Tag: finance

Der Aufstieg des Chief Trust Officers: Wo passt der CISO hinein?

Dec 23, 2025 5:19 AM

Tags: ai, ceo, cio, ciso, compliance, cyersecurity, finance, governance, grc, office, risk, risk-management, soc, software, vulnerability

Der Chief Trust Officer steht für einen Wandel von der Verteidigung von Systemen hin zur Sicherung der Glaubwürdigkeit.Immer mehr Unternehmen heben Vertrauen als Unterscheidungsmerkmal für ihr Geschäft hervor. Durch Datenschutzverletzungen, Bedenken hinsichtlich der Produktsicherheit und Unsicherheiten in Bezug auf künstliche Intelligenz hat das Vertrauen der Kunden in den vergangenen Jahren stark gelitten.Wie aus dem Edelman…
2025 Year in Review at Cloud Security Podcast by Google

Dec 22, 2025 9:19 PM

Tags: 2fa, ai, automation, breach, cloud, compliance, computing, control, cybersecurity, data, defense, detection, edr, finance, google, hacking, incident response, infrastructure, linux, mandiant, metric, mitigation, offense, phone, privacy, risk, security-incident, siem, soc, technology, threat, vulnerability, vulnerability-management, zero-trust

(written jointly with Tim Peacock) Five years. It’s enough time to fully launch a cloud migration, deploy a new SIEM, or”Š”, “Šif you’re a very large enterprise”Š”, “Šjust start thinking about doing the first two. It’s also how long Tim and I have been subjecting the world to our thoughts on Cloud Security Podcast by Google. We…
Insiders Become Prime Targets for Cybercriminals

Dec 22, 2025 7:19 PM

Tags: control, cybercrime, finance, technology

Cybercriminals are increasingly recruiting insiders to bypass security controls across banks, telecoms, and technology firms. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/insiders-become-prime-targets-for-cybercriminals/
Frogblight Malware Targets Android Users With Fake Court and Aid Apps

Dec 22, 2025 6:19 PM

Tags: android, data, finance, kaspersky, malware, scam

Kaspersky warns of ‘Frogblight,’ a new Android malware draining bank accounts in Turkiye. Learn how this ‘court case’ scam steals your data and how to stay safe. First seen on hackread.com Jump to article: hackread.com/frogblight-malware-android-fake-court-aid-apps/
Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Dec 22, 2025 1:19 PM

Tags: access, attack, automation, awareness, breach, china, conference, credentials, cybercrime, data, email, espionage, exploit, finance, government, group, hacker, hacking, linkedin, malicious, microsoft, military, phishing, qr, russia, tactics, threat, tool, unauthorized

Tools of the trade: What’s driving the surge is the availability of tools that make these attacks easy to execute. Proofpoint identified two primary kits: SquarePhish2 and Graphish.SquarePhish2 is an updated version of a tool originally published by Dell Secureworks in 2022. It automates the OAuth Device Grant Authorization flow and integrates QR code functionality.The…
Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Dec 22, 2025 1:19 PM

Tags: access, attack, automation, awareness, breach, china, conference, credentials, cybercrime, data, email, espionage, exploit, finance, government, group, hacker, hacking, linkedin, malicious, microsoft, military, phishing, qr, russia, tactics, threat, tool, unauthorized

Tools of the trade: What’s driving the surge is the availability of tools that make these attacks easy to execute. Proofpoint identified two primary kits: SquarePhish2 and Graphish.SquarePhish2 is an updated version of a tool originally published by Dell Secureworks in 2022. It automates the OAuth Device Grant Authorization flow and integrates QR code functionality.The…
Insider Threat: Hackers Paying Company Insiders to Bypass Security

Dec 22, 2025 1:19 PM

Tags: access, apple, cyber, dark-web, finance, hacker, threat

A new report from Check Point Research reveals a growing trend of cyber criminals recruiting employees at banks, telecoms, and tech giants. Learn how hackers use the darknet and Telegram to offer payouts up to $15,000 for internal access to companies like Apple, Coinbase, and the Federal Reserve. First seen on hackread.com Jump to article:…
What CISOs should know about the SolarWinds lawsuit dismissal

