In 2014, remote attackers hit J.P. Morgan Chase and the associated website of the J.P. Morgan Corporate Challenge, affecting 76 million households and 7 million small businesses. Financial services are high value targets. Even when collecting only the name and address of a high-asset account holder, that information can still be profitable on the black […]
Continue Reading...
Posted in Application Security, Financial Services Security | Comments Off on 7 ways financial services firms can protect themselves
On Wednesday three U.S. bank regulators issued an advance notice of proposed rulemaking (ANPR) calling on banks to do more with their cybersecurity programs. The Federal Reserve Board, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency have proposed a set of standards. The standards, which are open to discussion […]
Continue Reading...
Posted in Financial Services Security | Comments Off on U.S. bank regulators want higher cybersecurity standards
Months after February’s high-profile $81 million heist at Bangladesh Bank, the global financial messaging system known as SWIFT said it has faced additional attempts to steal money starting in June. SWIFT messaging services are used and trusted by more than 11,000 financial institutions in more than 200 countries and territories around the world, according to […]
Continue Reading...
Posted in Data Breach, Financial Services Security | Comments Off on SWIFT discloses additional bank hacking thefts
A former Google engineer has created an operating system for the financial service industry that uses blockchain, a component developed by BitCoin. Known as Vault OS, the operating system creates a shared database in which participants can trace every transaction ever made. The ledger used is both tamper-proof and transparent. That means transactions can be […]
Continue Reading...
Posted in Financial Services Security | Comments Off on Former Google engineer launches BlockChain-enabled OS for financial services
According to the US Securities and Exchanges Commission chair, cyber hacking is the biggest risk facing the world’s financial markets today. US SEC Chair Mary Jo White made her comments Wednesday at a conference organized by the Reuters news service. She specifically cited the March 2016 theft of $81 million from the Bangladesh central bank. […]
Continue Reading...
Posted in Application Security, Financial Services Security, Security Risk Assessment | Comments Off on SEC warns on financial services cybersecurity risks
SWIFT, the Society for Worldwide Interbank Financial Telecommunication, has issued a patch after identifying a vulnerability that may have lead to last month’s theft of theft of $81 million from a Bangladesh Bank account at the New York Federal Reserve Bank. “SWIFT is aware of a number of recent cyber incidents in which malicious insiders […]
Continue Reading...
Posted in Financial Services Security, Software Security Testing, Vulnerability Assessment | Comments Off on SWIFT interbank network patches software vulnerabilities
Originally posted on SecurityWeek The former CISO of a large intelligence community agency once told me, “The number one challenge in IT Security is the carbon-based life form.” Needless to say, that comment has stuck with me as I read articles daily about hacks with their genesis found in credentials lifted from phishing schemes. Given […]
Continue Reading...
Posted in Data Breach, Financial Services Security, Internet of Things, Maturity Model (BSIMM) | Comments Off on ATMs to IoT: The generational divide of digital trust
The SWIFT secure financial messaging system is under U.S. government scrutiny after last week’s disclosure of the theft of millions from a Bangladesh Central Bank account at the Federal Reserve Bank of New York. Although smaller transfers between the Bangladesh bank and the federal reserve did go through, a large transfer of between $850-$870 million […]
Continue Reading...
Posted in Application Security, Data Breach, Financial Services Security | Comments Off on Bangladesh Bank security breach prompts U.S. probe
Stung by early data breaches, some big banks have been quietly developing their own software products to protect their global assets. According to Reuters, U.S. banks, including Goldman Sachs Group, Morgan Stanley, and JPMorgan Chase, are beginning to sell technology developed internally. Others, such as Bank of America Corp and Citigroup say they do not […]
Continue Reading...
Posted in Financial Services Security | Comments Off on Big banks as security vendors
Criminal hackers looking to steal roughly a billion dollars from a bank in Bangladesh were stopped by a common mistake: a spelling error. Although smaller transfers between the Bangladesh central bank and the Federal Reserve Bank of New York did go through, a large transfer of between $850-$870 million was stopped at a transfer bank, […]
Continue Reading...
Posted in Application Security, Financial Services Security | Comments Off on Typo halts billion dollar bank theft