Financial Services, Government and Information Security

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. The Amendment also includes new governance requirements and responsibilities applicable to the CISO of all covered entities.

Financial Services

Financial Services Cybersecurity Compliance Government

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. Lacewell stated that cybersecurity is the biggest risk for government and private organizations and described how the Framework is based on “extensive dialogue with industry and experts.”. The Framework. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge

Hunton Privacy

DECEMBER 19, 2022

On December 15, 2022, the UK government and the Dubai International Financial Centre Authority (“DIFC”) issued a joint statement on the shared commitment to deepening the UK-DIFC data partnership. In the statement, the UK government and the DIFC also announced the progress on a new Memorandum of Understanding on data.

Government

Government Financial Services Personal data Security

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Security Affairs

MAY 24, 2023

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against four entities and one individual for their role in malicious cyber operations conducted to support the government of North Korea. ” reads the announcement. correspondent or payable-through account sanctions.”

Government

Government Military Financial Services IT

LockBit on a Roll – ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

Security Affairs

DECEMBER 4, 2023

According to the report released by Resecurity, a Los Angeles-based company protecting Fortune 500 and governments worldwide, the attack against ICBC may be a precursor for significant malicious cyber activity against global financial system. LockBit specifically targeted ICBC Financial Services (ICBC FS), a wholly owned U.S.

Ransomware

Ransomware Financial Services Marketing Government

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Security Affairs

DECEMBER 26, 2023

Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 100 and government agencies worldwide, has compiled a comprehensive forecast outlining the imminent threats and novel security challenges anticipated in the upcoming year. Cybersecurity company Resecurity has published the 2024 Cyber Threat Landscape Forecast.

Energy and Utilities

Energy and Utilities Artificial Intelligence Ransomware Data breaches

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

Help us #StopRansomware by visiting [link] pic.twitter.com/G5jpxtB0Fw — Cybersecurity and Infrastructure Security Agency (@CISAgov) June 14, 2023 The LockBit ransomware operation was the most active in 2022 and according to the researchers it is one of the most prolific RaaS in 2023. law enforcement).

Ransomware

Ransomware Cybersecurity Agriculture Education

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. government, especially in light of ongoing tensions between the U.S. This is an important public action by the U.S. and Russia in Ukraine.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Nissan Oceania data breach impacted roughly 100,000 people

Security Affairs

MARCH 14, 2024

The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. Nissan is working with its global incident response team and relevant stakeholders to investigate the extent of the incident and whether any personal information has been accessed.”

Data breaches

Data breaches Financial Services Ransomware Government

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

Since January 2020, affiliates utilizing LockBit have targeted organizations of diverse sizes spanning critical infrastructure sectors such as financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Financial Services

Law enforcement operation seized Ragnar Locker group’s infrastructure

Security Affairs

OCTOBER 19, 2023

“As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” reads the FBI’s flash alert.

Ransomware

Ransomware Financial Services Manufacturing Government

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

The SEC said that under First American’s remediation policies, if the person responsible for fixing the problem is unable to do so based on the timeframes listed above, that employee must have their management contact the company’s information security department to discuss their remediation plan and proposed time estimate.

Insurance

Insurance Risk Financial Services Mining

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. As described below, senior governing bodies would have new oversight responsibilities under the amendments.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. Third-party governance. IT governance and security. Privacy governance and management. Enterprise & operational risk management.

Compliance

Compliance Risk Government Retail

U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours

Security Affairs

NOVEMBER 20, 2021

banking regulators this week approved a rule that obliges banks to report any major cybersecurity incidents to the government within 36 hours of discovery. Major cybersecurity incidents are attacks that impact operations of the victims or the stability of the US financial sector. Follow me on Twitter: @securityaffairs and Facebook.

Cybersecurity

Cybersecurity Financial Services Insurance Ransomware

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

But those aren’t the only laws or regulations that affect IT security teams. There are plenty of others to worry anyone with job titles that include terms like “compliance,” “privacy,” and “security,” from CSOs on down. See the Top Governance, Risk and Compliance (GRC) Tools. PIPL Raises the Bar – And the Stakes.

Data Privacy

Data Privacy Compliance Privacy Security

Emissary Panda APT group hit Government Organizations in the Middle East

Security Affairs

MAY 30, 2019

Chinese Cyber-Spies Target Government Organizations in Middle East. Chinese APT group Emissary Panda has been targeting government organizations in two different countries in the Middle East. defense contractors , financial services firms, and a national data center in Central Asia. Pierluigi Paganini.

