Communications, Financial Services, Government and Security

Unmasking 2024’s Email Security Landscape

Security Affairs

FEBRUARY 28, 2024

Analyzing the Email Security Landscape and exploring Emerging Threats and Trends. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year. million as malicious.

Security

Security Phishing Communications Financial Services

US SEC warns investors of ongoing fraudulent communications claiming from the SEC

Security Affairs

NOVEMBER 21, 2021

The Securities and Exchange Commission (SEC) warns investors of attacks impersonating its officials in government impersonator schemes. The Securities and Exchange Commission (SEC) is warning investors of scammers impersonating SEC officials in fraudulent schemes. “Beware of government impersonator schemes.

Communications

Communications Financial Services Education Government

Summary – “Industry in One: Financial Services”

ARMA International

NOVEMBER 7, 2019

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny.

Financial Services

Financial Services Communications Compliance Risk

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”). As part of the “training and monitoring” requirements under Section 500.14 Additional Requirements.

Financial Services

Financial Services Cybersecurity Risk Passwords

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

Researchers from the German cyber security company Aplite discovered 3,806 servers from 111 countries accessible on the Internet. TB Concertus Design and Property Consultants Limited Source 1 ; source 2 (New) Professional services UK Yes 1.9 Organisation name Sector Location Data exfiltrated? TB Acero Engineering, Inc.

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. government, especially in light of ongoing tensions between the U.S. This is an important public action by the U.S. and Russia in Ukraine.

Cybersecurity

Cybersecurity Financial Services Authentication Government

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Source (New) Transport USA Yes 3,815 Okta Source 1 ; source 2 (Update) Cyber security USA Yes 3,800 Shah Dixit & Associates, P.C. million for security failings relating to a 2018 cyber attack on its mobile banking platform. UniCredit fined €2.8 about the recent rise in Facebook and Instagram account takeovers by scammers.

Data Privacy

Data Privacy Privacy Security Data breaches

Helping enterprises across regulated industries leverage hybrid cloud and AI

IBM Big Data Hub

MAY 8, 2024

For true transformation to begin, we believe it is key to understand the unique challenges organizations are facing—whether it is keeping data secured, addressing data sovereignty requirements or speeding time to market to satisfy consumers. The security of our client’s data is at the heart of everything we do.

Cloud

Cloud Customer Experience Artificial Intelligence Compliance

How financial institutions can deliver value from investment in digital operational resilience

IBM Big Data Hub

DECEMBER 4, 2023

The Digital Operational Resilience Act (DORA) is a landmark piece of legislation in the European Union (EU) that is designed to help fortify the operational resilience of the financial sector, making it fit for purpose in the digital age.

Financial Services

Financial Services Compliance Risk Business Services

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

The Last Watchdog

DECEMBER 6, 2018

Businesses at large would do well to model their data collection and security processes after what the IC refers to as the “intelligence cycle.” This cycle takes a holistic approach to detecting and deterring external threats and enforcing best-of-class data governance procedures. infrastructure from cyber attacks.

Security

Security Financial Services Manufacturing Data collection

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 20, 2023

The IBM 2023 Cost of a Data Breach Report , for example, highlights the continuous financial burden on retailers, which, coupled with potential reputational damage, emphasizes the dire need for retailers to prioritize and bolster their cybersecurity measures. Behind every system, software, and security protocol stands a human being.

Retail

Retail Cybersecurity Financial Services Encryption

A Pro-Innovation Approach: UK Government publishes white paper on the future of governance and regulation of artificial intelligence

DLA Piper Privacy Matters

MARCH 31, 2023

Authors: James Clark , Coran Darling , Andrew Dyson , Gareth Stokes , Imran Syed & Rachel de Souza In November 2021, the UK Government (“ Government ”) issued the National Artificial Intelligence (AI) Strategy , with the ambition of making the UK a global AI superpower over the next decade.

Artificial Intelligence

Artificial Intelligence Paper Government Risk

News Alert: W3C advances technology to streamline payment authentication

The Last Watchdog

JUNE 15, 2023

The World Wide Web Consortium today announced a standardization milestone for a new browser capability that helps to streamline user authentication and enhance payment security during Web checkout. Publication of Secure Payment Confirmation as a Candidate Recommendation indicates that the feature set is stable and has received wide review.

