT Encryption Risk Financial Services

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. In the days that followed, the DFS and U.S.

Insurance

Insurance Financial Services Mining Access

Central Bank Digital Currency (CBDC) and blockchain enable the future of payments

IBM Big Data Hub

AUGUST 17, 2023

Banks and governments are actively seeking CBDC because it is a more secure alternative to crypto. CBDC operates on a secure, transparent blockchain network, and it uses blockchain technology to create an immutable record of all transactions. Blockchain technology is characterized by its transparency, security and immutability.

Blockchain

Blockchain Financial Services Risk Authentication

Credit Union Sues Fintech Giant Fiserv Over Security Claims

Krebs on Security

MAY 3, 2019

A Pennsylvania credit union is suing financial industry technology giant Fiserv , alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers. Most alarmingly, this security control was purely illusory.

Security

Security Passwords Financial Services Sales

RSAC insights: Introducing ‘CWPP’ and ‘CSPM,’ new frameworks to secure cloud infrastructure

The Last Watchdog

MAY 17, 2021

In pulling off that milestone hack, Paige Thompson took advantage of CapOne’s lack of focus on cloud security as the banking giant rushed headlong into leveraging Amazon Web Services. A slew of new cloud-security frameworks have gained traction since the Capital One hack. Related: How credential stuffing fuels account takeovers.

Cloud

Cloud Security Risk Financial Services

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

“InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks,” the FBI’s InfraGard fact sheet reads. That InfraGard member, who is head of security at a major U.S. Department of Defense.

Sales

Sales Energy and Utilities Communications Data breaches

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware

Ransomware Security Financial Services Cybersecurity

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

The Security Ledger

DECEMBER 21, 2022

Paul speaks with Caleb Sima, the CSO of the online trading platform Robinhood, about his journey from teenage cybersecurity phenom and web security pioneer, to successful entrepreneur to an executive in the trenches of protecting high value financial services firms from cyberattacks. Read the whole entry. »

Financial Services

Financial Services Cybersecurity Data breaches Authentication

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

financial services firm Ameriprise uses the domain ameriprise.com; the Disneyland Team’s domain for Ameriprise customers is [link] [brackets added to defang the domain], which displays in the browser URL bar as ? Most Web browser makers, however, have spent years adding security protections to block such nefarious activity.

Phishing

Phishing Authentication Financial Services Access

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

This follows the FCA’s announcement in its 2020-21 business plan that payment services were one of its main supervisory priorities 1 and its temporary guidance of July 9, 2020, on prudential risk management and safeguarding in light of the COVID-19 pandemic ( Temporary COVID Guidance ). Authentication code.

Authentication

Authentication Paper Risk Insurance

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

From the very beginning of the cloud computing era, security has been the biggest concern among enterprises considering the public cloud. In addition, 95 percent of survey respondents confirmed that they are extremely to moderately concerned about public cloud security. What is cloud security?

Cloud

Cloud Security Encryption Risk

Oracle Critical Patch Update for January 2022 will fix 483 new flaws

Security Affairs

JANUARY 17, 2022

This pre-release announcement for Critical Patch Update (CPU) for January 2022 confirms that Oracle security updates will address 483 new security patches. “A Critical Patch Update is a collection of patches for multiple security vulnerabilities. This Critical Patch Update addresses 483 new security patches.

Communications

Communications Financial Services Big data Retail

Access:7 flaws impact +150 device models from over 100 manufacturers

Security Affairs

MARCH 8, 2022

Most of the impacted vendors are in the healthcare sector (55%), followed by IoT (24%), IT (8%), financial services (5%), and manufacturing (4%). PTC has released security patches for Axeda despite it has reached the end of life, it also released mitigations and workarounds for the vulnerabilities. Pierluigi Paganini.

Manufacturing

Manufacturing Access IoT Authentication

Catches of the Month: Phishing Scams for October 2023

IT Governance

OCTOBER 13, 2023

October is both Cybersecurity Awareness Month in the US and European Cyber Security Month in the EU – twin campaigns on either side of the Atlantic that aim to improve awareness of the importance of cyber security both at work and at home, and provide tips on how to stay secure.

Phishing

Phishing Financial Services Manufacturing Personal data

The Clock is Ticking for PCI DSS 4.0 Compliance

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

Compliance madhav Tue, 09/19/2023 - 05:17 It is essential for any business that stores, processes, and transmits payment card information to comply with the Payment Card Industry Data Security Standard (PCI DSS). Consumers’ payment data is a compelling target for criminals who continue to circumvent IT security defenses.

Compliance

Compliance Financial Services Data breaches Encryption

Would You Have Fallen for This Phone Scam?

Krebs on Security

APRIL 28, 2020

Last week, KrebsOnSecurity told the harrowing tale of a reader (a security expert, no less) who tried to turn the tables on his telephonic tormentors and failed spectacularly. In another test, the automated system asked for the account holder’s full Social Security number. “I was appalled that Citi would do that.

Financial Services

Financial Services Sales Authentication Risk

Kaseya fixed two of the three Kaseya Unitrends zero-days found in July

Security Affairs

AUGUST 26, 2021

Software firm Kaseya addressed Kaseya Unitrends zero-day vulnerabilities that were reported by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD). On July 26, security researchers warned of three new zero-day vulnerabilities in the Kaseya Unitrends service. Pierluigi Paganini.

Authentication

Authentication Financial Services Cloud Security

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

Defending Financial Services Against Fraud in a Shifting Cyber Landscape

IBM Cloud releases 2023 IBM Cloud for Financial Services Agreed-Upon Procedures (AUP) Report

Webinars

Trending Sources

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

Webinars

News Alert: W3C advances technology to streamline payment authentication

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

Business Resilience through ‘Zero Trust’: Navigating through People, Process and Platforms

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Why Financial Service Companies Are Turning to Cloud PKI

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

Sizing Up the Roles of Behavioral Analytics, 'Zero Trust'

Business Resilience Through ‘Zero Trust’

How Multi-factor Authentication Can Benefit Your Industry

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

How Can We Secure The Future of Digital Payments?

Recycle Your Phone, Sure, But Maybe Not Your Number

The Future of Payments Security

The Rise of One-Time Password Interception Bots

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

NY Investigates Exposure of 885 Million Mortgage Documents

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

NY Charges First American Financial for Massive Data Leak

Central Bank Digital Currency (CBDC) and blockchain enable the future of payments

Credit Union Sues Fintech Giant Fiserv Over Security Claims

RSAC insights: Introducing ‘CWPP’ and ‘CSPM,’ new frameworks to secure cloud infrastructure

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

Disneyland Malware Team: It’s a Puny World After All

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Top 12 Cloud Security Best Practices for 2021

Oracle Critical Patch Update for January 2022 will fix 483 new flaws

Access:7 flaws impact +150 device models from over 100 manufacturers

Catches of the Month: Phishing Scams for October 2023

The Clock is Ticking for PCI DSS 4.0 Compliance

Would You Have Fallen for This Phone Scam?

Kaseya fixed two of the three Kaseya Unitrends zero-days found in July

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Stay Connected