Data, Encryption, Financial Services and Groups

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

DLA Piper Privacy Matters

AUGUST 8, 2023

Authors: Carolyn Bigg, Amanda Ge and Venus Cheung On July 24, 2023, the People’s Bank of China (“ PBOC ”) released the Measures for the Management of Data Security in the Business Areas Falling into PBOC’s Jurisdiction (Draft for Comment) (“ Draft Measures” ) for public consultation, which closes on August 24, 2023.

Financial Services

Financial Services Personal data Compliance Data collection

Putting data storage at the forefront of cloud security

IBM Big Data Hub

NOVEMBER 7, 2023

Securing sensitive data in an evolving landscape Advancements like those in AI and quantum computing can pose new challenges to customers, especially those in highly regulated industries such as financial services, healthcare, telecommunications and more.

Cloud

Cloud Financial Services Security Compliance

Slack Launched Encryption Key Addon For Businesses

Security Affairs

MARCH 18, 2019

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data.

Encryption

Encryption Risk Financial Services Privacy

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Morgan Stanley discloses data breach after the hack of a third-party vendor

Security Affairs

JULY 8, 2021

The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. Guidehouse advised us that data that it maintained for Morgan Stanley had been accessed through the Accellion FTA vulnerability.”

Data breaches

Data breaches Encryption Financial Services Access

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. terabyte of stolen data. Threat actors used custom malware to steal data from 3.2 “The data was collected from 3.25 How to protect your data from such kind of malware?

Computer and Electronics

Computer and Electronics Archiving Encryption Passwords

BlackCocaine Ransomware, a new malware in the threat landscape

Security Affairs

JUNE 5, 2021

Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021, by Nucleus Software, an India-based IT company in the Banking and Financial Services sector. Nucleus Software declared that it does not store customers’ financial data. BlackCocaine ” to the filenames of encrypted files.

Ransomware

Ransomware Encryption File names Financial Services

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The data included shoppers’ names, email addresses, phone numbers, countries of residence and membership numbers.

Data Privacy

Data Privacy Privacy Security Data breaches

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

Navigating the EU-US Data Protection Framework sparsh Thu, 01/11/2024 - 05:26 On 10 July 2023, the European Commission adopted a new adequacy decision regarding the Data Privacy Framework (“DPF”). However, European organizations need to dive with eyes wide open when transferring personal data to the US under the DPF.

Data Privacy

Data Privacy Personal data Privacy Cloud

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The Budworm espionage group resurfaced targeting a U.S.-based This is the first time that Symantec researchers have observed the Budworm group targeting a U.S-based The group also targeted a hospital in South East Asia. The China-linked APT27 group has been active since 2010, it targeted organizations worldwide, including U.S.

File names

File names Financial Services Manufacturing Libraries

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

FEBRUARY 20, 2024

Lockbit ransomware group administrative staff has confirmed with us their websites have been seized. pic.twitter.com/SvpbeslrCd — vx-underground (@vxunderground) February 19, 2024 The operation led to the arrest of two members of the ransomware gang in Poland and Ukraine and the seizure of hundreds of crypto wallets used by the group.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Agriculture

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

. “The Department of State is announcing reward offers totaling up to $15 million for information leading to the arrest and/or conviction of any individual participating in a LockBit ransomware variant attack and for information leading to the identification and/or location of any key leaders of the LockBit ransomware group.”

Energy and Utilities

Energy and Utilities Ransomware Agriculture Manufacturing

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

DLA Piper Privacy Matters

APRIL 20, 2021

Important new guidelines outlining how personal and other types of financial information should be handled by financial institutions throughout the data lifecycle have just come into force in China, including a new data localisation obligation. The “Financial Data Lifecycle Guidelines” (????????????)

Compliance

Compliance Security Financial Services Data collection

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

APRIL 8, 2020

The drug testing firm Hammersmith Medicines Research LTD (HMR), which performs live trials of Coronavirus vaccines, discloses a data breach. Stolen data included the personal information for volunteers who surnames begin with D, G, I, or J. A criminal group called Maze has claimed responsibility.”