Authentication

Authentication Communications Financial Services Retail

OCR Labs exposes its systems, jeopardizing major banking clients

Security Affairs

APRIL 6, 2023

A digital identification tool provided by OCR Labs to major banks and government agencies leaked sensitive credentials, putting clients at severe risk. Its services are used by companies and financial institutions including BMW, Vodafone, the Australian government, Westpac, ANZ, HSBC, and Virgin Money.

IT

IT Financial Services Access Risk

Google Yanks 106 ‘Malicious’ Chrome Extensions

Threatpost

JUNE 18, 2020

Trojan Chrome browser extensions spied on users and maintained a foothold on the networks of financial services, oil and gas, media and entertainment, healthcare and pharmaceuticals and government organizations.

Healthcare

Healthcare Financial Services Government Communications

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security. However, despite the critical status of bank infrastructure on the national level, the security of crucial data was not ensured. million files belonging to ICICI Bank.

Personal data

Personal data Phishing Risk Financial Services

Navigating the digital wave: Understanding DORA and the role of confidential computing

IBM Big Data Hub

FEBRUARY 5, 2024

The Digital Operational Resilience Act (DORA) marks a significant milestone in the European Union’s (EU) efforts to bolster the operational resilience of the financial sector in the digital age. Furthermore, the RTS Article 6 highlights the necessity for all networked traffic, both internal and external, to be encrypted.

Encryption

Encryption Data Privacy Compliance Cloud

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Data Protection Report

DECEMBER 17, 2020

On 25 November 2020, the European Commission ( EC ) published its proposed Data Governance Regulation (the DGR ), which will create a new legal framework to encourage the development of a European single market for data. What are the objectives of the Data Governance Regulation? This is part one of a series of three blog posts.

Government

Government Personal data Marketing Artificial Intelligence

2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business

Thales Cloud Protection & Licensing

DECEMBER 20, 2023

This strategy addresses security concerns related to intellectual property and sensitive data in large language models (LLMs). This enhances data privacy and security and allows for greater control and efficiency in AI application deployment within the enterprise. However, with great power comes great responsibility.

Cybersecurity

Cybersecurity Blockchain Artificial Intelligence Encryption

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

Fowler sent a responsible disclosure notice when he discovered the database and it was secured the following day. Source New Telecoms USA Yes 6,158 Nabholz Construction Company Employee Welfare Health Plan Source 1 ; source 2 New Healthcare USA Yes 5,326 Dawson James Securities, Inc. North Hill Home Health Care, Inc.,

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. ” reads the report published by Crowdstrike. ” continues the report. Pierluigi Paganini.

Access

Access Financial Services Retail Insurance

The CFO’s role in the age of generative AI

IBM Big Data Hub

MAY 14, 2024

The IBM Institute for Business Value CEO study on decision-making in the age of AI found the top priorities for CEOs are technology modernization and productivity, while the three biggest challenges are technology modernization, sustainability and security.

Unstructured data

Unstructured data Government Cloud Analytics

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were used in a massive surveillance campaign aimed at users working in the financial services, oil and gas, media and entertainment, healthcare, government organizations, and pharmaceuticals. ” reads the analysis published by Awake Security. appeared first on Security Affairs.

Healthcare

Healthcare Financial Services Communications Security

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Data Protection Report

APRIL 9, 2024

On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) published a Notice of Proposed Rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which imposes new reporting requirements for entities operating in critical infrastructure sectors.

Ransomware

Ransomware Agriculture Cybersecurity Government

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

The SEC is considering enhancing its disclosure rules concerning cybersecurity risk governance and has indicated a target release date of October 2021. provide for open communications between technical experts and disclosure advisers. This resolution highlights the SEC’s continued focus on cybersecurity.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

erwin’s Predictions for 2021: Data Relevance Shines at the End of the Tunnel

erwin

JANUARY 7, 2021

However, challenges persist if your organization doesn’t take proper precautions in supporting a remote workforce — from human resources to productivity and IT security – especially when regulations such as the European Union’s General Data Protection Regulation (GDPR) are involved. COVID changed everything.

