Accountability, Authentication, Data breaches and Financial Services

Defending Financial Services Against Fraud in a Shifting Cyber Landscape

Thales Cloud Protection & Licensing

NOVEMBER 13, 2023

Defending Financial Services Against Fraud in a Shifting Cyber Landscape sparsh Tue, 11/14/2023 - 05:05 As we approach International Fraud Awareness Week during 12-18 November 2023, taking stock of the evolving threat landscape and the vulnerabilities that financial services organizations face is crucial.

Financial Services

Financial Services Encryption Cybercrime Threat Reports

Top 5 Industries Most Vulnerable to Data Breaches in 2023

Security Boulevard

JUNE 26, 2023

The end result of these types of cyber attacks are often highly public and damaging data breaches. 1 in 4 Americans reported that they would stop doing business with a company following a data breach, and 67% of consumers reported a loss of trust in an organization following a breach. What Are Data Breaches?

Data breaches

Data breaches Healthcare Telecommunications Financial Services

Hitachi becomes the next victim after a ransomware attack on GoAnywhere software

CyberSecurity Insiders

MARCH 17, 2023

After Rubrik, Hitachi Energy issued a public statement that some of its customer accounts might have been compromised, after a ransomware attack took place on a third-party software called Fortra GoAnywhere MFT. Information is also out that the same gang was also behind the data breach of personal details of over 35,000 PayPal users.

Software

Software Ransomware Data breaches Financial Services

VA Data Breach: An Attack on Those Who Served

SecureWorld News

SEPTEMBER 15, 2020

Now the Department of Veteran's Affairs (VA) is sending breach notification letters to tens of thousands of veterans impacted by a recent data breach. What do we know about the VA data breach against veterans? How large was the VA data breach? How do I know if I am part of the VA data breach?

Data breaches

Data breaches Social Engineering Financial Services Government

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself. USDoD’s InfraGard sales thread on Breached. Department of Defense.

Hacking

Hacking Energy and Utilities Cybercrime Accountability

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 20, 2023

Data breaches in the retail sector illustrate the vulnerabilities inherent to this industry, emphasizing the need for robust cybersecurity measures. This finding not only underscores the vulnerability of the retail sector but also accentuates the financial repercussions of such breaches.

Retail

Retail Cybersecurity Financial Services Mobile

The Clock is Ticking for PCI DSS 4.0 Compliance

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

Virtually every major financial institution, retailer, and scores of payment processors have been the victims of data breaches, incurring both financial and reputational damage. According to the 2022 Thales Data Threat Report – Financial Services Edition , 52% of U.S. Requirement 3.2 Requirements 3.4.1

Financial Services

Financial Services Data breaches Accountability Encryption

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

27 — Thanksgiving Day weekend — Jim got a series of rapid-fire emails from MSF saying they’ve received his loan application, that they’d approved it, and that the funds requested were now available at the bank account specified in his MSF profile. Then on Nov. Take a look at that 546.56 for that $1,000.

Financial Services

Financial Services Banking Accountability Identity Theft

NY Investigates Exposure of 885 Million Mortgage Documents

Krebs on Security

MAY 31, 2019

On May 24, KrebsOnSecurity broke the news that First American had just fixed a weakness in its Web site that exposed approximately 885 million documents — many of them with Social Security and bank account numbers — going back at least 16 years. No authentication was needed to access the digitized records.

Financial Services

Financial Services Insurance Banking Authentication

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images.

Insurance

Insurance Financial Services Penetration Testing Scams

Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed

Adam Levin

SEPTEMBER 5, 2019

Once the number has been transferred, the criminal has control of any accounts that are identified by caller ID (including many financial institutions) as well as any accounts protected by two-factor authentication. It is believed this was the method used to recently hack Jack Dempsey’s Twitter account. .

Scams

Scams Accountability Financial Services Insurance

Marriott Breach: More than 500 Million Guest Affected

Adam Levin

NOVEMBER 30, 2018

The information compromised includes (but assume is not limited to): name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. Monitor your accounts. Follow the three Ms: 1.

