Tag: finance
-
Information Security Manual (ISM)
What is the Information Security Manual (ISM)? The Information Security Manual (ISM) is a cybersecurity framework developed by the Australian Signals Directorate (ASD) to help organizations protect their IT and operational technology systems, applications, and data from cyber threats. The ISM is relevant to industries like government, defense, finance, healthcare, and other sectors where sensitive……
-
Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes
Marco Raquan Honesty has pleaded guilty to his roles in several fraud schemes, including smishing, identity theft, and bank account takeover. The post Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/washington-man-admits-to-role-in-multiple-cybercrime-fraud-schemes/
-
Threat Intelligence’s Top Players Tackle Evolving Cyber Risk
Acquisitions, AI and Emerging Threats Define Strategy for Recorded Future, Google. From Google’s $5.4 billion acquisition of Mandiant to Recorded Future’s fraud insights following Mastercard’s $2.65 billion purchase, threat intelligence vendors are innovating with AI and are focused on operationalizing their data through automation and managed services. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/threat-intelligences-top-players-tackle-evolving-cyber-risk-a-27327
-
Massive NBI Data Breach Exposes Millions of Users Records Online
The National Bureau of Investigation (NBI), the Philippines’ top investigative agency, has reportedly been compromised, exposing the sensitive data of millions of Filipinos. A dark web user operating under the pseudonym >>Zodiac Killer
-
How organizations can secure their AI code
Tags: ai, application-security, awareness, backdoor, breach, business, chatgpt, ciso, compliance, control, credentials, crime, cybersecurity, data, data-breach, finance, github, healthcare, LLM, malicious, ml, open-source, organized, programming, risk, risk-management, software, startup, strategy, supply-chain, technology, tool, training, vulnerabilityIn 2023, the team at data extraction startup Reworkd was under tight deadlines. Investors pressured them to monetize the platform, and they needed to migrate everything from Next.js to Python/FastAPI. To speed things up, the team decided to turn to ChatGPT to do some of the work. The AI-generated code appeared to function, so they…
-
Midsize firms universally behind in slog toward DORA compliance
Tags: ai, business, ciso, compliance, cybersecurity, dora, finance, germany, insurance, intelligence, monitoring, resilience, risk, service, skills, technology, toolBeginning Friday, Jan. 17, all EU financial institutions are now required to operate in compliance with the Digital Operational Resilience Act (DORA). The EU directive aims to increase cybersecurity in the financial industry. However, studies show that many companies are still struggling with implementation.According to a November 2024 survey from metafinanz, the average level of…
-
Employees of failed startups are at special risk of stolen personal data through old Google logins
As if losing your job when the startup you work for collapses isn’t bad enough, now a security researcher has found that employees at failed startups are at particular risk of having their data stolen. This ranges from their private Slack messages to Social Security numbers and, potentially, bank accounts. The researcher who discovered the…
-
FTC orders GM to stop collecting and selling driver’s data
The Federal Trade Commission (FTC) has announced action against General Motors (GM) and its subsidiary, OnStar, for unlawful collection and sale of drivers’ precise geolocation and driving behavior data without first obtaining their consent. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/legal/ftc-orders-gm-to-stop-collecting-and-selling-drivers-data/
-
MSSP Market Update: FTC Tells GoDaddy to Get Serious About Data Security
First seen on scworld.com Jump to article: www.scworld.com/news/mssp-market-update-ftc-tells-godaddy-to-get-serious-about-data-security
-
How Imperva Protects the Arts Industry from Ticketing Abuse by Carding Bots
The ticketing industry is under constant threat from malicious bots, with bad actors targeting these platforms for financial gain. Bots accounted for 31.1% of all traffic to entertainment platforms in 2024, with attacks ranging from scalping and credential stuffing to carding operations. When one public museum experienced a surge in fraudulent transactions, they turned to……
-
US hits back against China’s Salt Typhoon group
Tags: attack, backdoor, china, cisa, ciso, communications, computer, control, crypto, cve, cyber, cyberattack, cybersecurity, defense, detection, disinformation, espionage, exploit, finance, government, group, infosec, infrastructure, intelligence, ivanti, law, malicious, mandiant, microsoft, network, north-korea, office, tactics, technology, theft, threat, tool, vpn, vulnerabilityThe US is hitting back against the threat group, dubbed Salt Typhoon by Microsoft, which is allegedly behind recent cyber attacks against American telecommunications providers, as part of a wider campaign against Chinese-based hacking.On Friday the Department of the Treasury’s Office of Foreign Assets Control (OFAC) said it is sanctioning Sichuan Juxinhe Network Technology, a…
-
FTC cracks down on Genshin Impact gacha loot box practices
Tags: financeGenshin Impact developer Cognosphere (aka Hoyoverse) has agreed to a $20 million settlement with the U.S. Federal Trade Commission (FTC) over its gacha loot box monetization and is now banned from selling them to teens under the age of sixteen without parental consent. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/gaming/ftc-cracks-down-on-genshin-impact-gacha-loot-box-practices/
-
‘Surveillance pricing’ means higher costs for consumers, preliminary FTC report says
Tags: financeThe FTC posted a preliminary report that said businesses do sometimes charge customers more for products based on insights gleaned from online behavior. The commission’s incoming GOP majority objected to the document’s release.]]> First seen on therecord.media Jump to article: therecord.media/surveillance-pricing-preliminary-ftc-report
-
Employees Enter Sensitive Data Into GenAI Prompts Far Too Often
The propensity for users to enter customer data, source code, employee benefits information, financial data, and more into ChatGPT, Copilot, and others is racking up real risk for enterprises. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/employees-sensitive-data-genai-prompts
-