Metadata

Metadata Artificial Intelligence Compliance Government

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

Data Matters

AUGUST 17, 2021

The Guidance is not intended to serve as a comprehensive framework but rather provides financial institutions with examples of effective risk management practices without endorsing any specific information security framework or standard. inventory of digital banking services and customers. identification of high-risk users.

Authentication

Authentication Access Risk Financial Services

4 Special Requirements Social Media and Collaboration Create for GDPR Compliance

AIIM

JANUARY 26, 2018

A new set of European rules and standards related to privacy and data protection (the General Data Protection Regulation , or GDPR ) has set in motion a mad compliance and security scramble not only for European companies, but also for any company doing business in Europe or with European customers. 3 -- Governance and oversight.

GDPR

GDPR Compliance Archiving Privacy

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

Security experts observed the LuckyMouse APT group using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks. defense contractors and financial services firms worldwide. The hackers attempted to inject malicious JavaScript code into the government websites connected to the data center.

Communications

Communications Financial Services Phishing Encryption

NYDFS Requires COVID-19 Plans by April 9

Data Protection Report

APRIL 2, 2020

On March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic.

Risk

Risk Communications Authentication Financial Services

FCC Seeks to Refresh the TCPA Record

HL Chronicle of Data Protection

MAY 21, 2018

FCC , the Federal Communications Commission is going back to the drawing board in a new Public Notice that seeks comment on foundational TCPA issues. Should contractors acting on behalf of the federal government be considered “persons” under the TCPA? Now that the dust has settled from the D.C. In March, the D.C.

Communications

Communications Financial Services Privacy Government

Indonesia Publishes Proposed Data Protection Rule

Hunton Privacy

JULY 17, 2015

On July 14, 2015, pursuant to an implementation requirement of Government Regulation 82 of 2012, the Indonesian government published the Draft Regulation of the Minister of Communication and Information (RPM) of the Protection of Personal Data in Electronic Systems (“Proposed Regulation”). 82 of 2012.

Personal data

Personal data Archiving Financial Services Communications

Russia-Ukraine cyber conflict poses critical infrastructure at risk

Security Affairs

MARCH 14, 2022

Ongoing attacks could cause severe damages to multiple sectors, including transportation, communication, financial services, government facilities, nuclear reactors, and critical manufacturing. The post Russia-Ukraine cyber conflict poses critical infrastructure at risk appeared first on Security Affairs.

Risk

Risk Financial Services Manufacturing Communications

Netsparker Product Review

eSecurity Planet

FEBRUARY 8, 2021

As hacking becomes more common each day, dynamic application security tools (DASTs) like Netsparker are becoming essential in preventing malicious attacks. . Netsparker also streamlines and simplifies many of the various hardware and software solutions that are typically layered to create an end-to-end website security system. .

Financial Services

Financial Services Compliance Sales Education

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

Data Matters

MAY 17, 2022

Attorney General described a recent takedown of a Russian government-sponsored botnet called Cyclops Blink before it was weaponized and caused damage. and foreign government agencies. government reported a significant rise in hacks perpetrated against private companies by nation-state-sponsored threat actors. 19, 2022).

Cybersecurity

Cybersecurity Government Authentication Ransomware

From Data Chaos to Data Clarity: Four Trends Reshaping Data Management in the Digital Age

Reltio

MARCH 20, 2023

This allows data stewards to focus on more strategic tasks like designing and implementing data governance policies. For example, MDM and AI work together to significantly enhance entity resolution, relationship management, data quality, and data governance.

MDM

MDM Cloud Analytics e-Discovery

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

Data Matters

MARCH 21, 2022

Congress has passed a significant new cybersecurity law that will require critical infrastructure entities to report material cybersecurity incidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 and 24 hours, respectively. Background. 651, et seq.

Ransomware

Ransomware Cybersecurity Agriculture Communications

Cachet Financial Reeling from MyPayrollHR Fraud

Krebs on Security

OCTOBER 24, 2019

“We apologize for the inconvenience of this message,” reads the communication from Cachet that went out to customers just after 6:30 PM ET on Oct. ” In a follow-up communication sent Thursday evening, Cachet said all debit transactions with a settlement date of Oct. But on Oct. 1, 2019 to Aug.