Dec 22, 2025 8:18 AM

Tags: attack, ceo, ciso, control, corporate, cyber, cybersecurity, defense, finance, fraud, government, incident, insurance, jobs, risk

Responsibility without authority is the real risk: At the heart of the SolarWinds lawsuit was a familiar problem for security leaders: responsibility without authority. The dynamic that caught Tim Brown in the SEC’s jaws is that, despite his experience, seniority, and title, he, like most CISOs, carries tremendous responsibility without any real organizational authority to…
What CISOs should know about the SolarWinds lawsuit dismissal

Dec 22, 2025 8:18 AM

Tags: attack, ceo, ciso, control, corporate, cyber, cybersecurity, defense, finance, fraud, government, incident, insurance, jobs, risk

Responsibility without authority is the real risk: At the heart of the SolarWinds lawsuit was a familiar problem for security leaders: responsibility without authority. The dynamic that caught Tim Brown in the SEC’s jaws is that, despite his experience, seniority, and title, he, like most CISOs, carries tremendous responsibility without any real organizational authority to…
“‹”‹Marquis Data Breach Exposes Hundreds of Thousands of Bank Customers

Dec 22, 2025 5:19 AM

Tags: breach, cyberattack, data, data-breach, exploit, finance, firewall, service, unauthorized, vulnerability

New regulatory disclosures have confirmed that a cyberattack on financial services vendor Marquis exposed sensitive personal and financial information belonging to more than 400,000 bank and credit union customers across the United States. According to filings submitted to state authorities, attackers accessed Marquis systems by exploiting a known but unpatched firewall vulnerability, allowing unauthorized access……
‘Help! I need money. It’s an emergency’: your child’s voicemail that could be a scam

Dec 21, 2025 8:19 AM

Tags: ai, finance, fraud, scam

Steps to help combat fraud in which criminals use AI-generated replica of a person’s voice to deceive victimsThe voicemail from your son is alarming. He has just been in a car accident and is highly stressed. He needs money urgently, although it is not clear why, and he gives you some bank details for a…
‘Help! I need money. It’s an emergency’: your child’s voicemail that could be a scam

Dec 21, 2025 8:19 AM

Tags: ai, finance, fraud, scam

Steps to help combat fraud in which criminals use AI-generated replica of a person’s voice to deceive victimsThe voicemail from your son is alarming. He has just been in a car accident and is highly stressed. He needs money urgently, although it is not clear why, and he gives you some bank details for a…
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say

Dec 19, 2025 7:19 PM

Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerability

Formerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say

Dec 19, 2025 7:19 PM

Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerability

Formerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
FireTail’s 2022 Review on Macro, Industry, and Thoughts About What’s Next FireTail Blog

Dec 19, 2025 6:19 PM

Tags: ai, api, attack, cloud, cyber, cybercrime, cybersecurity, data, exploit, finance, government, infrastructure, intelligence, Internet, jobs, office, open-source, regulation, russia, startup, strategy, technology, usa, vulnerability

Dec 19, 2025 – Jeremy Snyder – New beginnings, such as new years, provide a nice opportunity to look back at what we have just experienced, as well as look forward to what to expect. 2022 was a year of transition in many ways, and 2023 may well be the same. I wanted to reflect…
The Asset Layer of the Web: Tokenization Is Becoming Finance’s New Backend Infrastructure

Dec 19, 2025 1:19 PM

Tags: blockchain, crypto, finance, infrastructure, regulation

Crypto’s public image lagged reality. Stablecoins, tokenization, and regulation now power a blockchain backend settling global finance at institutional scale. First seen on hackread.com Jump to article: hackread.com/asset-layer-web-tokenization-backend-infrastructure/
Why NetSuite Customer Portals Fall Short and How to Build Better User Experiences

