Financial Services, IT, Phishing and Security - Information Management Today

Catches of the Month: Phishing Scams for October 2023

IT Governance

OCTOBER 13, 2023

October is both Cybersecurity Awareness Month in the US and European Cyber Security Month in the EU – twin campaigns on either side of the Atlantic that aim to improve awareness of the importance of cyber security both at work and at home, and provide tips on how to stay secure.

Phishing

Phishing Financial Services Manufacturing Personal data

Unmasking 2024’s Email Security Landscape

Security Affairs

FEBRUARY 28, 2024

Analyzing the Email Security Landscape and exploring Emerging Threats and Trends. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year. million as malicious.

Security

Security Phishing Communications Financial Services

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

Thales Cloud Protection & Licensing

AUGUST 31, 2022

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor. However, all this attention from cyber criminals, as well as regulators and governments, has produced an extremely resilient industry with some of the best cyber security practices of any sector. Thu, 09/01/2022 - 05:15.

Financial Services

Financial Services Cybersecurity Computer and Electronics Cloud

Microsoft warns of multi-stage AiTM phishing and BEC attacks

Security Affairs

JUNE 11, 2023

Microsoft researchers warn of banking adversary-in-the-middle (AitM) phishing and BEC attacks targeting banking and financial organizations. Microsoft discovered multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attacks against banking and financial services organizations.

Phishing

Phishing Financial Services Authentication Passwords

A massive phishing campaign using QR codes targets the energy sector

Security Affairs

AUGUST 16, 2023

A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. “Beginning in May 2023, Cofense has observed a large phishing campaign utilizing QR codes targeting the Microsoft credentials of users from a wide array of industries.” com (Cloudflare’s Web3 services).

Phishing

Phishing Energy and Utilities Insurance Manufacturing

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

HL Chronicle of Data Protection

APRIL 17, 2020

Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic. Increased Phishing and Fraud. Remote Working.

Financial Services

Financial Services Risk Cybersecurity Phishing

Ransomware at IT Services Provider Synoptek

Krebs on Security

DECEMBER 27, 2019

Synoptek , a California business that provides cloud hosting and IT management services to more than a thousand customer nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources. A now-deleted Tweet from Synoptek on Dec. A now-deleted Tweet from Synoptek on Dec.

Ransomware

Ransomware IT Phishing Financial Services

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Security Affairs

MAY 10, 2022

“Frappo” acts as a Phishing-as-a-Service and enables cybercriminals the ability to host and generate high-quality phishing pages which impersonate major online banking, e-commerce, popular retailers, and online-services to steal customer data.

Phishing

Phishing Retail Financial Services Data breaches

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. com — which was created to phish U.S.

Phishing

Phishing Authentication Financial Services Access

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

Security Affairs

NOVEMBER 20, 2023

The economically motivated APT group used specially crafted archives in phishing attacks against forum users through online trading forum posts. NSFOCUS Research Labs pointed out that exploitation of the CVE-2023-38831 flaw can be integrated into watering hole and phishing attacks. ” reads the report published by NSFOCUS.

Phishing

Phishing Archiving Financial Services Cybersecurity

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

KnowBe4

MAY 31, 2023

CyberheistNews Vol 13 #22 | May 31st, 2023 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all.

Phishing

Phishing File names Security awareness Risk

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

KnowBe4

MARCH 28, 2023

CyberheistNews Vol 13 #13 | March 28th, 2023 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks Users need to adapt to an evolving threat landscape in which attackers can use AI tools like ChatGPT to craft extremely convincing phishing emails, according to Matthew Tyson at CSO. "A We must ask: 'Is the email expected?

Phishing

Phishing Security awareness Insurance Cybersecurity

The G7 expresses its concern over ransomware attacks

Security Affairs

OCTOBER 14, 2020

Experts are observing a significant increase in the number of Ransomware attacks against hospitals, financial institutions, schools, and other critical infrastructure in G7 countries. Researchers have observed a surge in COVID-19-related phishing campaign aimed at distributing malware, including ransomware. Pierluigi Paganini.

Ransomware

Ransomware IT Financial Services Data Privacy

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR (among other legal requirements in the EU and elsewhere) can expose multinational organizations to hefty financial penalties, additional rules for disclosing data breaches, and increased scrutiny of the adequacy of their data security.

Data Privacy

Data Privacy Compliance Privacy Security

How Can We Secure The Future of Digital Payments?