DORA Takes Effect: Financial Firms Still Navigating Compliance Headwinds
The EU’s DORA regulation is in effect as of January 17, with mixed evidence around compliance levels among financial firms First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/dora-financial-firms-compliance/
-
University of Oklahoma isolates systems after ‘unusual activity’ on IT network
The school, which has more than 34,000 students, appeared on the leak site of a ransomware gang on Tuesday, with the group claiming to have stolen 91 GB of data that allegedly includes employee data, financial information and more.]]> First seen on therecord.media Jump to article: therecord.media/university-of-oklahoma-isolates-systems-unusual-activity
-
DORA’s Deadline Looms: Navigating the EU’s Mandate for Threat Led Penetration Testing
With DORA’s January 2025 compliance deadline approaching, financial institutions must embrace rigorous testing, tailored threat profiles, and continuous vigilance to safeguard against cyber threats. The post DORA’s Deadline Looms: Navigating the EU’s Mandate for Threat Led Penetration Testing appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/doras-deadline-looms-navigating-the-eus-mandate-for-threat-led-penetration-testing/
-
UK Considers Banning Ransomware Payments
The proposed mandate intends to discourage criminals from targeting critical national infrastructure and public services, as there will be no financial motivation. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/uk-banning-ransomware-payments/
-
Russian espionage and financial theft campaigns have ramped up, Ukraine cyber agency says
Tags: cyber, cybersecurity, defense, espionage, finance, government, incident, incident response, russia, theft, ukraineOver the past year, Ukraine’s cyber incident response center identified and addressed 1,042 cybersecurity incidents impacting government, defense, and critical services.]]> First seen on therecord.media Jump to article: therecord.media/russian-espionage-financial-theft-campaign
-
Wultra Raises Euro3M to Defend Quantum Cyber Threats Targets Financial Institutions
Tags: authentication, computing, cyber, cybersecurity, finance, fintech, risk, startup, technology, threatQuantum computing is set to revolutionize technology, but it also presents a significant security risk for financial institutions. Czech cybersecurity startup Wultra has raised Euro3 million from Tensor Ventures, Elevator Ventures, and J&T Ventures to accelerate the development of its post-quantum authentication technology, safeguarding banks and fintech against the coming wave of quantum threats. The…
-
Wultra Secures Euro3M to Protect Financial Institutions from Quantum Threats
Prague, Czech republic, 15th January 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/wultra-secures-e3m-to-protect-financial-institutions-from-quantum-threats/
-
Open Banking Shortcomings Threaten UK Global Leadership Position Research Finds
APIContext has released its UK Open Banking API Performance 2023-2024 Report, the annual analysis of the performance of the open banking APIs exposed by the large CMA9 UK banks (the nine largest banks required by UK law to provide open banking services), traditional High Street banks, credit card providers, building societies, and new digital banks (neobanks).…
-
The CFO may be the CISO’s most important business ally
CISOs frequently encounter inherent conflicts with business colleagues in their day-to-day responsibilities. In many ways, this is the nature of setting security policies for an organization. But the goal for CISOs should be to reset this dynamic and forge a strong, collaborative alliance with their critical leadership counterparts.Take the CFO, for example. For many CISOs,…
-
Stop wasting money on ineffective threat intelligence: 5 mistakes to avoid
Tags: business, ciso, compliance, cyber, cybersecurity, data, detection, edr, finance, group, incident response, infrastructure, intelligence, jobs, malware, monitoring, risk, risk-management, siem, soc, strategy, tactics, technology, threat, tool, update, vulnerability, vulnerability-managementStrong capabilities in cyber threat intelligence (CTI) can help take a cybersecurity program to the next level on many different fronts. When organizations choose quality sources of threat intelligence that are relevant to their technology environments and their business context, these external sources can not only power swifter threat detection but also help leaders better…
-
Case Studies on Fraud and AML Collaboration
Mission Omega’s Ian Mitchell on What Works and What Doesn’t in Program Integration. Fraud management and anti-money laundering represent two distinct disciplines in financial crime prevention. While AML primarily is a compliance-driven function, fraud is a risk management function driven by the organization’s risk appetite for fraud, said Ian Mitchell, co-founder of Mission Omega. First…
-
FRAML Reality Check: Is Full Integration Really Practical?
Experts Weigh the Pros and Cons of Work Culture and Merging AML and Fraud Teams. A recent report found that more than 57,000 Americans fall victim to scams every day. Financial fraud is rising globally. In response, the National Automated Clearinghouse Association is pushing for real-time fraud monitoring by 2026, requiring closer collaboration between fraud…
-
Chainalysis Expands Fraud Detection With Alterya Acquisition
Alterya’s AI-Powered Data Will Combat Scams Across Traditional Financial Ecosystems. Alterya’s AI agents now power Chainalysis’ fraud prevention, integrating off-chain data sources like Venmo and Zelle with blockchain analytics. This acquisition marks a significant step in detecting and stopping scams earlier in the fraud cycle, said CEO Jonathan Levin. First seen on govinfosecurity.com Jump to…
-
Biden’s final push: Using AI to bolster cybersecurity standards
Tags: access, ai, attack, china, cisa, compliance, cyber, cyberattack, cybersecurity, data, defense, detection, email, exploit, finance, framework, government, hacker, incident, infrastructure, intelligence, office, privacy, programming, resilience, risk, software, strategy, technology, threat, vulnerabilityIn a decisive move to strengthen national cybersecurity, President Joe Biden is poised to sign an executive order imposing stringent security standards for federal agencies and contractors. Scheduled for publication in the coming days, the directive will emphasize integrating artificial intelligence (AI) into cyber defense strategies while addressing systemic vulnerabilities in software security, reported Reuters.This…