Duo's Security Blog

AUGUST 22, 2022

In 2017, New York Department of Financial Services (NYDFS) passed cybersecurity regulation 23 NYCRR 500, requiring all financial services companies to implement multi-factor authentication (MFA). With one tap, users are able to quickly and easily login to their account.

Cybersecurity 71

Cybersecurity Financial Services VPN Technology 71

Cisco Security

MARCH 23, 2021

This is what we covered in part one of this Threat Trends release on DNS Security, using data from Cisco Umbrella , our cloud-native security service. For example, those in the financial services industry may see more activity around information stealers; others in manufacturing may be more likely to encounter ransomware.

DNS 124

DNS Financial Services Healthcare Manufacturing 124

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

According to the 2022 Thales Data Threat Report – Financial Services Edition , 52% of U.S. financial services organizations report that they have experienced a data breach in the past. mandates that account data storage is kept to a minimum by implementing data retention and disposal policies, procedures, and processes.

Financial Services 77

Financial Services Data breaches Accountability Encryption 77

Thales Cloud Protection & Licensing

DECEMBER 20, 2023

In an era where technology evolves at a blistering pace, business leaders must stay ahead of the curve. Quantum Computing and Its Business Impact Quantum computing stands at the forefront of technological evolution, poised to redefine the boundaries of processing power and problem-solving. The same is true for today’s business leaders.

Cybersecurity 83

Cybersecurity Technology Cyber threats Artificial Intelligence 83

The Last Watchdog

APRIL 7, 2020

they then began to use the stolen credentials to launch automated account takeovers. “So So if you were participating in that environment, and you were looking for a relationship, then your account might get taken over. We were able to stop the account takeovers that would then sometimes lead to these romance scams.”

Mobile 220

Mobile Digital transformation Scams Accountability 220

Krebs on Security

SEPTEMBER 29, 2021

The idea is that even if the user’s password gets stolen, the attacker still can’t access the user’s account without that second factor — i.e. without access to the victim’s mobile device or phone number. The OTP interception service featured earlier this year — Otp[.]agency

Passwords 311

Passwords Mobile Authentication Banking 311

Krebs on Security

MAY 3, 2019

A Pennsylvania credit union is suing financial industry technology giant Fiserv , alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers. Brookfield, Wisc.-based based Fiserv [ NASDAQ:FISV ] is a Fortune 500 company with 24,000 employees and $5.8

Banking 177

Banking Accountability Passwords Technology 177

Thales Cloud Protection & Licensing

JANUARY 10, 2022

The financial services ecosystem has evolved tremendously over the past few years driven by a surge in the adoption of digital payments. This raises the question of where digital payment technologies will take us in the future, and how will this affect consumers? How Can We Secure The Future of Digital Payments?

Retail 126

Retail Financial Services Banking Authentication 126

CSO Magazine

JANUARY 28, 2021

Health Insurance Portability and Accountability Act (HIPAA). The Health Information Technology for Economic and Clinical Health Act (HITECH). New York State Department of Financial Services, Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500). North American Electric Reliability Corp.

CSO 128

CSO Financial Services Consumer Protection Data privacy 128

Malwarebytes

OCTOBER 27, 2023

In a security blog about Octo Tempest Microsoft states: “Octo Tempest monetized their intrusions in 2022 by selling SIM swaps to other criminals and performing account takeovers of high-net-worth individuals to steal their cryptocurrency.”

Social Engineering 94

Social Engineering Engineering Ransomware Backups 94

SecureWorld News

OCTOBER 26, 2023

And as the use of technology continues to increase across all aspects of shipping–from ship networks to offshore installations and shoreside control centres–so does the potential for cybersecurity breaches,' reported Heavylift PFI, quoting Tom Walters, partner at the Hollman Fenwick Willan law firm." A Notice of Privacy Incident issued Oct.

Energy and Utilities 85

Energy and Utilities Identity Theft Hacking Healthcare 85

Centraleyes

DECEMBER 18, 2023

How DORA is Transforming the Management’s Role in Financial Services EU’s Digital Operational Resilience Act (DORA) ushers in a new era for financial services firms, placing extensive operational resilience requirements and heightened board oversight mandates on various entities within the EU’s financial sector.

