Jai Vijayan, Darkreading.com, December 21, 2016
Malware samples these days often pack a bewildering array of functions and have an almost Swiss army knife-like quality about them. One exception is Alice, a new ATM malware family that security vendor Trend Micro discovered recently.
Lucian Constantin, Networkworld.com, December 19, 2016
Cybercriminals are adding file-encrypting features to traditional mobile banking trojans, creating hybrid threats that can steal sensitive information and lock user files at the same time.
Christopher Ensey, Thehill.com, December 16, 2016
In recent years, more and more companies across a range of industries have fallen victim to cyber attacks, including Sony Pictures, Yahoo!, and LinkedIn; however, we have yet to see a successful large scale breach of a major U.S. financial institution.
Darkreading.com, December 19, 2016
The numbers are in, and they don’t look too good.
Confidential financial data worth tens of millions of about 350 Ameriprise clients were exposed unwittingly by one of its financial advisors while taking a back-up on an Internet-connected drive at home, reports ZDNet. The discovery, by security researcher Chris Vickery of MacKeeper during a random scan with Shodan search engine, has raised questions about the security practices followed by the company’s franchise operators across the US.
That translates to 4-5 new malware samples every second of every day.
Paybefore.com, December 13, 2016
The European Banking Authority (EBA) working with the European Central Bank (ECB) recently released a consultation paper on guidelines for payment service providers (PSPs) to follow in the event of security breaches. Among the suggested mandates is notifying authorities of an incident within two hours from the moment the breach is detected—that’s significantly faster than the breach notification requirements set to go into force next year under the General Data Protection Regulation (GDPR), which requires notice within 72 hours of breach detection. The GDPR also applies to U.S. companies that process information and intend to offer products or services to people in the EU, or monitor people in the EU, according to legal experts at Bryan Cave.
Lucian Constantin, Computerworld.com, December 9, 2016
Botnets made up of hacked home routers were used to launch distributed denial-of-service attacks against the five largest financial organizations in Russia.
Rich Bolstridge, Blogs.akamai.com, December 12, 2016
In the first of this two-part blog, I reported the impact that the Dyn DDoS attack had on the financial services industry. Banks, insurers, credit cards, and others had two waves of impacts on Oct. 21, with many websites clocking in with 60 second page response times, and others with outright failures, not able to service their customers.
In Part 2, we’ll dig into some details to better understand the technology risks of financial services websites, and extract some lessons learned for the industry.
Jai Vijayan, Darkreading.com, December 5, 2016
Researchers at the UK’s Newcastle University have developed what they say is an almost absurdly easy way to get the card number, security code, and expiration date of any Visa credit or debit card using nothing but guesswork — six seconds flat.
Jeremy Kirk, Bankinfosecurity.com, December 5, 2016
Hackers apparently stole 2 billion rubles (US $31 million) from accounts that banks keep at Russia’s central bank in a series of cyberattacks this year, according to several news reports. The news comes as the country’s security service also claims to have fought off broader attacks against the financial services industry.