Thales Cloud Protection & Licensing

JANUARY 10, 2022

How Can We Secure The Future of Digital Payments? The financial services ecosystem has evolved tremendously over the past few years driven by a surge in the adoption of digital payments. The biggest challenge for both retailers and financial organizations was the rapidness of that change. Tue, 01/11/2022 - 06:35.

Retail

Retail Security Financial Services Authentication

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

Researchers from the German cyber security company Aplite discovered 3,806 servers from 111 countries accessible on the Internet. Compromised information includes patients’ personal data, health and medical records, financial data, internal emails and software source code. Data breached: 5 TB.

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

Keyboard app vulnerabilities reveal keystrokes to network eavesdroppers Security researchers have identified critical security vulnerabilities in Cloud-based pinyin keyboard apps from Baidu, Inc., Known data breached Discord (via Spy.pet) Source (New) IT services USA Yes 4,186,879,104 Baidu, Inc.,

Data Privacy

Data Privacy Privacy Manufacturing Security

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Ransomware Artificial Intelligence

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”). As part of the “training and monitoring” requirements under Section 500.14 Additional Requirements.

Financial Services

Financial Services Cybersecurity Risk Passwords

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

Security Affairs

APRIL 3, 2024

Resecurity researchers warn that a new Version of JsOutProx is targeting financial institutions in APAC and MENA via Gitlab abuse. Resecurity has detected a new version of JSOutProx , which is targeting financial services and organizations in the APAC and MENA regions.

Financial Services

Financial Services Phishing IT Information Security

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs

APRIL 16, 2023

The phishing attacks began in February 2023, the IT giant reported. In 2021, CISA added Remcos to the list of top malware strains due to its use in mass phishing attacks using COVID-19 pandemic themes targeting businesses and individuals. Crooks use lures masquerading as tax documentation sent by a client. LNK) files.

Phishing

Phishing Financial Services Education Cybersecurity

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware

Ransomware Security Financial Services Cybersecurity

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. An ad for the OTP interception service/bot “SMSRanger.” The 2fa SMS Buster bot on Telegram.

Passwords

Passwords Authentication Phishing Access

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 20, 2023

The Verizon 2023 Data Breach Investigations Report reveals that system intrusion, phishing, and web app attacks are the predominant patterns that enable criminals to steal personal and financial information, including credit card data. Behind every system, software, and security protocol stands a human being.

Retail

Retail Cybersecurity Financial Services Encryption

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security. However, despite the critical status of bank infrastructure on the national level, the security of crucial data was not ensured. million files belonging to ICICI Bank.

Personal data

Personal data Phishing Risk Financial Services

Energy Sector Experiences Three Times More Operational Technology Cybersecurity Incidents Than Any Other Industry

KnowBe4

OCTOBER 9, 2023

While industries like financial services and healthcare tend to dominate in IT attacks, the tables are turned when looking at Operational Technology (OT) cyber attacks – and the energy sector is the clear “winner.”

Financial Services

Financial Services Cybersecurity IT Phishing

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang.

IT

IT Financial Services Retail Ransomware

GUEST ESSAY: Why Microsoft Exchange users ‘must have’ robust data recovery policies, practices

The Last Watchdog

DECEMBER 21, 2021

Some 11,800 computer software companies, 10,000 IT services vendors, 5,500 health care organizations and 3,200 financial services firms continue to maintain on-premises Exchange email servers, according to this report from Enlyft. Installing any critical security patches in a timely manner. Power source fails.

Cloud

Cloud Financial Services Communications Ransomware

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. By using the services, cybercriminals can gain access to victims’ accounts to steal money.

Authentication

Authentication Phishing Financial Services Passwords

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. NSC’s investigation revealed that the unauthorized access to the employee’s MS O365 account occurred between September 13 and September 18, likely through phishing.

Cybersecurity

Cybersecurity Financial Services Phishing Compliance

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs

DECEMBER 2, 2022

Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint advisory that provides technical details about the gang’s operations, including tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Cuba ransomware. ” reads the report.

Ransomware

Ransomware Financial Services Manufacturing Phishing

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

Healthcare and public health, financial services, and IT organizations are frequent targets, although businesses of all sizes can fall victim to these schemes. The increase in remote workforces and difficulty enforcing security controls with expanding perimeters has played a role in the rise of ransomware. Prevalence.

Ransomware

Ransomware Education Phishing Financial Services

NYDFS settles cybersecurity regulation matter for $1.8 million

Data Protection Report

JUNE 2, 2021

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 This matter began when insurance affiliate #1, licensed by NYDFS, discovered a phishing email in September of 2018. Complicating matters, the phishing email also affected affiliate #2, also a NYDFS licensee.