Financial Services 52

Financial Services CISO Risk Technology 52

Security Boulevard

JUNE 26, 2023

Data breaches caused by weak security measures and procedures result in severe monetary losses, erosion of clients’ trust, and irreversible reputation damage to organizations in the healthcare, financial services, technology, and retail industries, as well as government and public sector entities.

Data breaches 52

Data breaches Healthcare Telecommunications Financial Services 52

Malwarebytes

DECEMBER 1, 2022

Like other ransomware groups, its threat actors use double extortion tactics, predominantly targeting organizations in the US in five critical infrastructure sectors: critical manufacturing, financial services, government facilities, healthcare and public health, and information technology.

Ransomware 84

Ransomware Financial Services Accountability Malware 84

SC Magazine

JULY 2, 2021

and a payments network operator, the Federal Reserve is also tasked with supervising technology service providers, and researching the design and inherent risk of payment systems. “In Such discoveries would no doubt prove useful to the financial services community at large.

Financial Services 71

Financial Services Banking Identity Theft Media 71

The Last Watchdog

DECEMBER 21, 2021

That said, Microsoft Exchange on-premises email servers – technology that once, not too long ago, dominated this space – remain in pervasive business use today. What’s more, many of the organizations migrating to cloud IT infrastructure services are patching together hybrid email systems, part on-premises and part cloud-hosted.

Marketing 195

Marketing Financial Services Ransomware Software 195

CyberSecurity Insiders

JUNE 28, 2021

While previously all this personal and financial information was controlled by your bank, PSD2 required all banks in the EU to create application programming interfaces (APIs) – a technology infrastructure that provides a secure and effective way to expose this data – and then share them with officially approved third parties.

Banking 133

Banking Financial Services Authentication Technology 133

The Security Ledger

APRIL 5, 2023

In 2022, insecure and leaky APIs were the common theme behind a number of major cyber incidents, including the leak of data on more than 5 million Twitter account holders as well as other incidents. And about 16 or 17 of those were in banking, financial services, hedge fund administration, all in technology.

CSO 52

CSO Digital transformation Cyber Attacks Financial Services 52

SecureWorld News

JUNE 29, 2021

Microsoft researchers offered some interesting details about who Nobelium focused on in these recent attacks: "This activity was targeted at specific customers, primarily IT companies (57%), followed by government (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services.".

Cybercrime 52

Cybercrime Financial Services Accountability Passwords 52

Security Affairs

MARCH 8, 2022

. “As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” reads the FBI’s flash alert.

Ransomware 94

Ransomware Financial Services VPN Passwords 94

Security Affairs

MAY 24, 2023

“The DPRK conducts malicious cyber activities and deploys information technology (IT) workers who fraudulently obtain employment to generate revenue, including in virtual currency, to support the Kim regime and its priorities, such as its unlawful weapons of mass destruction and ballistic missile programs.” 13687 and E.O.

Government 90

Government Cryptocurrency Media Technology 90

CyberSecurity Insiders

JANUARY 19, 2023

The first news that is trending is associated with financial service provider PayPal. According to the official statement from the company, the leak took place on January 11th,2023 through a tool exploit related to Mailchimp Customer Support and Account Administration.

Cyber Attacks 106

Cyber Attacks Social Engineering Financial Services Encryption 106

Thales Cloud Protection & Licensing

FEBRUARY 27, 2023

This includes the evolution from physical currency and checks to digital payment methods such as credit and debit cards, as well as the emergence of newer technologies like mobile payments and cryptocurrencies. Open banking is a good indicator of the speed and extent to which consumers and businesses are adopting new payment technologies.

Banking 71

Banking Cryptocurrency Financial Services Accountability 71

Security Affairs

MAY 10, 2022

“Frappo” was initially designed to be an anonymous cryptocurrency wallet based on a fork of Metamask and is completely anonymous, it doesn’t require a threat actor to register an account. Detailed analysis of the Phishing-As-A-Service Frappo is available here: [link].

Phishing 81

Phishing Banking Retail Financial Services 81

Security Affairs

AUGUST 16, 2023

Other top 4 targeted industries include Manufacturing, Insurance, Technology, and Financial Services seeing 15%, 9%, 7%, and 6% of the campaign traffic respectively.” The content of the message attempt to trick the recipient into scanning the code to verify their account. ” continues the report.