Government

Government Financial Services Security Cybersecurity

Papua New Guinea ‘s finance ministry was hit by a ransomware

Security Affairs

OCTOBER 29, 2021

A ransomware attack hit Papua New Guinea ‘s finance ministry and disrupted government payments and operations. Government officials confirmed that Papua New Guinea’s finance ministry was hit by a ransomware attack that disrupted government payments and operations.

Ransomware

Ransomware Financial Services Government Data breaches

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information. This resolution highlights the SEC’s continued focus on cybersecurity.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

OCTOBER 6, 2021

The majority of intercepted credentials by Agent Tesla related to financial services, online-retailers, e-government systems and personal and business e-mail accounts. . Researchers found active instances of Agent Tesla and developed a mechanism to enumerate the affected clients and extract compromised data.

Financial Services

Financial Services Retail Education Information Security

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs

DECEMBER 2, 2022

Dollars (USD) and received more than $60 million in ransom payments from over 100 victims worldwide as of August 2022, the US government states. entities Financial Services, Government Facilities, Healthcare and Public Health, Critical Manufacturing, and Information Technology.

Ransomware

Ransomware Financial Services Manufacturing Phishing

US SEC warns investors of ongoing fraudulent communications claiming from the SEC

Security Affairs

NOVEMBER 21, 2021

The Securities and Exchange Commission (SEC) warns investors of attacks impersonating its officials in government impersonator schemes. The Securities and Exchange Commission (SEC) is warning investors of scammers impersonating SEC officials in fraudulent schemes. “Beware of government impersonator schemes.

Communications

Communications Financial Services Education Government

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

Identity governance and administration, or IGA , has suddenly become a front-burner matter at many enterprises. Related: Identity governance issues in the age of digital transformation. I had the chance at RSA 2019 to visit with Mike Kiser, global strategist at SailPoint , an Austin, TX-based supplier of IGA services to discuss this.

Digital transformation

Digital transformation Insurance Compliance Healthcare

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Thales Cloud Protection & Licensing

APRIL 29, 2024

NIS2 (Network and Information Security Directive) The updated NIS Directive significantly expands the scope and rigor of cybersecurity requirements across the European Union. It aims to improve competition and innovation in the financial industry while increasing consumer protection.

Compliance

Compliance Cybersecurity Risk Manufacturing

OCR Labs exposes its systems, jeopardizing major banking clients

Security Affairs

APRIL 6, 2023

A digital identification tool provided by OCR Labs to major banks and government agencies leaked sensitive credentials, putting clients at severe risk. Its services are used by companies and financial institutions including BMW, Vodafone, the Australian government, Westpac, ANZ, HSBC, and Virgin Money.

IT

IT Financial Services Access Risk

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. Consider installing and using a VPN.

Ransomware

Ransomware Passwords Encryption Financial Services

A Russian national charged for committing LockBit Ransomware attacks

Security Affairs

JUNE 16, 2023

The operation targeted many organizations in critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. law enforcement).

Ransomware

Ransomware Agriculture Education Government

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

government offers rewards of up to $15 million for information that could lead to the identification or location of LockBit ransomware gang members and affiliates. ” reads the press release published by the U.S.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Manufacturing

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

Perhaps even more concerning to EU lawmakers is how dependent society at large is on banking and other financial services. In turn, financial institutions heavily depend on ICT to be able to provide those services to begin with. That really shouldn’t surprise us – these are lucrative targets for cyber criminals.

Risk

Risk Data breaches Authentication Financial Services

DIVD discloses three new unpatched Kaseya Unitrends zero-days

Security Affairs

JULY 27, 2021

DIVD Chairman Victor Gevers told BleepingComputer that the advisory was originally shared with 68 government CERTs under a coordinated disclosure, but became public after one of them shared it with an organization’s service desk operating in the Financial Services.

Financial Services

Financial Services Authentication Cloud Government

Tackling Data Sovereignty with DDR

Security Affairs

JUNE 20, 2023

Data sovereignty also encompasses the rights and regulations governing data storage, processing, and transfer and often intersects with privacy, security, and legal considerations. When data is sovereign, an organization retains control and ownership over that data.

Compliance

Compliance Cybersecurity Risk Encryption

Microsoft: Russia-linked SolarWinds hackers breached three new entities

Security Affairs

JUNE 26, 2021

Most of the targeted organizations are IT companies (57%), followed by government organizations (20%). The hackers also targeted non-governmental organizations and think tanks, as well as financial services. Compromised and targeted entities are being contacted through the Microsoft nation-state notification process.