Ransomware

Ransomware Data breaches Encryption Financial Services

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors.

Ransomware

Ransomware Passwords Encryption Financial Services

5 things to know: IBM Cloud’s mission to accelerate innovation for clients

IBM Big Data Hub

AUGUST 1, 2023

We are bringing the power of foundation models with the availability of a GPU as a service on IBM Cloud offering to help organizations tap into artificial intelligence (AI) in a secured environment while aiming to mitigate third- and fourth-party risk.

Financial Services

Financial Services Computer and Electronics Cloud Digital transformation

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs

DECEMBER 2, 2022

Like other ransomware gangs, Cuba used ‘double extortion’ techniques which means that it exfiltrates data from the target systems before encrypting them and demanding a ransom payment, threatening to publicly release it if payment is not made. entities and the ransom amounts demanded by Cuba actors.”

Ransomware

Ransomware Financial Services Manufacturing Phishing

Ransomware at IT Services Provider Synoptek

Krebs on Security

DECEMBER 27, 2019

-based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries , including state and local governments, financial services, healthcare, manufacturing, media, retail and software.

Ransomware

Ransomware IT Phishing Financial Services

Experts linked ransomware attacks to China-linked APT27

Security Affairs

JANUARY 4, 2021

Researchers from security firms Profero and Security Joes linked a series of ransomware attacks to the China-linked APT27 group. Security researchers from security firms Profero and Security Joes investigated a series of ransomware attacks against multiple organizations and linked them to China-linked APT groups.

Ransomware

Ransomware Encryption Financial Services Cybersecurity

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

Healthcare and public health, financial services, and IT organizations are frequent targets, although businesses of all sizes can fall victim to these schemes. They can refuse to pay the ransom and have criminals release sensitive data. Data, even when returned, can be damaged or useless, delaying ongoing projects.

Ransomware

Ransomware Education Phishing Financial Services

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

The Future of Payments Security

Thales Cloud Protection & Licensing

JANUARY 26, 2021

As the infrastructure changes, the adversaries change along with it to take the easiest path to data. Even when banking organizations are upgrading security posture to safeguard sensitive financial information, hackers can steal the data intelligently by tying known vulnerabilities together, and making it turn out to be a potential attack.

Security

Security Retail Authentication Big data

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Security Affairs

MAY 10, 2022

“Frappo” acts as a Phishing-as-a-Service and enables cybercriminals the ability to host and generate high-quality phishing pages which impersonate major online banking, e-commerce, popular retailers, and online-services to steal customer data. The last update of the service was registered May 1, 2022.

Phishing

Phishing Retail Financial Services Data breaches

How ATB Financial drives agile data ops with Collibra and GCP

Collibra

MARCH 23, 2021

ATB Financial provides a diversified set of financial services to more than 770,000 residents of Alberta, Canada. Being a regionally focused institution, the group is dedicated to knowing its customers intimately, understanding their needs and providing products and services that help them achieve their goals.

Cloud

Cloud Government Access Metadata

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

Security experts observed the LuckyMouse APT group using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks. The APT group has been active since at least 2010, the crew targeted U.S. defense contractors and financial services firms worldwide. ” concludes Kaspersky.

Communications

Communications Financial Services Phishing Encryption

New Trickbot module implements Remote App Credential-Grabbing features

Security Affairs

FEBRUARY 18, 2019

The new variant is being spread via spam emails that pose as tax-incentive notification purporting to be from the financial services company Deloitte. The spam messages come with a macro-enabled (XLSM) Microsoft Excel spreadsheet attachment that purportedly includes data related to the tax incentive.

Passwords

Passwords Financial Services Encryption Authentication

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

All of your files are encrypted with RSA-2048 and AES-128 ciphers.” ” Or you might see a readme.txt stating, “Your files have been replaced by these encrypted containers and aren’t accessible; you will lose your files on [enter date] unless you pay $2500 in Bitcoin.” IMPORTANT INFORMATION !!!