Identity Theft

Identity Theft Financial Services Password Management Media

The Future of Payments Security

Thales Cloud Protection & Licensing

JANUARY 26, 2021

As reported in the UK Finance “Fraud: The Facts” 2020 report, the theft of personal and financial data through data breaches was a major contributor to fraud losses in 2019. The stolen data is used both to commit fraud directly and indirectly. Strong Customer Authentication (SCA). Online skimming.

Retail

Retail Banking Big data Computers and Electronics

How to achieve financial inclusion with Open Banking

CyberSecurity Insiders

JUNE 28, 2021

In essence, the idea behind open banking was to offer customers the chance to give their bank credentials to these brands, which then use the data to create better products or facilitate easier payments. Financial Inclusion and Open Banking in practice.

Banking

Banking Financial Services Authentication Technology

50 Ways to Avoid Getting Scammed on Black Friday

Adam Levin

NOVEMBER 17, 2020

Credit cards offer markedly better fraud protections than debit cards , which connect directly to your bank account. Virtual credit cards similarly allow online shoppers to mask their financial accounts. Many financial institutions offer free transaction alerts that notify you when charges hit your account.

Scams

Scams Retail Banking Passwords

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Thales Cloud Protection & Licensing

APRIL 29, 2024

However, a relentless barrage of data breaches, ransomware attacks, and sophisticated cyber threats steadily erodes this trust. Digital Services Act (DSA) The DSA places greater responsibility and accountability on online platforms of all sizes. It targets illegal content, disinformation, and harmful practices.

Risk

Risk Manufacturing Digital transformation Cybersecurity

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Cookies are a precious source of intelligence about victims’ habits and could be abused to access the person’s online accounts of the victims. . million unique email addresses, NordLocker found, for an array of different apps and services. The database includes 6.6 The 26 million login credentials held 1.1 Pierluigi Paganini.

Malware

Malware Computers and Electronics Software Financial Services

Obrela’s 2022 Digital Universe Study – A look at today’s threat landscape

IT Security Guru

NOVEMBER 4, 2022

A 16% increase in data breaches, as well as attacks that targeted end users as opposed to corporations. . Looking at particular attack methods, Obrela found that those most utilised were typically malware infection, reconnaissance, data exfiltration and phishing attacks, along with the exploitation of malicious insiders. .

Banking

Banking Phishing Financial Services Government

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Security Boulevard

APRIL 29, 2024

However, a relentless barrage of data breaches, ransomware attacks, and sophisticated cyber threats steadily erodes this trust. Digital Services Act (DSA) The DSA places greater responsibility and accountability on online platforms of all sizes. It targets illegal content, disinformation, and harmful practices.

Risk

Risk Manufacturing Cybersecurity Digital transformation

Top 10 Data Breaches of All Time

SecureWorld News

MARCH 24, 2022

Now, headlines about ransomware, cyberattacks, and data breaches pour into social media feeds as steady as a river flows. SecureWorld News takes a look at some of the largest data breaches to ever occur. Top 10 most significant data breaches. Yahoo data breach (2013). Who attacked: no attacker.

Data breaches

Data breaches Passwords Accountability Government

What is credential stuffing? And how to prevent it?

Security Affairs

MARCH 29, 2022

Earmarked by the FBI as a particular threat to the financial service industry just over a year ago, the increase of internet traffic, data breaches and API usage all contribute to the perfect conditions for successful credential stuffing attacks. You can’t access an account with recycled credentials if there aren’t any.

Passwords

Passwords Authentication Data privacy Accountability

Billions of FBS Records Exposed in Online Trading Broker Data Leak

Security Affairs

MARCH 24, 2021

Forex trading may be dominated by banks and global financial services but, thanks to the Internet, the average person can today dabble directly in forex, securities and commodities trading. In the rush toward online trading though, users have entrusted terabytes of confidential data to online forex trading platforms.

Passwords

Passwords Accountability Media Identity Theft

FBI: Credential Stuffing Leads to Millions in Fraudulent Transfers

SecureWorld News

SEPTEMBER 15, 2020

A mid-sized financial institution reported its online banking platform received a "constant barrage" of login attempts using a variety of credential pairs, indicating that the attack was using bots. Financial industry targeted the most by credential stuffing attacks. million in fraudulent check withdrawals and ACH transfers.