Financial Services

Financial Services Access Authentication Passwords

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The Budworm cyber espionage group (aka APT27 , Bronze Union , Emissary Panda , Lucky Mouse , TG-3390 , and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S.

File names

File names Financial Services Manufacturing Libraries

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

As stated by the International Association of Privacy Professional ( IAPP ) critical sectors such as financial services are therefore conspicuously excluded, leaving organizations without a clear pathway to data protection compliance and potentially exposing them to significant risks.

Data Privacy

Data Privacy Personal data Privacy Cloud

France and Germany will block Facebook’s Libra cryptocurrency

Security Affairs

SEPTEMBER 16, 2019

France and Germany governments announced that they will block Facebook’s Libra cryptocurrency , the news was reported by French finance ministry Bruno Le Maire. “We reads a joint statement issued by the two governments, “I want to be absolutely clear: in these conditions, we cannot authorise the development of Libra on European soil.”

Financial Services

Financial Services Government IT Security

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

Summary – “Industry in One: Financial Services”

ARMA International

NOVEMBER 7, 2019

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny.

Financial Services

Financial Services Communications Compliance Risk

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

. “As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” reads the FBI’s flash alert.

Ransomware

Ransomware Passwords Financial Services Manufacturing

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

According to the experts, the threat actors are merely trying to monetize their efforts selling information that have no intelligence value for the Iranian Government. In late July 2020, Crowdstrike spotted a threat actor associated with PIONEER KITTEN that was attempting to sell access to compromised networks on an underground forum.

Access

Access Financial Services Retail Insurance

Unmasking 2024’s Email Security Landscape

Security Affairs

FEBRUARY 28, 2024

Targeted Sector Vulnerabilities: Financial Services, IT, Healthcare, Education, and Government sectors have emerged as primary targets, with attackers fine-tuning their strategies to exploit specific vulnerabilities within these industries.

Security

Security Phishing Communications Financial Services

New York Banking Regulator Announces New Cybersecurity Assessment Process

Hunton Privacy

DECEMBER 11, 2014

On December 10, 2014, the New York State Department of Financial Services (the “Department”) announced that it issued an industry guidance letter to all Department-regulated banking institutions that formally introduces the Department’s new cybersecurity preparedness assessment process.

Cybersecurity

Cybersecurity Financial Services Insurance Information Security

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

FEBRUARY 20, 2024

Since January 2020, affiliates utilizing LockBit have targeted organizations of diverse sizes spanning critical infrastructure sectors such as financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Agriculture

Kaseya fixed two of the three Kaseya Unitrends zero-days found in July

Security Affairs

AUGUST 26, 2021

DIVD Chairman Victor Gevers told BleepingComputer that the advisory was originally shared with 68 government CERTs under a coordinated disclosure, but became public after one of them shared it with an organization’s service desk operating in the Financial Services.

Authentication

Authentication Financial Services Cloud Security

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Webinars

Trending Sources

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Webinars

UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

LockBit on a Roll – ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Cybersecurity agencies published a joint LockBit ransomware advisory

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Nissan Oceania data breach impacted roughly 100,000 people

Operation Cronos: law enforcement disrupted the LockBit operation

Law enforcement operation seized Ragnar Locker group’s infrastructure

First American Financial Pays Farcical $500K Fine

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Top 10 Governance, Risk and Compliance (GRC) Vendors

U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours

Security Compliance & Data Privacy Regulations

Emissary Panda APT group hit Government Organizations in the Middle East

Papua New Guinea ‘s finance ministry was hit by a ransomware

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Cuba Ransomware received over $60M in Ransom payments as of August 2022

US SEC warns investors of ongoing fraudulent communications claiming from the SEC

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

OCR Labs exposes its systems, jeopardizing major banking clients

Avoslocker ransomware gang targets US critical infrastructure

A Russian national charged for committing LockBit Ransomware attacks

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Risk Management under the DORA Regulation

DIVD discloses three new unpatched Kaseya Unitrends zero-days

Tackling Data Sovereignty with DDR

Microsoft: Russia-linked SolarWinds hackers breached three new entities

China-linked Budworm APT returns to target a US entity

Navigating the EU-US Data Protection Framework

France and Germany will block Facebook’s Libra cryptocurrency

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Summary – “Industry in One: Financial Services”

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Unmasking 2024’s Email Security Landscape

New York Banking Regulator Announces New Cybersecurity Assessment Process

More details about Operation Cronos that disrupted Lockbit operation

Kaseya fixed two of the three Kaseya Unitrends zero-days found in July

Stay Connected