Dec 19, 2025 12:19 PM

Tags: cloud, finance

NetSuite is one of the most widely used cloud ERP platforms in the world. It offers core features for finance, CRM, order management and commerce,…Read More First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/12/why-netsuite-customer-portals-fall-short-and-how-to-build-better-user-experiences/
FTC: Instacart to refund $60M over deceptive subscription tactics

Dec 19, 2025 11:19 AM

Tags: finance, service, tactics

Grocery delivery service Instacart will refund $60 million to settle FTC claims that it misled customers with false advertising and unlawfully enrolled them in paid subscriptions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/legal/instacart-to-refund-60m-over-deceptive-subscription-tactics/
Managing agentic AI risk: Lessons from the OWASP Top 10

Dec 19, 2025 8:19 AM

Tags: access, ai, attack, authentication, automation, ciso, cloud, compliance, container, control, credentials, cybercrime, data, exploit, finance, framework, governance, identity, injection, jobs, malicious, mitigation, risk, service, software, supply-chain, tactics, threat, tool, training, unauthorized, update

Actionable guidance: Agentic AI is the main topic of conversation in discussions among his peers, says Keith Hillis, VP of security engineering at Akamai Technologies.”Most organizations are confronted with the challenge of balancing the promising power of AI while also ensuring the organization is not incurring increased security risk,” he says. So, the biggest value…
Managing agentic AI risk: Lessons from the OWASP Top 10

Dec 19, 2025 8:19 AM

Tags: access, ai, attack, authentication, automation, ciso, cloud, compliance, container, control, credentials, cybercrime, data, exploit, finance, framework, governance, identity, injection, jobs, malicious, mitigation, risk, service, software, supply-chain, tactics, threat, tool, training, unauthorized, update

Actionable guidance: Agentic AI is the main topic of conversation in discussions among his peers, says Keith Hillis, VP of security engineering at Akamai Technologies.”Most organizations are confronted with the challenge of balancing the promising power of AI while also ensuring the organization is not incurring increased security risk,” he says. So, the biggest value…
Breach Roundup: Coupang Breach Sparks Leadership Shakeup

Dec 19, 2025 1:19 AM

Tags: breach, data, exploit, finance, flaw, fortinet, ransomware, russia

Also: Texas AG Sues Smart TV Manufacturers, Fortinet SSO Flaws. This week, a leadership shakeup at Coupang, attackers exploited critical Fortinet SSO flaws, Pornhub data hacked, Texas Attorney General Ken Paxton sued smart TV makers, auto finance provider 700Credit disclosed a breach affecting millions, A revived pro-Russia ransomware operation stumbled. First seen on govinfosecurity.com Jump…
D&O liability protection rising for security leaders, unless you’re a midtier CISO

Dec 18, 2025 9:19 AM

Tags: access, best-practice, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, defense, finance, governance, incident response, insurance, jobs, law, network, risk, risk-management, security-incident, tool

A question of indemnity: But Ryan Griffin, US cyber leader at insurance broker McGill and Partners, points out that the difference between D&O insurance and a direct indemnification agreement is often misunderstood.”The most crucial tool for a CISO’s protection is the indemnification agreement with their employer,” Griffin explains. “The D&O policy is how the company…
D&O liability protection rising for security leaders, unless you’re a midtier CISO

Dec 18, 2025 9:19 AM

Tags: access, best-practice, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, defense, finance, governance, incident response, insurance, jobs, law, network, risk, risk-management, security-incident, tool

A question of indemnity: But Ryan Griffin, US cyber leader at insurance broker McGill and Partners, points out that the difference between D&O insurance and a direct indemnification agreement is often misunderstood.”The most crucial tool for a CISO’s protection is the indemnification agreement with their employer,” Griffin explains. “The D&O policy is how the company…
What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek

Dec 18, 2025 6:19 AM

Tags: access, ai, api, attack, business, communications, compliance, control, corporate, data, exploit, finance, github, google, intelligence, LLM, malware, mitigation, openai, privacy, programming, risk, saas, service, social-engineering, software, supply-chain, threat, tool, vulnerability

