Financial Services, Groups, Industry and Security

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

DLA Piper Privacy Matters

AUGUST 8, 2023

Authors: Carolyn Bigg, Amanda Ge and Venus Cheung On July 24, 2023, the People’s Bank of China (“ PBOC ”) released the Measures for the Management of Data Security in the Business Areas Falling into PBOC’s Jurisdiction (Draft for Comment) (“ Draft Measures” ) for public consultation, which closes on August 24, 2023.

Financial Services

Financial Services Personal data Compliance Data collection

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

Security Affairs

NOVEMBER 10, 2023

The Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack that disrupted trades in the US Treasury market. The Industrial and Commercial Bank of China (ICBC) announced it has contained a ransomware attack that disrupted the U.S. ” reported the Financial Times. ” reported the Financial Times.

Ransomware

Ransomware Financial Services Marketing Authentication

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. Members of the Trickbot Group publicly gloated over the ease of targeting the medical facilities and the speed with which the ransoms were paid to the group.”

Ransomware

Ransomware Government Cybersecurity Blockchain

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Putting data storage at the forefront of cloud security

IBM Big Data Hub

NOVEMBER 7, 2023

Recent advances in areas like AI and quantum computing offer transformative potential for businesses, but may also bring new risks and security challenges. IBM is working to address these challenges and evolving threats by helping organizations support highly secure, resilient and durable storage through technology like Cloud Object Storage.

Cloud

Cloud Financial Services Security Compliance

Unmasking 2024’s Email Security Landscape

Security Affairs

FEBRUARY 28, 2024

Analyzing the Email Security Landscape and exploring Emerging Threats and Trends. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year. million as malicious.

Security

Security Phishing Communications Financial Services

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Krebs on Security

DECEMBER 10, 2020

In 2019, TSYS was acquired by financial services firm Global Payments Inc. Conti is one of several cybercriminal groups that maintains a blog which publishes data stolen from victims in a bid to force the negotiation of ransom payments. .” NYSE:GPN ]. ” TSYS declined to say whether it paid any ransom.

Ransomware

Ransomware Financial Services Access IT

Building for operational resilience in the age of AI and hybrid cloud

IBM Big Data Hub

MARCH 20, 2024

For highly regulated industries, these challenges take on an entirely new level of expectation as they navigate evolving regulatory landscape and manage requirements for privacy, resiliency, cybersecurity, data sovereignty and more. This means actively minimizing downtime and closing gaps in the supply chain to remain competitive.

Cloud

Cloud Financial Services Risk Business Services

Security Firms & Financial Group Team Up to Take Down Trickbot

Dark Reading

OCTOBER 12, 2020

Microsoft and security firms ESET, Black Lotus Labs, and Symantec collaborated with the financial services industry to cut off the ransomware operation's C2 infrastructure.

Financial Services

Financial Services Security Ransomware

News alert: Harter Secrest & Emery announces designation as NetDiligence-authorized Breach Coac

The Last Watchdog

FEBRUARY 15, 2024

15, 2024 – Harter Secrest & Emery LLP , a full-service business law firm with offices throughout New York, is pleased to announce that it has been selected as a NetDiligence-authorized Breach Coach ® , a designation only extended to law firms that demonstrate competency and sophistication in data breach response. Greene Led by partner F.

Data breaches

Data breaches Financial Services Big data Retail

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

Data Matters

MAY 4, 2022

Mr. Lashway and Mr. Woods join Sidley from Baker McKenzie where they started and led the global cybersecurity practice group for over 10 years. He has significant experience in addressing election security and misinformation related issues, and was deeply involved in the investigations into the 2016 and 2020 elections targeting various U.S.

Cybersecurity

Cybersecurity Marketing Security Privacy

Akira ransomware gang claims the theft of sensitive data from Nissan Australia

Security Affairs

DECEMBER 22, 2023

The Akira ransomware group announced it had breached the network of Nissan Australia, the Australian branch of the car maker giant. ” reads the message published by the group on its data leak site. Nissan already notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre.

Ransomware

Ransomware Data breaches Financial Services Archiving

NEW TECH: Security Compass streamlines the insertion of security best practices into DevOps

The Last Watchdog

MARCH 31, 2020

Related: A firewall for microservices DevSecOps arose to insert security checks and balances into DevOps, aiming to do so without unduly degrading speed and agility. If you’re thinking that speed and security are like oil and water, you’re right. For a full drill down on our discussion, please give the accompanying podcast a listen.

