Financial Services, Government and Information Security

Summary – “Industry in One: Financial Services”

ARMA International

NOVEMBER 7, 2019

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny.

Financial Services

Financial Services Communications Compliance Risk

Episode 222: US Rep. Himes on Congress’s About-face on Cybersecurity

The Security Ledger

AUGUST 12, 2021

In this week’s podcast, we speak with Congressman Jim Himes (D-CT) about Congress’s sudden focus on cybersecurity - an about face that Rep. Himes on Congress’s About-face on Cybersecurity appeared first on The Security Ledger with Paul F. Episode 217: What Fighting Pirates Teaches Us About Ransomware.

Cybersecurity

Cybersecurity Financial Services Risk Government

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

FEBRUARY 20, 2024

Law enforcement provided additional details about the international Operation Cronos that led to the disruption of the Lockbit ransomware operation. Yesterday, a joint law enforcement action, code-named Operation Cronos , conducted by law enforcement agencies from 11 countries disrupted the LockBit ransomware operation.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Agriculture

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. Lacewell stated that cybersecurity is the biggest risk for government and private organizations and described how the Framework is based on “extensive dialogue with industry and experts.”. The Framework. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

FEBRUARY 25, 2019

based supplier of identity access management (IAM) systems, which recently announced a partnership with Omada, a Copenhagen-based provider of identity governance administration (IGA) solutions. Governance and attestation quickly became a very big deal. Compliance became a huge driver for governance and attestation,” Curcio said. “It

Access

Access Government Authentication Data breaches

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Security Affairs

MAY 24, 2023

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against four entities and one individual for their role in malicious cyber operations conducted to support the government of North Korea. ” reads the announcement. trillion won ($1.2 correspondent or payable-through account sanctions.”

Government

Government Military Financial Services IT

Nissan Oceania data breach impacted roughly 100,000 people

Security Affairs

MARCH 14, 2024

The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. Nissan is working with its global incident response team and relevant stakeholders to investigate the extent of the incident and whether any personal information has been accessed.”

Data breaches

Data breaches Financial Services Ransomware Government

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

According to a joint advisory published by cybersecurity agencies, the LockBit ransomware group has successfully extorted roughly $91 million in about 1,700 attacks against U.S. 16% of the State, Local, Tribal, and Tribunal (SLTT) government ransomware incidents reported to the MS-ISAC is 2022 were LockBit attacks. law enforcement).

Ransomware

Ransomware Cybersecurity Agriculture Education

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. government, especially in light of ongoing tensions between the U.S. This is an important public action by the U.S. and Russia in Ukraine.

Cybersecurity

Cybersecurity Financial Services Authentication Government

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

In other words, if you wish to take out a mortgage on a home you will not be able to do so without giving companies like First American gobs of documents about your income, assets and liabilities — including quite a bit of sensitive financial data. “The [employee] did not request a waiver or risk acceptance from the CISO.”

Insurance

Insurance Risk Financial Services Mining

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

OCTOBER 6, 2021

The collected information allowed for the recovery of knowledge about the victims and the timeline of the campaigns conducted by actors leveraging Agent Tesla. The majority of intercepted credentials by Agent Tesla related to financial services, online-retailers, e-government systems and personal and business e-mail accounts. .

Financial Services

Financial Services Retail Education Information Security

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. Third-party governance. IT governance and security. Privacy governance and management. Learn more about ServiceNow. Audit management.

Compliance

Compliance Risk Government Retail

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

But those aren’t the only laws or regulations that affect IT security teams. There are plenty of others to worry anyone with job titles that include terms like “compliance,” “privacy,” and “security,” from CSOs on down. See the Top Governance, Risk and Compliance (GRC) Tools. billion (then the equivalent of about $2.7

Data Privacy

Data Privacy Compliance Privacy Security

Papua New Guinea ‘s finance ministry was hit by a ransomware

Security Affairs

OCTOBER 29, 2021

A ransomware attack hit Papua New Guinea ‘s finance ministry and disrupted government payments and operations. Government officials confirmed that Papua New Guinea’s finance ministry was hit by a ransomware attack that disrupted government payments and operations.

Ransomware

Ransomware Financial Services Government Data breaches

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information. This resolution highlights the SEC’s continued focus on cybersecurity.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 19, 2023

Israeli man sentenced to 80 months in prison for providing hacker-for-hire services Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine The board of directors of OpenAI fired Sam Altman Medusa ransomware gang claims the hack of Toyota Financial Services CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog (..)

Security

Security Data breaches Ransomware Financial Services

A Russian national charged for committing LockBit Ransomware attacks

Security Affairs

JUNE 16, 2023

On or about June 25, 2020, Matveev and his LockBit coconspirators targeted a law enforcement agency in Passaic County, New Jersey. On or about May 27, 2022, the man and his Hive coconspirators allegedly hit a nonprofit behavioral healthcare organization in New Jersey. The attacks hit law enforcement agencies in Washington, D.C.

Ransomware

Ransomware Agriculture Education Government

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

Security Affairs

SEPTEMBER 9, 2023

So, after multiple attempts to contact with management of MYMC, it becomes clear for us, that management of MYMC doesn't care about the privacy of own patients, sad to state this fact but it's true. The ransomware gang claims that the hospital doesn’t care about the privacy of its patients. Come on guys, seriously?