As 2025 comes to a close, artificial intelligence (AI) is a clear throughline across enterprise organizations. Many teams are still in the thick of implementing AI or deciding where and how to use it. Keeping up with usage trends and developments on top of that has become increasingly difficult. AI innovation moves fast and LLMs…
What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek

Dec 18, 2025 6:19 AM

Tags: access, ai, api, attack, business, communications, compliance, control, corporate, data, exploit, finance, github, google, intelligence, LLM, malware, mitigation, openai, privacy, programming, risk, saas, service, social-engineering, software, supply-chain, threat, tool, vulnerability

As 2025 comes to a close, artificial intelligence (AI) is a clear throughline across enterprise organizations. Many teams are still in the thick of implementing AI or deciding where and how to use it. Keeping up with usage trends and developments on top of that has become increasingly difficult. AI innovation moves fast and LLMs…
What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek

Dec 18, 2025 6:19 AM

Tags: access, ai, api, attack, business, communications, compliance, control, corporate, data, exploit, finance, github, google, intelligence, LLM, malware, mitigation, openai, privacy, programming, risk, saas, service, social-engineering, software, supply-chain, threat, tool, vulnerability

As 2025 comes to a close, artificial intelligence (AI) is a clear throughline across enterprise organizations. Many teams are still in the thick of implementing AI or deciding where and how to use it. Keeping up with usage trends and developments on top of that has become increasingly difficult. AI innovation moves fast and LLMs…
Complying with the Monetary Authority of Singapore’s Cloud Advisory: How Tenable Can Help

Dec 17, 2025 10:19 PM

Tags: access, advisory, attack, authentication, best-practice, business, cloud, compliance, container, control, country, credentials, cyber, cybersecurity, data, data-breach, finance, fintech, framework, google, governance, government, iam, identity, incident response, infrastructure, intelligence, Internet, kubernetes, least-privilege, malicious, malware, mfa, microsoft, mitigation, monitoring, oracle, regulation, resilience, risk, risk-assessment, risk-management, service, software, strategy, technology, threat, tool, vulnerability, vulnerability-management, zero-trust

The Monetary Authority of Singapore’s cloud advisory, part of its 2021 Technology Risk Management Guidelines, advises financial institutions to move beyond siloed monitoring to adopt a continuous, enterprise-wide approach. These firms must undergo annual audits. Here’s how Tenable can help. Key takeaways: High-stakes compliance: The MAS requires all financial institutions in Singapore to meet mandatory…
FTC orders crypto platform Nomad to distribute $37.5 million after 2022 theft

Dec 17, 2025 9:19 PM

Tags: breach, crypto, exploit, finance, hacker, theft, vulnerability

Under a settlement with the FTC, the Nomad platform will have to redistribute stolen funds that white-hat hackers returned to the company after thieves aggressively exploited a vulnerability in 2022. First seen on therecord.media Jump to article: therecord.media/ftc-settlement-nomad-platform-return-customers-cryptocurrency
Blockchain company Nomad to repay users under FTC deal after $186M cyberattack

Dec 17, 2025 5:19 PM

Tags: blockchain, cyberattack, cybersecurity, finance

Regulator makes various additional demands over alleged cybersecurity failings First seen on theregister.com Jump to article: www.theregister.com/2025/12/17/nomad_ftc_settlement/
Your MFA Is Costing You Millions. It Doesn’t Have To.

Dec 17, 2025 3:19 PM

Tags: attack, authentication, credentials, finance, login, mfa, password, phishing, risk, social-engineering

Passwords and app-based MFA add hidden costs through lost productivity, frequent resets, and risk of phishing and social engineering attacks. Token explains how wireless biometric, passwordless authentication eliminates credential-based attacks and delivers measurable financial returns by reducing login time across the enterprise. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/your-mfa-is-costing-you-millions-it-doesnt-have-to/