Ransomware

Ransomware Encryption Insurance Cloud

US: Surviving the service provider data breach

DLA Piper Privacy Matters

JULY 30, 2019

A data breach, that is. It’s your service provider’s breach, but it involves your (more likely, your customer’s) data. Service provider cyber incidents have exploded in volume, type, frequency, response time and cost. Who “owns” a data breach?

Data breaches

Data breaches Cybersecurity Financial Services Risk

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Data Matters

OCTOBER 8, 2020

Ransomware attacks use malware, often injected through phishing schemes, to encrypt a victim’s data files or programs, followed by a ransom demand by the threat actor that offers the decryption key in exchange for payment. Payment is often demanded in bitcoin, and thus third-party services are often used to make such payments.

Ransomware

Ransomware Compliance Risk Government

What Are Firewall Rules? Ultimate Guide & Best Practices

eSecurity Planet

JANUARY 24, 2024

This includes protecting data from internet threats, but it also means restricting unauthorized traffic attempting to leave your enterprise network. Network admins must configure firewall rules that protect their data and applications from threat actors. NAT changes that address data so the IP address is then different.

Access

Access Financial Services Compliance Security

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

Security Affairs

SEPTEMBER 9, 2023

The cybercrime group claims to have stolen 1 TB of data from the hospital and threatens to leak it. The message published by the gang on its leak site emphasizes that they didn’t encrypt data to avoid causing malfunctions to the hospital’s medical equipment.

Ransomware

Ransomware Phishing Encryption Financial Services

The Hacker Mind Podcast: Hacking APIs

ForAllSecure

JUNE 16, 2021

What's on your mobile than our external API's and in the past few years there's been an explosion of external API data. What's on your mobile than our external API's and in the past few years there's been an explosion of external API data. They're on all your devices, [Peloton commercial]. Okay, that's starting to get very personal.

Authentication

Authentication Communications IoT Security

The Hacker Mind Podcast: Hacking APIs

ForAllSecure

JUNE 16, 2021

What's on your mobile than our external API's and in the past few years there's been an explosion of external API data. What's on your mobile than our external API's and in the past few years there's been an explosion of external API data. They're on all your devices, [Peloton commercial]. Okay, that's starting to get very personal.

Authentication

Authentication Communications IoT Security

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

IT Governance

JANUARY 16, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The data is no longer publicly available. Data breached: >223,000,000 records. Data breached: >7,000,000 records. Data breached: 5,500,000 records.

Data Privacy

Data Privacy Privacy Manufacturing Retail

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Data breached: 36 million records. Data breached: 6,935,412 individuals’ data. Data breached: 6.9 Only 3 definitely haven’t had data breached.

Data Privacy

Data Privacy Privacy Security Data breaches

Reltio Named a Leader in the 2021 Forrester Wave™ Report for MDM

Reltio

DECEMBER 10, 2021

Your data fuels your business and your digital transformation. Your ability to run a digital business and make insightful decisions depends heavily on how well you manage your core data. Yet, these days with the proliferation of apps and data stores across cloud and on-premises environments, managing your data is not a trivial task.

MDM

MDM Analytics Digital transformation Cloud

GUEST ESSAY: Why organizations need to prepare for cyber attacks fueled by quantum computers

The Last Watchdog

MAY 26, 2022

Related: The role of post-quantum encryption. Quantum computers pose yet another looming threat since it has been mathematically proven that quantum computers with enough power will crack all the world’s public encryption. After all, who wants to report that they had a breach which has caused critical data or operational losses?

Ransomware

Ransomware Government Agriculture Encryption

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

JULY 31, 2019

Department of Health Services email hacked exposing patient data (14,591). Pennsylvania-based software firm and healthcare provider accuse each other of data theft (unknown). TX-based Wise Health reports data breach caused by phishing attack (35,899). Capital One says credit card applicants’ data stolen (100 million).