Banking

Banking Passwords Accountability DDOS

Top 10 Data Breaches of All Time

SecureWorld News

DECEMBER 29, 2020

Now headlines about ransomware, cyberattacks and data breaches pour into social media feeds at a steady drumbeat. SecureWorld now takes a look at some of the largest data breaches to ever occur. Top 10 most significant data breaches. Yahoo data breach (2013). Equifax data breach (2017).

Data breaches

Data breaches Passwords Accountability Government

How to Apply the Lessons of 2019 to the Security of 2020

McAfee

DECEMBER 23, 2019

It comes as no surprise that financial services, insurance, and healthcare were popular targets, given their proximity to sensitive, easily-monetizable data. A little more surprising, however, is the similarities between breaches across industries and organizations. Application Misconfiguration.

Healthcare

Healthcare Insurance Artificial Intelligence Authentication

Popular apps left biometric data, IDs of millions of users in danger

Security Affairs

JANUARY 27, 2022

Onfido, a London-based company, offers photo-based IDV services for businesses. Financial service providers, car rentals, and many other suppliers that need to confirm customer identities employ similar third-party services. Enable two-factor authentication (2FA) on all your online accounts.

Identity Theft

Identity Theft Accountability Data breaches Social Engineering

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Duo's Security Blog

NOVEMBER 20, 2023

“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!

Threat Detection

Threat Detection Authentication Accountability Data breaches

Why CISA is Warning CISOs About a Breach at Sisense

Krebs on Security

APRIL 11, 2024

New York City based Sisense has more than 1,000 customers across a range of industry verticals, including financial services, telecommunications, healthcare and higher education. ” “We are taking this matter seriously and promptly commenced an investigation,” Dash continued.

CISO

CISO Encryption Telecommunications Financial Services

Digital Onboarding: Convenience Meets Security in Banking

Thales Cloud Protection & Licensing

JANUARY 22, 2024

Because while the goal – opening a bank account – remains the same, consumer expectations, the process itself, and the security measures involved have all been redefined. IAM can provide a framework that ensures the right individuals have the right access to systems, applications, and data.

Banking

Banking Authentication Identity Theft Mobile

The Hacker Mind Podcast: Hacking APIs

ForAllSecure

JUNE 16, 2021

And in May of 2021 Researchers disclosed that the Peloton API authentication was broken. With that an attacker couldn't necessarily intercept the data, but they could query the peloton API to get user data that they weren't supposed to. So account balance and, you know, Do you want to transfer that kind of stuff.

Hacking

Hacking Mobile Authentication Internet

The Hacker Mind Podcast: Hacking APIs

ForAllSecure

JUNE 16, 2021

And in May of 2021 Researchers disclosed that the Peloton API authentication was broken. With that an attacker couldn't necessarily intercept the data, but they could query the peloton API to get user data that they weren't supposed to. So account balance and, you know, Do you want to transfer that kind of stuff.

Hacking

Hacking Mobile Authentication Internet

SHARED INTEL: ‘Credential stuffers’ leverage enduring flaws to prey on video game industry

The Last Watchdog

JULY 7, 2021

Credential stuffing is a type of advanced brute force hacking that leverages software automation to insert stolen usernames and passwords into web page forms, at scale, until the attacker gains access to a targeted account. Some deep, structural flaws persist in the way we use our web browsers and mobile apps to access online accounts.

Accountability

Accountability Mobile Passwords Authentication

SHARED INTEL: Akamai reports web attack traffic spiked 62 percent in 2020 — all sectors hit hard

The Last Watchdog

MAY 24, 2021

billion hitting financial services organizations — an increase of more than 45 percent year-over-year in that sector. billion web app attacks last year, with more than 736 million targeting financial services. billion web attacks globally; 736 million in the financial services sector. A: Everything.