Ransomware

Ransomware Phishing Encryption Financial Services

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs

DECEMBER 2, 2022

Dollars (USD) and received more than $60 million in ransom payments from over 100 victims worldwide as of August 2022, the US government states. entities Financial Services, Government Facilities, Healthcare and Public Health, Critical Manufacturing, and Information Technology. ” reads the report.

Ransomware

Ransomware Financial Services Manufacturing Phishing

US SEC warns investors of ongoing fraudulent communications claiming from the SEC

Security Affairs

NOVEMBER 21, 2021

The Securities and Exchange Commission (SEC) warns investors of attacks impersonating its officials in government impersonator schemes. The Securities and Exchange Commission (SEC) is warning investors of scammers impersonating SEC officials in fraudulent schemes. “Beware of government impersonator schemes.

Communications

Communications Financial Services Education Government

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

Identity governance and administration, or IGA , has suddenly become a front-burner matter at many enterprises. Related: Identity governance issues in the age of digital transformation. I had the chance at RSA 2019 to visit with Mike Kiser, global strategist at SailPoint , an Austin, TX-based supplier of IGA services to discuss this.

Digital transformation

Digital transformation Insurance Compliance Healthcare

OCR Labs exposes its systems, jeopardizing major banking clients

Security Affairs

APRIL 6, 2023

A digital identification tool provided by OCR Labs to major banks and government agencies leaked sensitive credentials, putting clients at severe risk. Its services are used by companies and financial institutions including BMW, Vodafone, the Australian government, Westpac, ANZ, HSBC, and Virgin Money.

IT

IT Financial Services Access Risk

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

As stated by the International Association of Privacy Professional ( IAPP ) critical sectors such as financial services are therefore conspicuously excluded, leaving organizations without a clear pathway to data protection compliance and potentially exposing them to significant risks.

Data Privacy

Data Privacy Personal data Privacy Cloud

Tackling Data Sovereignty with DDR

Security Affairs

JUNE 20, 2023

Data sovereignty also encompasses the rights and regulations governing data storage, processing, and transfer and often intersects with privacy, security, and legal considerations. By recognizing the significance of data sovereignty, businesses can take measures to enhance data security and control, mitigating these risks.

Compliance

Compliance Cybersecurity Risk Encryption

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

million (about £4.70 million) for the financial sector – 33% more than the average across all sectors. Perhaps even more concerning to EU lawmakers is how dependent society at large is on banking and other financial services. That really shouldn’t surprise us – these are lucrative targets for cyber criminals.

Risk

Risk Data breaches Authentication Financial Services

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Thales Cloud Protection & Licensing

APRIL 29, 2024

NIS2 (Network and Information Security Directive) The updated NIS Directive significantly expands the scope and rigor of cybersecurity requirements across the European Union. It aims to improve competition and innovation in the financial industry while increasing consumer protection.

Compliance

Compliance Cybersecurity Risk Manufacturing

Unmasking 2024’s Email Security Landscape

Security Affairs

FEBRUARY 28, 2024

Targeted Sector Vulnerabilities: Financial Services, IT, Healthcare, Education, and Government sectors have emerged as primary targets, with attackers fine-tuning their strategies to exploit specific vulnerabilities within these industries. About the Author: Stefanie Shank.

Security

Security Phishing Communications Financial Services

Microsoft: Russia-linked SolarWinds hackers breached three new entities

Security Affairs

JUNE 26, 2021

Most of the targeted organizations are IT companies (57%), followed by government organizations (20%). The hackers also targeted non-governmental organizations and think tanks, as well as financial services. Compromised and targeted entities are being contacted through the Microsoft nation-state notification process.

Financial Services

Financial Services Access Authentication Passwords

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

million for security failings relating to a 2018 cyber attack on its mobile banking platform. US Attorneys General write to Meta about account takeovers New York Attorney General Letitia James has led a bipartisan coalition of 41 attorneys general, writing to Meta Platforms, Inc. UniCredit fined €2.8 of the Standard.

Data Privacy

Data Privacy Privacy Security Data breaches

Download IGI’s Whitepaper: Ameritas Leverages Technology For Improved Information Governance

IGI

MAY 1, 2018

About this Publication. This publication was written by the Information Governance Initiative as part of our ongoing series exploring issues, strategies, and techniques related to information governance. More information about Active Navigation is available at www.activenavigation.com.

Information governance

Information governance Government Records Management Insurance

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

the Federal Trade Commission has long recommended that companies properly and promptly dispose of personal information once it is no longer necessary to retain it for legal or business reasons. The Berlin authority did not complain about a specific retention period, but about a lack of thought as to the need to have one.

Privacy

Privacy Compliance Personal data Risk

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security. However, despite the critical status of bank infrastructure on the national level, the security of crucial data was not ensured.

