Security News

European IT services provider Sopra Steria estimates that a recent ransomware attack will have a financial impact ranging between €40 million and €50 million. Sopra Steria revealed one month ago that some of its systems were infected with a new variant of the Ryuk ransomware, which is believed to have been used by Russian cybercriminals.

Cybercriminals looking to steal personal information are baiting U.S. citizens with emails purporting to be from government agencies offering federal assistance. Bad actors are sending out messages purporting to be from federal government entities offering financial aid or unemployment assistance during the pandemic.

The financial services industry has the best flaw fix rate across six industries and leads a majority of industries in uncovering flaws within open source components, Veracode reveals. Fixing open source flaws is critical because the attack surface of applications is much larger than developers expect when open source libraries are included indirectly.

A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies. Dubbed "CostaRicto" by Blackberry researchers, the campaign appears to be the handiwork of APT mercenaries who possess bespoke malware tooling and complex VPN proxy and SSH tunneling capabilities.

Four months after security researchers uncovered a "Tetrade" of four Brazilian banking Trojans targeting financial institutions in Brazil, Latin America, and Europe, new findings show that the criminals behind the operation have expanded their tactics to infect mobile devices with spyware. According to Kaspersky's Global Research and Analysis Team, the Brazil-based threat group Guildma has deployed "Ghimob," an Android banking Trojan targeting financial apps from banks, fintech companies, exchanges, and cryptocurrencies in Brazil, Paraguay, Peru, Portugal, Germany, Angola, and Mozambique.

Orca Security announced the second generation of its cloud security platform, featuring unique capabilities built specifically to respond to the public cloud security and compliance needs of global financial services customers. "The rapid digitization of services coupled with increased cloud adoption opens financial organizations to incredible risk. With Orca Security, they gain the full cloud coverage and insights they need without agents to maximize compliance and security confidence to meet the tsunami of regulations on the horizon."

Absolute announced the appointment of Steven Gatoff as Chief Financial Officer, effective November 10, 2020. Steven brings to Absolute over 25 years of financial expertise and leadership, and a distinctive track record of driving value creation for software companies, in both large public companies and earlier-stage, hyper-growth environments.

The world's biggest social media companies may have to put more of a priority on security now that a New York state financial watchdog is calling for the creation of a designated regulator tasked with monitoring their cyber defense. The New York State Department of Financial Services made the determination in a lengthy report on the Twitter hack in July after the Justice Department said two teenagers and a 22-year-old took over more than 100 prominent Twitter accounts, including the accounts of former President Barack Obama and former Vice President Joe Biden.

American financial regulators in New York have demanded Twitter be subject to harsher rules following the July hacks of prominent users' accounts - as CEO Jack Dorsey furiously backpedals after his website censored a news article from a US newspaper. The New York State Department of Financial Services demanded that Twitter be subject to more "Cybersecurity protections", controlled and overseen, naturally, by itself.

"BlackBerry has always been known for our strong strategy," chief exec John Chen told the BlackBerry Security Summit earlier this week - just as a well-read investment blog concluded that "Without a meaningful shift, this company will probably keep on struggling". This was followed by pulling the sheets off its Unified Endpoint Security Solution for AI-powered Cybersecurity, claiming it "Delivers security and Zero Trust with a zero touch end-user experience through a single console and offers the end-to-end solution with the broadest set of AI-based security capabilities and visibility across mobile, desktop, apps and people."