Data breaches

Data breaches Ransomware Personal data Government

Q&A: Sophos poll shows how attackers are taking advantage of cloud migration to wreak havoc

The Last Watchdog

JULY 21, 2020

The respondents were from organizations that currently host data and workloads in the public cloud. Furthermore, 50% encountered ransomware and other malware; 29% reported incidents of data getting exposed; 25% had accounts compromised; and 17% dealt with incidents of crypto-jacking. But this is where the attack paths diverge.

Cloud

Cloud Ransomware Data breaches GDPR

The Microsoft Exchange Attack Saga Continues

eSecurity Planet

MARCH 26, 2021

approach in that the attackers copy and exfiltrate a company’s data just prior to encrypting it. Should the victimized organization manage to restore its data without purchasing the decryption key, the criminals then use the threat of exposing or selling the compromised data as an added extortion threat. . The Good News.

Ransomware

Ransomware Authentication Financial Services Military

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

A high-profile cyber incident may cause substantial financial and reputational losses to an organization, including the disruption of corporate business processes, destruction or theft of critical data assets, loss of goodwill, and shareholder and consumer litigation. Encrypting critical data assets.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Federal Bank Regulators Require Notifications For Material Cybersecurity Incidents

Data Matters

NOVEMBER 22, 2021

On November 18, 2021, a group of federal bank regulators announced a final rule requiring banks to notify their primary federal regulator of any “significant computer-security incidents.” Further, bank service providers are now required to promptly notify all affected banks whenever a cybersecurity disruption lasts for four or more hours.

Cybersecurity

Cybersecurity Insurance Financial Services Marketing

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

Data Matters

MAY 17, 2022

It used to be that data breaches were all about cyber-crooks hacking computer systems to steal personal information, followed by an affected company sending regretful notification letters offering a year or two of complimentary credit monitoring. All rights reserved. 19, 2022). jurisdictions. 16, 2022).

Cybersecurity

Cybersecurity Government Authentication Ransomware

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

ForAllSecure

APRIL 19, 2023

In the 1950s we started to get early operating systems, and these included supervisory programs that helped manage the data coming in and going back out. I'm also a senior advisor to the Boston Consulting Group BCG. But the interesting thing about that is that these column oriented data warehouse DBMS are extremely fast at searching.

Analytics

Analytics Communications Computer and Electronics Cybersecurity

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 19, 2023

Israeli man sentenced to 80 months in prison for providing hacker-for-hire services Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine The board of directors of OpenAI fired Sam Altman Medusa ransomware gang claims the hack of Toyota Financial Services CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog (..)

Security

Security Data breaches Ransomware Financial Services

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

Putting data storage at the forefront of cloud security

Webinars

Trending Sources

Slack Launched Encryption Key Addon For Businesses

Webinars

Morgan Stanley discloses data breach after the hack of a third-party vendor

Mysterious custom malware used to steal 1.2TB of data from million PCs

BlackCocaine Ransomware, a new malware in the threat landscape

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

Navigating the EU-US Data Protection Framework

China-linked Budworm APT returns to target a US entity

More details about Operation Cronos that disrupted Lockbit operation

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

Maze ransomware gang discloses data from drug testing firm HMR

Avoslocker ransomware gang targets US critical infrastructure

5 things to know: IBM Cloud’s mission to accelerate innovation for clients

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Ransomware at IT Services Provider Synoptek

Experts linked ransomware attacks to China-linked APT27

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

The Future of Payments Security

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

How ATB Financial drives agile data ops with Collibra and GCP

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

New Trickbot module implements Remote App Credential-Grabbing features

Ransomware Protection in 2021

US: Surviving the service provider data breach

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

What Are Firewall Rules? Ultimate Guide & Best Practices

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

The Hacker Mind Podcast: Hacking APIs

The Hacker Mind Podcast: Hacking APIs

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

Reltio Named a Leader in the 2021 Forrester Wave™ Report for MDM

GUEST ESSAY: Why organizations need to prepare for cyber attacks fueled by quantum computers

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

Q&A: Sophos poll shows how attackers are taking advantage of cloud migration to wreak havoc

The Microsoft Exchange Attack Saga Continues

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Federal Bank Regulators Require Notifications For Material Cybersecurity Incidents

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

Stay Connected