Financial Services

Financial Services Passwords Media Data breaches

Q&A: Sophos poll shows how attackers are taking advantage of cloud migration to wreak havoc

The Last Watchdog

JULY 21, 2020

Furthermore, 50% encountered ransomware and other malware; 29% reported incidents of data getting exposed; 25% had accounts compromised; and 17% dealt with incidents of crypto-jacking. New cloud PaaS services, such as shared storage, containers, database services and serverless functions etc.

Cloud Migration

Cloud Migration Ransomware Data breaches Internet

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

You might not think of it as a major aspect of security and yet, stolen credentials are really the key to data breaches today. To use a service, we enter our user name and a password. But this method of authentication is flawed; either hashed or hashed and salted, usernames and passwords can still be stolen and reused.

Passwords

Passwords Authentication Mobile Password Management

SHARED INTEL: APIs hook up new web and mobile apps — and break attack vectors wide open

The Last Watchdog

OCTOBER 29, 2019

In short, APIs are multiplying fast and creating the automated highways of data. And this doesn’t account for all the private APIs business built and use. The services on that smartphone you’re holding makes use of hundreds of unique APIs. Data breach disclosure laws in effect across 47 U.S.

Mobile

Mobile Digital transformation Data breaches Firewall

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

FEBRUARY 25, 2019

A separate set of startups soon cropped up specifically to handle the provisioning of log on accounts that gave access to multiple systems, and also the de-provisioning of those accounts when a user left the company. The IAM vendors took single sign-on to the next level, adding multi-factor authentication and other functionalities.

Government

Government Authentication Technology Data breaches

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

SecureWorld News

OCTOBER 15, 2020

A group of teenagers used social engineering to breach Twitter's network and take over the accounts of a whole bunch of A-listers. The teens also took over Twitter accounts of several cryptocurrency companies regulated by the New York State Department of Financial Services (NYDFS).

Social Engineering

Social Engineering Media Scams Financial Services

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 19, 2023

Israeli man sentenced to 80 months in prison for providing hacker-for-hire services Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine The board of directors of OpenAI fired Sam Altman Medusa ransomware gang claims the hack of Toyota Financial Services CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog (..)

Data breaches

Data breaches Identity Theft Ransomware Hacking

Defending Financial Services Against Fraud in a Shifting Cyber Landscape

Top 5 Industries Most Vulnerable to Data Breaches in 2023

Trending Sources

Hitachi becomes the next victim after a ransomware attack on GoAnywhere software

VA Data Breach: An Attack on Those Who Served

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

The Clock is Ticking for PCI DSS 4.0 Compliance

Scary Fraud Ensues When ID Theft & Usury Collide

NY Investigates Exposure of 885 Million Mortgage Documents

NY Charges First American Financial for Massive Data Leak

Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed

Marriott Breach: More than 500 Million Guest Affected

The Future of Payments Security

How to achieve financial inclusion with Open Banking

50 Ways to Avoid Getting Scammed on Black Friday

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Mysterious custom malware used to steal 1.2TB of data from million PCs

Obrela’s 2022 Digital Universe Study – A look at today’s threat landscape

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Top 10 Data Breaches of All Time

What is credential stuffing? And how to prevent it?

Billions of FBS Records Exposed in Online Trading Broker Data Leak

FBI: Credential Stuffing Leads to Millions in Fraudulent Transfers

Top 10 Data Breaches of All Time

How to Apply the Lessons of 2019 to the Security of 2020

Popular apps left biometric data, IDs of millions of users in danger

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Why CISA is Warning CISOs About a Breach at Sisense

Digital Onboarding: Convenience Meets Security in Banking

The Hacker Mind Podcast: Hacking APIs

The Hacker Mind Podcast: Hacking APIs

SHARED INTEL: ‘Credential stuffers’ leverage enduring flaws to prey on video game industry

SHARED INTEL: Akamai reports web attack traffic spiked 62 percent in 2020 — all sectors hit hard

Q&A: Sophos poll shows how attackers are taking advantage of cloud migration to wreak havoc

The Hacker Mind Podcast: Going Passwordless

SHARED INTEL: APIs hook up new web and mobile apps — and break attack vectors wide open

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

Stay Connected