Personal data

Personal data Phishing Risk Financial Services

Resecurity identified the investment scam network ‘Digital Smoke’

Security Affairs

FEBRUARY 27, 2023

The majority of the identified fraudulent projects were related to financial services (FIs), oil & gas, renewable energy, EV batteries, electric vehicles, healthcare, semiconductors, and world-recognized investment corporations and funds with a global presence.

Marketing

Marketing Financial Services Sales Government

U.S. Warns of Threat to Financial Industry Posed by North Korean Cyberattacks

Data Matters

APRIL 21, 2020

North Korea has been subjected to comprehensive international sanctions implemented to pressure its government to denuclearize. Share technical information of the North Korean cyber threat. Information sharing — across the private and public sectors — can assist in the detection and defense against North Korean cyber threats.

Cybersecurity

Cybersecurity Risk Ransomware Government

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

IBM Big Data Hub

JANUARY 10, 2024

With the increasing adoption of digital health records and collaborative research initiatives, there’s a growing concern about securing patient information from unauthorized access and potential breaches. Red Hat OpenShift, leveraging Confidential Containers, establishes a security-rich enclave for healthcare applications.

Security

Security Cloud Data Privacy Financial Services

California IT service provider Synoptek pays ransom after Sodinokibi attack

Security Affairs

JANUARY 5, 2020

Synoptek has more than 1,100 customers across multiple industries, including local governments, financial services, healthcare, manufacturing, media, retail and software. . “The only official statement about any kind of incident came late Friday evening from the company’s Twitter page , which said that on Dec.

IT

IT Ransomware Financial Services Retail

How ATB Financial drives agile data ops with Collibra and GCP

Collibra

MARCH 23, 2021

ATB Financial provides a diversified set of financial services to more than 770,000 residents of Alberta, Canada. Being a regionally focused institution, the group is dedicated to knowing its customers intimately, understanding their needs and providing products and services that help them achieve their goals.

Cloud

Cloud Government Access Metadata

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

APRIL 8, 2020

The research firm revealed that many of the government IDs exposed in the data breach have since expired. “Consider contacting CIFAS (the UK’s Fraud Prevention Service) to apply for protective registration. . “Consider contacting CIFAS (the UK’s Fraud Prevention Service) to apply for protective registration.

Ransomware

Ransomware Data breaches Encryption Financial Services

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

KnowBe4

MAY 31, 2023

That's right – the financial services industry, at least according to cybersecurity vendor Armorblox's 2023 Email Security Threat Report. Mr. Hall encourages more consultation between the government and the small business community. I wrote about how ~12% of all email threats were getting all the way to the inbox.

Phishing

Phishing File names Security awareness Risk

Russia-Ukraine cyber conflict poses critical infrastructure at risk

Security Affairs

MARCH 14, 2022

Ongoing attacks could cause severe damages to multiple sectors, including transportation, communication, financial services, government facilities, nuclear reactors, and critical manufacturing. ” reported researchers from Cyble.

Risk

Risk Financial Services Manufacturing Communications

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. Third-party governance. IT governance and security. Privacy governance and management. Learn more about ServiceNow. Audit management.

Compliance

Compliance Risk Government Retail

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Security Affairs

SEPTEMBER 1, 2023

The NSA did not alert Microsoft about EternalBlue’s existence for a period of five years, until a breach of the NSA compelled the agency to do so. The NSA has declined to speak in detail about the hack or EternalBlue. The NotPetya malware, another highly impactful cyber attack, also leveraged EternalBlue for propagation.

Phishing

Phishing Ransomware Search queries Access

Summary – “Industry in One: Financial Services”

Episode 222: US Rep. Himes on Congress’s About-face on Cybersecurity

Webinars

Trending Sources

More details about Operation Cronos that disrupted Lockbit operation

Webinars

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Nissan Oceania data breach impacted roughly 100,000 people

Cybersecurity agencies published a joint LockBit ransomware advisory

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

First American Financial Pays Farcical $500K Fine

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Top 10 Governance, Risk and Compliance (GRC) Vendors

Security Compliance & Data Privacy Regulations

Papua New Guinea ‘s finance ministry was hit by a ransomware

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

A Russian national charged for committing LockBit Ransomware attacks

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

Cuba Ransomware received over $60M in Ransom payments as of August 2022

US SEC warns investors of ongoing fraudulent communications claiming from the SEC

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

OCR Labs exposes its systems, jeopardizing major banking clients

Navigating the EU-US Data Protection Framework

Tackling Data Sovereignty with DDR

Risk Management under the DORA Regulation

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Unmasking 2024’s Email Security Landscape

Microsoft: Russia-linked SolarWinds hackers breached three new entities

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

Download IGI’s Whitepaper: Ameritas Leverages Technology For Improved Information Governance

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Multinational ICICI Bank leaks passports and credit card numbers

Resecurity identified the investment scam network ‘Digital Smoke’

U.S. Warns of Threat to Financial Industry Posed by North Korean Cyberattacks

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

California IT service provider Synoptek pays ransom after Sodinokibi attack

How ATB Financial drives agile data ops with Collibra and GCP

Maze ransomware gang discloses data from drug testing firm HMR

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

Russia-Ukraine cyber conflict poses critical infrastructure at risk

Top GRC Tools & Software for 2021

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Stay Connected