Communications, Financial Services and Phishing

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

HL Chronicle of Data Protection

APRIL 17, 2020

Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic. Increased Phishing and Fraud. Remote Working. Third Party Risk.

Financial Services

Financial Services Risk Cybersecurity Phishing

Unmasking 2024’s Email Security Landscape

Security Affairs

FEBRUARY 28, 2024

Emerging Threats and Trends The landscape of email threats continues to evolve, with VIPRE’s report shedding light on several alarming trends: Deepfake and AI Exploitation: Attackers increasingly leverage deepfake technology and AI to craft more convincing phishing emails, significantly raising the stakes for email security.

Security

Security Phishing Communications Financial Services

GUEST ESSAY: Why Microsoft Exchange users ‘must have’ robust data recovery policies, practices

The Last Watchdog

DECEMBER 21, 2021

Cloud hosted email services have come into wide use as the go-to communication and collaboration work tools for businesses far and wide. What’s more, many of the organizations migrating to cloud IT infrastructure services are patching together hybrid email systems, part on-premises and part cloud-hosted. Best practices a must.

Cloud

Cloud Financial Services Communications Ransomware

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

If malicious actors accessed the exposed data, the company could have faced devastating consequences and put their clients at risk, as financial services are the main target for cybercriminals. We’ve also attempted to obtain an official comment from the bank’s communication team. million files belonging to ICICI Bank.

Personal data

Personal data Phishing Risk Financial Services

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 20, 2023

The Verizon 2023 Data Breach Investigations Report reveals that system intrusion, phishing, and web app attacks are the predominant patterns that enable criminals to steal personal and financial information, including credit card data. For retailers, this poses a two-pronged challenge.

Retail

Retail Cybersecurity Financial Services Encryption

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

defense contractors and financial services firms worldwide. A network filtering driver (NDISProxy) that decrypts and injects the Trojan into memory and filters port 3389 (Remote Desktop Protocol, RDP) traffic in order to insert the Trojan’s C2 communications into it.

Communications

Communications Financial Services Phishing Encryption

CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake

KnowBe4

FEBRUARY 14, 2023

The first phishing campaigns have already been sent and more will be coming that try to trick you into clicking on a variety of links about blood drives, charitable donations, or "exclusive" videos. The reports show that ransomware incidents have increased from 17% to 19%, often spread through phishing emails and malware.

Phishing

Phishing Security awareness Compliance Risk

US: Coronavirus – Cybersecurity considerations for your newly remote workforce

DLA Piper Privacy Matters

APRIL 2, 2020

The most prevalent schemes include phishing designed to trick them into disclosing credentials or other confidential information, as well as business email compromises focused on diverting electronic payments to criminals’ accounts. Governments and cybersecurity experts are reporting a surge in COVID-19-related phishing activity.

Cybersecurity

Cybersecurity Phishing Authentication Access

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

The Last Watchdog

NOVEMBER 13, 2018

The attackers have a vast, pliable attack surface to bombard: essentially all of the externally-facing web apps, mobile apps and API services that organizations are increasingly embracing, in order to stay in step with digital transformation. Related: The ‘Golden Age’ of cyber espionage is upon us.

Security

Security Digital transformation B2C B2B

50 Ways to Avoid Getting Scammed on Black Friday

Adam Levin

NOVEMBER 17, 2020

There’s a chance the unsolicited offer in your inbox is a “ phishing ” scheme. Phishing” occurs when a scammer poses as a legitimate company or website in an attempt to get their targets to click on a link that prompts them to enter personal information or downloads malware onto their devices. Be wary of email offers.

Retail

Retail e-Delivery Passwords Phishing

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”).

Financial Services

Financial Services Cybersecurity Risk Passwords

Healthcare Organizations Need to Adapt Their Data Protection Policies to the New Threat Environment

Thales Cloud Protection & Licensing

NOVEMBER 16, 2020

In addition, telemedicine has generated a larger pool for potential phishing scams as well as other socially-engineered, and technically based, attacks (e.g., According to the report, almost all (97%) of financial services organizations store data in the cloud. ransomware). More importantly, half of that cloud data is sensitive.