Cybersecurity

Cybersecurity Insurance Financial Services Phishing

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

However, basic cybersecurity tools and practices, like patching , strong passwords , and multi-factor authentication (MFA), “can prevent 80 to 90% of cyberattacks,” said Anne Neuberger, deputy national security advisor for cyber and emerging technologies, during a White House press conference in Sept. Cyberattack Statistics. Ransomware.

Ransomware

Ransomware Cybersecurity Phishing Encryption

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

The Last Watchdog

NOVEMBER 13, 2018

And innovation is percolating among newer entrants, like PerimeterX, Shape Security and Signal Sciences. This week a new entrant in this field, Cequence Security , formally launched what it describes as a “game-changing” application security platform. Shifting security challenge. Bots arise two ways.

Security

Security Digital transformation B2C B2B

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

KnowBe4

JUNE 20, 2023

The recent information exposes the increasing dangers in the world of cryptocurrency and the urgent requirement for more robust security measures. You need to know what happens when your employees receive phishing emails: are they likely to click the link? million simulated phishing security tests.

Data breaches

Data breaches Phishing Security awareness Ransomware

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

Hunton Privacy

OCTOBER 24, 2022

On October 18, 2022, the New York State Department of Financial Services (“NYDFS”) announced that EyeMed Vision Care LLC (“EyeMed”) agreed to a $4.5 The NYDFS’s consent order notes that EyeMed’s failure to comply with the Cybersecurity Regulation left EyeMed vulnerable to threat actors.

Cybersecurity

Cybersecurity Financial Services Risk Phishing

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. ransomware and phishing scams).

Ransomware

Ransomware Passwords Encryption Financial Services

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

Researchers uncovered an ongoing campaign delivering the Qbot malware to steal credentials from customers of dozens of US financial institutions. Security researchers at F5 Labs have spotted ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions.

Phishing

Phishing Financial Services Personal data Security

Report shows increase in social engineering

IT Governance

JULY 13, 2018

The report found that about 55% of social media attacks that impersonated customer-support accounts specifically targeted the customers of financial services companies. Dropbox was revealed as the top lure for phishing attacks. There were twice as many phishing messages sent using Dropbox compared to the next popular method.

Phishing

Phishing Financial Services Education Risk

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July.

Insurance

Insurance Data breaches Financial Services Passwords

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

North Korea-linked Lazarus APT group is behind new campaigns against South Korean supply chains that leverage stolen security certificates. . Security experts from ESET reported that North-Korea-linked Lazarus APT (aka HIDDEN COBRA ) is behind cyber campaigns targeting South Korean supply chains.

Financial Services

Financial Services Phishing Government Security

How Multi-factor Authentication Can Benefit Your Industry

Rocket Software

AUGUST 17, 2020

Depending on what industry you’re in, your approach to security may be very different. For some sectors, like finance, security and data protection are top of mind for everything that is done. Financial services organizations typically experience the most data breaches and hacks, which makes security a priority.

Authentication

Authentication Financial Services Passwords Insurance

Catches of the Month: Phishing Scams for October 2023

Unmasking 2024’s Email Security Landscape

Trending Sources

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

Microsoft warns of multi-stage AiTM phishing and BEC attacks

A massive phishing campaign using QR codes targets the energy sector

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

Ransomware at IT Services Provider Synoptek

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Disneyland Malware Team: It’s a Puny World After All

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

The G7 expresses its concern over ransomware attacks

Security Compliance & Data Privacy Regulations

How Can We Secure The Future of Digital Payments?

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Remcos RAT campaign targets US accounting and tax return preparation firms

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

The Rise of One-Time Password Interception Bots

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Multinational ICICI Bank leaks passports and credit card numbers

Energy Sector Experiences Three Times More Operational Technology Cybersecurity Incidents Than Any Other Industry

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

GUEST ESSAY: Why Microsoft Exchange users ‘must have’ robust data recovery policies, practices

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

NYDFS settles cybersecurity regulation matter for $3 million

Cuba Ransomware received over $60M in Ransom payments as of August 2022

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

NYDFS settles cybersecurity regulation matter for $1.8 million

What is a Cyberattack? Types and Defenses

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

Avoslocker ransomware gang targets US critical infrastructure

An ongoing Qbot campaign targeted customers of tens of US banks

Report shows increase in social engineering

American Insurance firm State Farm victim of credential stuffing attacks

Lazarus malware delivered to South Korean users via supply chain attacks

How Multi-factor Authentication Can Benefit Your Industry

Stay Connected