Security

Security Privacy Financial Services Risk

LockBit on a Roll – ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

Security Affairs

DECEMBER 4, 2023

The LockBit ransomware attack on the Industrial & Commercial Bank of China demonstrates the weakness of global financial system to cyberattacks. Treasury trading operations at an American subsidiary of Industrial & Commercial Bank of China Ltd. The ransomware breach that crippled U.S. trillion under management.

Ransomware

Ransomware Financial Services Marketing Government

A massive DDoS attack took down the site of the German financial agency BaFin

Security Affairs

SEPTEMBER 4, 2023

It is not clear who is behind the DDoS attack, but the media speculate that it was launched by pro-Russian hacktivists in response to the German financial and military support to Ukraine. The BaFin website was included in January in a list of targets published by the pro-Russia group Killnet on its Telegram channel.

Financial Services

Financial Services Military Insurance Marketing

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. First American Financial Corp.

Insurance

Insurance Risk Financial Services Mining

5 things to know: IBM Cloud’s mission to accelerate innovation for clients

IBM Big Data Hub

AUGUST 1, 2023

Whether it’s addressing customer demands for seamless digital experiences or helping clients navigate complex industry regulations, IBM Cloud is committed to helping clients drive innovation today while preparing them for tomorrow.

Financial Services

Financial Services Computer and Electronics Cloud Digital transformation

News Alert: W3C advances technology to streamline payment authentication

The Last Watchdog

JUNE 15, 2023

The World Wide Web Consortium today announced a standardization milestone for a new browser capability that helps to streamline user authentication and enhance payment security during Web checkout. Publication of Secure Payment Confirmation as a Candidate Recommendation indicates that the feature set is stable and has received wide review.

Authentication

Authentication Communications Financial Services Retail

4 Industries That Have to Fight the Hardest Against Cyberattacks

Security Affairs

DECEMBER 4, 2018

Society’s dependence on internet-based technologies means security professionals must defend against cyberattacks as well as more traditional threats, such as robbers or disgruntled employees. However, cybercriminals target some industries at disproportionally high rates. Financial Services. Health Care.

Retail

Retail Cybersecurity Data breaches Risk

The Future of Payments Security

Thales Cloud Protection & Licensing

JANUARY 26, 2021

The Future of Payments Security. The Verizon DBIR 2020 report indicates that financially motivated attacks against retailers have moved away from Point of Sale (POS) devices and controllers, towards web applications. This largely follows the trend in the industry of moving transactions primarily to a more web-focused infrastructure.

Security

Security Retail Authentication Big data

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

FEBRUARY 20, 2024

Lockbit ransomware group administrative staff has confirmed with us their websites have been seized. pic.twitter.com/SvpbeslrCd — vx-underground (@vxunderground) February 19, 2024 The operation led to the arrest of two members of the ransomware gang in Poland and Ukraine and the seizure of hundreds of crypto wallets used by the group.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Agriculture

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. In November experts observed several campaigns carried out by the TA505 group, in three of them the threat actors delivered the ServHelper malware.

IT

IT Financial Services Retail Ransomware

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

On 14 September, Mulkay discovered that the compromised files contained personal information, including “name, address, date of birth, Social Security number, driver’s license number or state ID, medical treatment information, and health insurance information”. Some patients also had their Social Security numbers exposed.”

Data Privacy

Data Privacy Privacy Security Data breaches

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

. “The Department of State is announcing reward offers totaling up to $15 million for information leading to the arrest and/or conviction of any individual participating in a LockBit ransomware variant attack and for information leading to the identification and/or location of any key leaders of the LockBit ransomware group.”

Energy and Utilities

Energy and Utilities Ransomware Agriculture Manufacturing

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs

DECEMBER 2, 2022

Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint advisory that provides technical details about the gang’s operations, including tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Cuba ransomware. ” reads the report.

Ransomware

Ransomware Financial Services Manufacturing Phishing

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

OCTOBER 6, 2021

Agent Tesla , first discovered in late 2014, is an extremely popular “malware-as-a-service” Remote Access Trojan (RAT) tool used by threat actors to steal information such as credentials, keystrokes, clipboard data and other information from its operators’ targets. Follow me on Twitter: @securityaffairs and Facebook.

