Security News

Nearly 72% of applications in the financial services sector contain security flaws, according to Veracode. Despite the alarming figure, this rate of software vulnerability was the lowest of all industries analyzed and has improved since last year.

Fortune 500 insurance biz Fidelity National Financial has confirmed that it has fallen victim to a "Cybersecurity incident." FNF recorded more than $11 billion in total revenue in 2022 and is one of the largest underwriters of title insurance and providers of transaction services to the real estate and mortgage industries in the US. Although investigations remain ongoing and the company has not yet disclosed the incident's material impact on trade, it did say an intruder "Accessed certain FNF systems and acquired certain credentials."

Phishing, infostealer malware, ransomware, supply chain attacks, data breaches and crypto-related attacks are among the top evolving threats in the financial sector, says Sekoia. A new report from French-based cybersecurity company Sekoia describes evolutions in the financial sector threat landscape.

The world's largest cryptocurrency exchange just got a little smaller, with the US Department of Justice announcing Binance and its CEO Changpeng Zhao have both pleaded guilty to a multitude of financial crimes. According to a criminal case [PDF] unsealed Tuesday, Binance failed to register as a money services business in the United States, broke the Bank Secrecy Act by failing to implement and maintain an anti-money laundering program, and violated the International Emergency Economic Powers Act by allowing US users to transact with individuals in sanctioned countries.

Boards of directors, or other senior committees, are charged with overseeing cybersecurity risk management, and must retain an appropriate level of expertise to understand cyber issues, the rules say. Directors must sign off on cybersecurity programs, and ensure that any security program has "Sufficient resources" to function.

The security performance of financial applications generally outperforms other industries, with automation, targeted security training, and scanning via Application Programming Interface contributing to a year-over-year reduction in the percentage of applications containing flaws, according to Veracode. While nearly 72% of applications in the financial services sector contain security flaws, this is the lowest of all industries analyzed and an improvement since last year.

A threat actor affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been observed waging a sophisticated cyber espionage campaign targeting financial, government, military, and...

The U.S. Federal Trade Commission has amended the Safeguards Rules, mandating that all non-banking financial institutions report data breach incidents within 30 days. "The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers' data."

Microsoft exposes Octo Tempest, an English-speaking threat actor that runs extortion, encryption and destruction campaigns at a wide variety of industries. A new report from Microsoft Incident Response and Microsoft Threat Intelligence teams exposed the activities and constant evolution of a financially oriented threat actor named Octo Tempest, who deploys advanced social engineering techniques to target companies, steal data and run ransomware campaigns.

Microsoft has published a detailed profile of a native English-speaking threat actor with advanced social engineering capabilities it tracks as Octo Tempest, that targets companies in data extortion and ransomware attacks. Microsoft says that Octo Tempest also used direct physical threats in some cases to obtain logins that would advance their attack.