Security News

The financial services industry has the best flaw fix rate across six industries and leads a majority of industries in uncovering flaws within open source components, Veracode reveals. Fixing open source flaws is critical because the attack surface of applications is much larger than developers expect when open source libraries are included indirectly.

A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies. Dubbed "CostaRicto" by Blackberry researchers, the campaign appears to be the handiwork of APT mercenaries who possess bespoke malware tooling and complex VPN proxy and SSH tunneling capabilities.

Four months after security researchers uncovered a "Tetrade" of four Brazilian banking Trojans targeting financial institutions in Brazil, Latin America, and Europe, new findings show that the criminals behind the operation have expanded their tactics to infect mobile devices with spyware. According to Kaspersky's Global Research and Analysis Team, the Brazil-based threat group Guildma has deployed "Ghimob," an Android banking Trojan targeting financial apps from banks, fintech companies, exchanges, and cryptocurrencies in Brazil, Paraguay, Peru, Portugal, Germany, Angola, and Mozambique.

Orca Security announced the second generation of its cloud security platform, featuring unique capabilities built specifically to respond to the public cloud security and compliance needs of global financial services customers. "The rapid digitization of services coupled with increased cloud adoption opens financial organizations to incredible risk. With Orca Security, they gain the full cloud coverage and insights they need without agents to maximize compliance and security confidence to meet the tsunami of regulations on the horizon."

Absolute announced the appointment of Steven Gatoff as Chief Financial Officer, effective November 10, 2020. Steven brings to Absolute over 25 years of financial expertise and leadership, and a distinctive track record of driving value creation for software companies, in both large public companies and earlier-stage, hyper-growth environments.

The world's biggest social media companies may have to put more of a priority on security now that a New York state financial watchdog is calling for the creation of a designated regulator tasked with monitoring their cyber defense. The New York State Department of Financial Services made the determination in a lengthy report on the Twitter hack in July after the Justice Department said two teenagers and a 22-year-old took over more than 100 prominent Twitter accounts, including the accounts of former President Barack Obama and former Vice President Joe Biden.

American financial regulators in New York have demanded Twitter be subject to harsher rules following the July hacks of prominent users' accounts - as CEO Jack Dorsey furiously backpedals after his website censored a news article from a US newspaper. The New York State Department of Financial Services demanded that Twitter be subject to more "Cybersecurity protections", controlled and overseen, naturally, by itself.

"BlackBerry has always been known for our strong strategy," chief exec John Chen told the BlackBerry Security Summit earlier this week - just as a well-read investment blog concluded that "Without a meaningful shift, this company will probably keep on struggling". This was followed by pulling the sheets off its Unified Endpoint Security Solution for AI-powered Cybersecurity, claiming it "Delivers security and Zero Trust with a zero touch end-user experience through a single console and offers the end-to-end solution with the broadest set of AI-based security capabilities and visibility across mobile, desktop, apps and people."

Jumio announced that the company acquired the AML platform from Beam Solutions, a San Francisco-based startup focused on transaction monitoring and KYC. Jumio will integrate Beam's suite of AML solutions into its current KYX Platform to further strengthen the company's position in the anti-financial crime marketplace. Beam's mission is to make the financial system safer by applying creative technological innovation to the detection and reporting of suspicious financial activity that facilitates money laundering, terrorism and human trafficking.

After several months of working from home, with no clear end in sight, financial risk and regulatory compliance professionals are struggling when it comes to collaborating with their teams - particularly as they manage increasingly complex global risk and regulatory reporting requirements. "During the pandemic, financial firms quickly adapted to major changes, although not without some operational and technology weaknesses emerging," said Alex Tsigutkin, CEO AxiomSL. "Indeed, businesses might never return to the 'old normal', and that has made building data- and technology-driven resilience much more pressing than before the crisis. Our clients have been experiencing heightened regulatory pressures," he continued.