Financial Services

Financial Services Retail Education Information Security

Episode 208: Getting Serious about Hardware Supply Chains with Goldman Sachs’ Michael Mattioli

The Security Ledger

MARCH 26, 2021

In this week’s Security Ledger Podcast, sponsored by Trusted Computing Group, we’re talking about securing the hardware supply chain. We’re joined by Michael Mattioli, a Vice President at Goldman Sachs who heads up that organization’s hardware supply chain security program. Read the whole entry. »

Computer and Electronics

Computer and Electronics Financial Services Risk Paper

CaixaBank CIO Pere Nebot discusses modernizing business operations for an enhanced, customer-centric experience

IBM Big Data Hub

JULY 12, 2023

As a leading financial group in Spain, CaixaBank has long been an innovator by taking a technology-first approach by placing innovation, digital transformation, customer experience and sustainable banking at the forefront of its strategy. CaixaBank is continuing its initiative to increase cloud absorption.

Digital transformation

Digital transformation Financial Services Cloud Customer Experience

An Update on the SEC’s Cybersecurity Reporting Rules

Hunton Privacy

FEBRUARY 22, 2024

Securities and Exchange Commission’s (“SEC’s”) Form 8-K cybersecurity reporting rules under new Item 1.05, this blog post provides a high-level summary of the filings made to date. It is interesting, but perhaps coincidental, that the filings seem limited to two broad industry groups: technology and financial services.

Cybersecurity

Cybersecurity Financial Services Marketing IT

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

DLA Piper Privacy Matters

APRIL 20, 2021

This introduces a data lifecycle security framework, and represents the key guideline for handling personal and other financial information by financial institutions (i.e. similar to the PIS Specification, but focused on the banking and financial services industry). Level 3: personal financial information.

Compliance

Compliance Security Financial Services Data collection

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

Fowler sent a responsible disclosure notice when he discovered the database and it was secured the following day. Source New Telecoms USA Yes 6,158 Nabholz Construction Company Employee Welfare Health Plan Source 1 ; source 2 New Healthcare USA Yes 5,326 Dawson James Securities, Inc. North Hill Home Health Care, Inc.,

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

Morgan Stanley discloses data breach after the hack of a third-party vendor

Security Affairs

JULY 8, 2021

The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. The company has offices in more than 42 countries and more than 60,000 employees, it has clients in multiple industries. ” reads the letter.

Data breaches

Data breaches Encryption Financial Services Access

Who’s Behind the ‘Web Listings’ Mail Scam?

Krebs on Security

MARCH 23, 2020

Reputationmanagementfor.com bills itself as an online service for “fighting negative and incorrect content on the internet,” which is especially interesting for reasons that should become clearer in a few paragraphs. THE COBRA/APPCO GROUP. employed a number of people involved in the SEO business. Helpmego.to

Sales

Sales Marketing Financial Services IT

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Security Affairs

MAY 24, 2023

Cyber security and intelligence experts believe that attacks aimed at the cryptocurrency industry will continue to increase next year. Data published by the National Intelligence Service agency confirms a report published by South Korean media outlet Chosun early this year that revealed North Korean threat actors have stolen around $1.7

Government

Government Military Financial Services IT

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

The technology industry has met the dramatic rise in ransomware and other cyber attacks with an impressive set of tools to help companies mitigate the risks. Healthcare and public health, financial services, and IT organizations are frequent targets, although businesses of all sizes can fall victim to these schemes.

Ransomware

Ransomware Education Phishing Financial Services

Ransomware at IT Services Provider Synoptek

Krebs on Security

DECEMBER 27, 2019

-based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries , including state and local governments, financial services, healthcare, manufacturing, media, retail and software.

Ransomware

Ransomware IT Phishing Financial Services

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

North Korea-linked Lazarus APT group is behind new campaigns against South Korean supply chains that leverage stolen security certificates. . Security experts from ESET reported that North-Korea-linked Lazarus APT (aka HIDDEN COBRA ) is behind cyber campaigns targeting South Korean supply chains.

Financial Services

Financial Services Phishing Government Security

Cloudflare: Mirai Botnet Launched Record-Breaking DDoS Attack

eSecurity Planet

AUGUST 22, 2021

Cloudflare last month fought off a massive distributed denial-of-service (DDoS) attack by a botnet that was bombarding 17.2 million requests per second (rps) at one of the internet infrastructure company’s customers in the financial services space. This group is likely large, well-funded and dedicated.”.

Financial Services

Financial Services IoT Education Passwords

Understanding China’s Data Regulatory Regime: What Are Important Data? And Can They Be Transferred Outside Of China?

Data Matters

APRIL 11, 2022

The Cyber Security Law (2017) (the CSL ) prohibits operators of critical information infrastructures ( CIIs ) from transferring their “important data” and personal information outside of China. Network Data Security Regulation. The concept of “important data” is a cornerstone of China’s data regulatory regime.