Phishing 94

Phishing Energy and Utilities Insurance Manufacturing 94

The Last Watchdog

MAY 17, 2021

Related: How credential stuffing fuels account takeovers. In pulling off that milestone hack, Paige Thompson took advantage of CapOne’s lack of focus on cloud security as the banking giant rushed headlong into leveraging Amazon Web Services. The summer of 2019 was a heady time for the financial services industry.

Cloud Migration 167

Cloud Migration Banking Firewall Software 167

Centraleyes

MARCH 3, 2024

Who : Identify key stakeholders, from leadership to employees, ensuring effective communication and accountability. How : Evaluate compliance risk assessment methodologies and tools for efficient risk identification, evaluation, and mitigation, incorporating technological advancements and best practices.

Risk 52

Risk Technology Accountability Marketing 52

Security Affairs

OCTOBER 15, 2019

The Pitney Bowes company announced that a ransomware attack infected its systems and cause a partial system outage that made some of its service unavailable for some customers. Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce, shipping, mailing, data and financial services.

Ransomware 79

Ransomware eCommerce Financial Services Advertising 79

CyberSecurity Insiders

OCTOBER 3, 2021

With the shift to a more flexible pandemic workforce and the highly publicized Colonial Pipeline attack, cyber criminals introduced new – and updated – threats and tactics in campaigns targeting prominent sectors, such as Government, Financial Services and Entertainment. COVID-19 Impact on Workforce Continues to Increase Cloud Threats.

Ransomware 59

Ransomware Financial Services Manufacturing Government 59

Adam Levin

NOVEMBER 17, 2020

Credit cards offer markedly better fraud protections than debit cards , which connect directly to your bank account. Virtual credit cards similarly allow online shoppers to mask their financial accounts. Many financial institutions offer free transaction alerts that notify you when charges hit your account.

Scams 243

Scams Retail Banking Passwords 243

Security Affairs

MARCH 29, 2022

Then, they enter those accounts for the purpose of abusing permissions, siphoning out data, or both. Also, with the massive push to remote work, XaaS technologies and the rush to the convenience of apps, companies are relying heavily on APIs which are often underprotected. How credential stuffing attacks work.

Passwords 84

Passwords Authentication Data privacy Accountability 84

Duo's Security Blog

JUNE 28, 2022

And one of the few security technologies that is specifically called out by the FTC is multi-factor authentication (MFA). For example, after a Duo Security user logs into their account, Duo push pops up on their phone confirming that the right person is accessing the right account. What is the FTC’s Safeguards Rule?

Authentication 52

Authentication Financial Services Technology Information Security 52

CyberSecurity Insiders

APRIL 4, 2023

73% of employees working in financial services organizations have noticed an increase in the frequency of scam emails and texts in the last 6 months. This rises to over half (51%) in the financial services industry and 41% in the legal industry , adding another layer of security risk that isn’t malicious.

Cyber Attacks 119

Cyber Attacks Social Engineering Scams Phishing 119

SiteLock

AUGUST 27, 2021

This could then be used to gain access to your website accounts. I want to reiterate that this bug was limited to Cloudflare’s technology, specifically in how it was using a Ragel -based parser and NGINX in its caching mechanisms — SiteLock TrueShield™ WAF/CDN does not use either of these technologies and is not impacted by this bug.

Passwords 52

Passwords Financial Services Engineering Technology 52

Security Affairs

FEBRUARY 27, 2023

The majority of the identified fraudulent projects were related to financial services (FIs), oil & gas, renewable energy, EV batteries, electric vehicles, healthcare, semiconductors, and world-recognized investment corporations and funds with a global presence.

Scams 97

Scams Mobile Marketing Banking 97

Security Boulevard

MAY 12, 2021

But today, the rise of online banking, digital applications, and challenger banks has caused significant disruption across financial services. The need to provide better, faster, and safer digital services to customers remains a powerful driver of digital transformation for banking institutions.

Banking 112

Banking Digital transformation Technology Financial Services 112

CyberSecurity Insiders

JUNE 4, 2021

In addition to the above, the pandemic has permanently shifted the role of digital payment technology. So, how can we ride the digital wave for financial services and shape an innovative mobile experience that customers use in the long term? All this happens before the customer receives their physical card.

Mobile 64

Mobile Banking Digital transformation Technology 64