Digital transformation

Digital transformation Encryption Cloud Data breaches

Stronger customer authentication only way to mitigate risk of bank fraud

Dark Reading

DECEMBER 18, 2012

Much like any other banking channel, financial institutions need to strengthen their customer authentication if they expect to stop fraud in the financial services industry, said Neil Schwartzman of secure messaging infrastructure provider, Message Bus.

Authentication

Authentication Risk Financial Services Phishing

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Security Affairs

SEPTEMBER 1, 2023

The client and server communicate over the SMB Protocol. Targeted Phishing and Social Engineering: In some cases, attackers may employ targeted phishing emails or social engineering techniques to gain initial access to a system within the target network.

Phishing

Phishing Ransomware Search queries Access

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

As organizations move toward cloud environments, vulnerabilities rooted in vast internet communications are coming to light. Healthcare and financial services are the most attacked industries. In the last decade, we’ve seen ransomware attacks increase exponentially. Ransomware facts.

Ransomware

Ransomware Encryption Insurance Cloud

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

KnowBe4

JUNE 20, 2023

Blog post with links: [link] [Brand-New Benchmark] Here Are Your Updated 2023 Phishing By Industry Benchmark Results With phishing on the rise, your employee's mindset and actions are critical to maintaining a strong security culture in your organization. million simulated phishing security tests.

Data breaches

Data breaches Phishing Security awareness Ransomware

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

Known records breached Up to 3,806 organisations with DICOM (Digital Imaging and Communications in Medicine) servers Source (New) Healthcare Unknown Unknown >59 million Akumin Source (New) Healthcare USA Yes 5 TB AMCO Proteins Source (New) Manufacturing USA Yes 4 TB Norton Healthcare Source (New) Healthcare USA Yes 2.5

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

ICYMI – Late December in privacy and cybersecurity

Data Protection Report

JANUARY 30, 2023

Colorado issued a revised draft of its privacy regulations, which added a list of what could be “substantial or material changes” to a privacy policy, which would require notice communicated to consumers in the manner by which the controller usually interacts with consumers. Which one is NOT on the list?

Privacy

Privacy Cybersecurity Personal data Insurance

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

DLA Piper Privacy Matters

MARCH 4, 2021

Security vulnerabilities including hacking, unauthorised access, malware, phishing and ransomware attacks totalled 462 breach notifications. Six companies were prosecuted for direct marketing infringements, mainly for failing to obtain the valid consent required to send direct marketing communications by email and SMS.

GDPR

GDPR Compliance Data breaches Marketing

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Per the SEC’s recent disclosure guidance, among other things, the effectiveness of disclosure controls and procedures are tied to an organization’s ability to enhance communications between technical experts and disclosure advisors on data management processes that may address such risks.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Best Network Security Tools 2021

eSecurity Planet

MAY 27, 2021

Larger organizations most targeted by advanced persistent threats (APTs) like enterprises and government agencies, financial services, energy, and telecommunications make up Kaspersky EDR’s clientele. Web application firewalls (WAF) offer monitoring, filtering, and blocking of internet communications.

Security

Security Cloud Analytics Access

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

They're the long game operations where something as small as a single phishing email could escalate into millions of IDs being exfiltrated. And so we thought it was really useful to communicate between leadership and the offenders and the defenders, that we thought you know what let's publicly release this thing and so we released it.

Government

Government IT Access Analytics

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

They're the long game operations where something as small as a single phishing email could escalate into millions of IDs being exfiltrated. And so we thought it was really useful to communicate between leadership and the offenders and the defenders, that we thought you know what let's publicly release this thing and so we released it.

Government

Government IT Access Analytics

Information Management Today

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

Unmasking 2024’s Email Security Landscape

Webinars

Trending Sources

GUEST ESSAY: Why Microsoft Exchange users ‘must have’ robust data recovery policies, practices

Webinars

Multinational ICICI Bank leaks passports and credit card numbers

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake

US: Coronavirus – Cybersecurity considerations for your newly remote workforce

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

50 Ways to Avoid Getting Scammed on Black Friday

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Healthcare Organizations Need to Adapt Their Data Protection Policies to the New Threat Environment

Stronger customer authentication only way to mitigate risk of bank fraud

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Ransomware Protection in 2021

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

ICYMI – Late December in privacy and cybersecurity

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Best Network Security Tools 2021

The Hacker Mind: MITRE ATT&CK Evaluations

The Hacker Mind: MITRE ATT&CK Evaluations

Stay Connected