Military

Military Artificial Intelligence Security Financial Services

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

APRIL 8, 2020

A criminal group called Maze has claimed responsibility.” Once you’ve registered, you should be aware that CIFAS members will do extra checks to see when anyone, including you, applies for a financial service, such as a loan, using your address.” ” reads the data breach notification published by the company.

Ransomware

Ransomware Data breaches Encryption Financial Services

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

Industry limitations The DPF is not available across all industries: only those regulated at a federal level under the FTC or DOT may self-certify. Groups, such as Max Schrems’ NOYB , have expressed their concerns, especially that “the fundamental problem with FISA 702 was not addressed”.

Data Privacy

Data Privacy Personal data Privacy Cloud

Collibra and Amazon Web Services (AWS) partnership reaches new heights

Collibra

JULY 14, 2023

The AWS Competency Program’s goal is to give AWS customers confidence that the AWS Partner has demonstrated technical expertise and a proven track record in specialty areas across various industries, use cases and workloads. According to research by CapGemini Research Group , governments believe that they could realize a 9.5%

Analytics

Analytics Government Metadata Financial Services

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

FEBRUARY 4, 2019

. “This activity was typically only within reach of intelligence agencies or surveillance contractors, but now Motherboard has confirmed that this capability is much more widely available in the hands of financially-driven cybercriminal groups, who are using it to empty bank accounts. Security Affairs – SS7 protocol, Metro Bank).

IT

IT Authentication Financial Services Access

Resecurity identified the investment scam network ‘Digital Smoke’

Security Affairs

FEBRUARY 27, 2023

Once payments are collected from the victims, they make previously created resources vanish and set up the next new campaign – this is why investigators named the group “Digital Smoke” According to the latest report by FTC released last week called “The Top Scams of 2022” people reported losing $8.8 and the U.K

Marketing

Marketing Financial Services Sales Government

BEST PRACTICES: How testing for known memory vulnerabilities can strengthen DevSecOps

The Last Watchdog

APRIL 30, 2020

DevSecOps proponents are pushing for security-by-design practices to get woven into the highly agile DevOps engineering culture. San Jose-based application security vendor, Virsec , is seeking to tilt the balance a bit more to the side of good. Total vulnerabilities reported in the NVD dropped a bit in 2019, down to 12,174 total flaws.

Financial Services

Financial Services Security Marketing IT

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

Webinars

Trending Sources

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Webinars

Putting data storage at the forefront of cloud security

Unmasking 2024’s Email Security Landscape

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Building for operational resilience in the age of AI and hybrid cloud

Security Firms & Financial Group Team Up to Take Down Trickbot

News alert: Harter Secrest & Emery announces designation as NetDiligence-authorized Breach Coac

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

Akira ransomware gang claims the theft of sensitive data from Nissan Australia

NEW TECH: Security Compass streamlines the insertion of security best practices into DevOps

LockBit on a Roll – ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

A massive DDoS attack took down the site of the German financial agency BaFin

First American Financial Pays Farcical $500K Fine

5 things to know: IBM Cloud’s mission to accelerate innovation for clients

News Alert: W3C advances technology to streamline payment authentication

4 Industries That Have to Fight the Hardest Against Cyberattacks

The Future of Payments Security

More details about Operation Cronos that disrupted Lockbit operation

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Episode 208: Getting Serious about Hardware Supply Chains with Goldman Sachs’ Michael Mattioli

CaixaBank CIO Pere Nebot discusses modernizing business operations for an enhanced, customer-centric experience

An Update on the SEC’s Cybersecurity Reporting Rules

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

Morgan Stanley discloses data breach after the hack of a third-party vendor

Who’s Behind the ‘Web Listings’ Mail Scam?

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

Ransomware at IT Services Provider Synoptek

Lazarus malware delivered to South Korean users via supply chain attacks

Cloudflare: Mirai Botnet Launched Record-Breaking DDoS Attack

Understanding China’s Data Regulatory Regime: What Are Important Data? And Can They Be Transferred Outside Of China?

Maze ransomware gang discloses data from drug testing firm HMR

Navigating the EU-US Data Protection Framework

Collibra and Amazon Web Services (AWS) partnership reaches new heights

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Resecurity identified the investment scam network ‘Digital Smoke’

BEST PRACTICES: How testing for known memory vulnerabilities can strengthen DevSecOps

Stay Connected