Communications

Communications Financial Services Insurance Risk

The aftermath of an incident – why keeping records of data breaches and privacy incidents matters

Data Protection Report

JUNE 14, 2022

As privacy incidents and security breaches involving personal information become increasingly frequent, organizations are more and more aware of the importance of implementing a robust privacy program to mitigate the risks and impacts of such incidents. Procedural Considerations.

Privacy

Privacy Data breaches Compliance Financial Services

How women are leading with data in Spain

Collibra

DECEMBER 9, 2020

In partnership with the Women of Collibra Employee Resource Group, we asked these two data governance professionals about their beginnings in the data industry, what it is like to become a Collibra Ranger and what can be done to promote more women in the field. Laura : Senior Consultant for the Data Governance practice.

Government

Government Financial Services Insurance Analytics

Understanding China’s Data Regulatory Regime: What Are Important Data? And Can They Be Transferred Outside Of China?

Data Matters

APRIL 11, 2022

The Cyber Security Law (2017) (the CSL ) prohibits operators of critical information infrastructures ( CIIs ) from transferring their “important data” and personal information outside of China. Network Data Security Regulation. The concept of “important data” is a cornerstone of China’s data regulatory regime.

Military

Military Artificial Intelligence Security Financial Services

“Am I a CII operator?” – New regulation in China provides more clarity

Data Protection Report

AUGUST 18, 2021

China’s Cyber Security Law ( CSL ), enacted in 2016, requires operators of critical information infrastructure ( CII ) to follow a number of enhanced security obligations, including storing within China all personal information and important data collected or generated during their operations in China. Scope and identification of CII.

Financial Services

Financial Services Data collection Security Communications

EU’s possible Data Act: What can we anticipate from the Inception Impact Assessment and the Consultation?

Data Protection Report

JULY 5, 2021

The European Commission (EC) signalled plans for a new Data Act, to be published in late 2021, in its February 2020 Data Strategy Communication. Mitigate risks resulting from government access to non-personal data of EU companies, held by foreign cloud computing service providers. What is the objective of the possible Data Act?

B2B

B2B Personal data Cloud Access

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

Likewise, the New York State Department for Financial Services regulations requires relevant entities to have appropriate record retention policies and procedures. How do you build an effective information governance program? Information governance must be an ongoing programme which is valued by senior management.

Privacy

Privacy Compliance Personal data Risk

Unmasking 2024’s Email Security Landscape

US SEC warns investors of ongoing fraudulent communications claiming from the SEC

Trending Sources

Summary – “Industry in One: Financial Services”

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

Helping enterprises across regulated industries leverage hybrid cloud and AI

How financial institutions can deliver value from investment in digital operational resilience

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

A Pro-Innovation Approach: UK Government publishes white paper on the future of governance and regulation of artificial intelligence

News Alert: W3C advances technology to streamline payment authentication

OCR Labs exposes its systems, jeopardizing major banking clients

Google Yanks 106 ‘Malicious’ Chrome Extensions

Multinational ICICI Bank leaks passports and credit card numbers

Navigating the digital wave: Understanding DORA and the role of confidential computing

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

Iran-linked APT group Pioneer Kitten sells access to hacked networks

The CFO’s role in the age of generative AI

Hundreds of malicious Chrome browser extensions used to spy on you!

CISA issues proposed rules for cyber incident reporting in critical infrastructure

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

erwin’s Predictions for 2021: Data Relevance Shines at the End of the Tunnel

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

4 Special Requirements Social Media and Collaboration Create for GDPR Compliance

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

NYDFS Requires COVID-19 Plans by April 9

FCC Seeks to Refresh the TCPA Record

Indonesia Publishes Proposed Data Protection Rule

Russia-Ukraine cyber conflict poses critical infrastructure at risk

Netsparker Product Review

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

From Data Chaos to Data Clarity: Four Trends Reshaping Data Management in the Digital Age

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

Cachet Financial Reeling from MyPayrollHR Fraud

The aftermath of an incident – why keeping records of data breaches and privacy incidents matters

How women are leading with data in Spain

Understanding China’s Data Regulatory Regime: What Are Important Data? And Can They Be Transferred Outside Of China?

“Am I a CII operator?” – New regulation in China provides more clarity

EU’s possible Data Act: What can we anticipate from the Inception Impact Assessment and the Consultation?

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Stay Connected