www.fgks.org   »   [go: up one dir, main page]

 Finance

FDIC phishing emails use Patriot Act scare tactic

Angela Moscaritolo January 13, 2011

Fraudulent emails claiming to come from the Federal Deposit Insurance Corp. (FDIC) are attempting to trick users into handing over their sensitive personal information, the agency said in a warning issued Wednesday to clients and customers. The messages claim that the FDIC has withdrawn deposit insurance from the targeted user's account "due to account activity that violates the Patriot Act." Recipients are directed to follow a link included in the message that could lead to phishing sites or malware, the agency said. Financial institutions and consumers should not follow the link or provide any personal information. - AM
 

Views regarding PCI compliance are mostly positive

Angela Moscaritolo January 12, 2011

A new survey from Cisco reveals that organizations are getting better at handling their obligations to meet payment industry security guidelines.
 

Visa strengthens its network fraud detection

Dan Kaplan January 07, 2011

Visa has enhanced the security of its electronic credit card authorization system, known as VisaNet, to improve the speed and accuracy of fraud detection, the card brand announced Thursday. Earlier this year, Visa improved the processing platform of its Advanced Authorization technology so that it can analyze more information and perform more functions faster. "This provides Visa with a comprehensive view into the global payments system, leading to high levels of intelligence around spending patterns and improving the company's ability to detect and prevent fraud in near real-time," Visa said. The company believes the improvements could lead to a 29 percent gain in fraud detection over 2009. - DK
 

Zeus botnet targeting Macy's, Nordstrom account holders

Angela Moscaritolo December 09, 2010

A new Zeus botnet is targeting the credit card accounts of several major U.S. retailers, including Macy's and Nordstrom, according to researchers at online banking security firm, Trusteer.
 

Senate votes to exempt lawyers, doctors from Red Flags

Angela Moscaritolo December 02, 2010

Lawyers, doctors and accountants may avoid having to comply with the Federal Trade Commission's new identity theft rule.
 

FBI warns of SMS and phone-based phishing scams

Angela Moscaritolo November 24, 2010

The FBI issued a warning on Wednesday about so-called "smishing" and "vishing" scams, which are likely to be prevalent this holiday season.
 

SC Congress Canada: The risk of mobile applications

Dan Kaplan November 22, 2010

Joe Lobianco, senior director of information security and risk management at CIBC, a major bank in Canada, breaks down the mobile application threat. He discusses security from the perspective of CIBC, which recently rolled out its mobile banking application, and delves into whether the mobile computing space will prompt the same risks as the traditional desktop environment.
 

Malaysian man charged with hacking into bank systems

Dan Kaplan November 19, 2010

A Malaysian man was indicted Thursday on charges he hacked into the networks of a number of financial institutions to amass some 400,000 stolen credit and debit card numbers, according to federal prosecutors.
 

Web applications remain a pressing concern

Angela Moscaritolo November 17, 2010

Vulnerabilities in web applications remain the preferred entryway for crooks seeing valuable company information, Rob Lamb, vice president of IBM security products, said Wednesday at SC Congress Canada in Toronto.
 

Mobile application threat not here yet, but it's on the way

Dan Kaplan November 16, 2010

The mobile application threat space still is in its infancy, but organizations should be planning for the possibility of things heating up in the near future, said the security director of a major bank in Canada.
 

Popular data exchange app "Bump" suffers security lapse

Angela Moscaritolo November 08, 2010

Bump Technologies, maker of the popular data exchange application Bump, said it has corrected a problem that could have exposed users' information.
 

Two alleged Zeus mules arrested in Wisconsin

Angela Moscaritolo November 05, 2010

Two Moldovan men were charged this week for their involvement with the Zeus trojan, which has been used to steal millions of dollars from U.S. bank accounts. Dorin Codreanu and Lilian Adam, both 21, are believed to have been "money mules," responsible for transferring stolen funds to accomplices overseas. The pair was arrested in Wisconsin and is set to be transferred to New York to face charges of conspiracy to commit bank fraud, according to reports. The men are among the 37 individuals charged late last month in U.S. District Court in Manhattan for their role in the scheme. — AM
 

New phishing scam preys on military, families

Angela Moscaritolo November 02, 2010

A new phishing campaign attempts to steal money from members of USAA, a banking and insurance firm for U.S. military members and their families, researchers at email security firm AppRiver warned Tuesday. Researchers have noticed heavy traffic related to the spam run, whose messages include a link that directs users to a fake USAA login page, Troy Gill, security analyst at AppRiver, wrote in a blog post. The company has discovered more than 1,500 unique domains being used in the attack. — AM
 

Reducing compliance workloads

Jerry Archer, SVP & CSO, Sallie Mae November 01, 2010

Security is not compliance, and compliance is not security.
 

Law enforcement of cybercrime: Bringing justice

Dan Kaplan November 01, 2010

Gary Warner of the University of Alabama at Birmingham wants to pursue small-time cybercriminals through a new partnership teaming university researchers and local and state authorities.
 

Disgruntled Fannie Mae "logic bomber" found guilty

Dan Kaplan October 11, 2010

A federal jury in Baltimore has convicted a former Fannie Mae programmer of computer intrusion after he sought to destroy more than 4,000 company servers by planting a malicious script that was scheduled to activate roughly three months after he was fired. Rajendrasinh Makwana, 36, faces up to 10 years in prison for seeding a common application with "logic bomb" malware on Oct. 24, 2008, the day he was fired, the U.S. Department of Justice said last week in a news release. Five days later, a senior engineer discovered the disgruntled Makwana's actions, which were meant to destroy financial, securities and mortgage information. Makwana, who had pleaded innocent, is scheduled to be sentenced Dec. 8. — DK
 

Financial vertical: An economic dissection

Illena Armstrong October 01, 2010

As more regulators scrutinize the business practices of financial services companies, IT security pros must advance their data processes and safeguards, reports Illena Armstrong.
 

U.S. authorities charge 70 money mules in Zeus ring

Angela Moscaritolo September 30, 2010

State and federal prosecutors on Thursday announced a massive bust of money mules who were involved in a ring that bilked U.S. bank account holders out of millions through the spread of the Zeus trojan.
 

U.K. police arrest 19 in major Zeus bust

Angela Moscaritolo September 29, 2010

Police in the U.K. have arrested 19 individuals believed to be part of an organized cybercrime network that used the Zeus trojan to steal millions of dollars from U.K. bank accounts.
 

Is the United States the weakest link when it comes to credit card security?

Jose Diaz, director of technical and strategic business development at Thales e-Security September 29, 2010

Nations abroad may be forging ahead of the United States in terms of offering consumers enhanced cardholder protection, but the decision to move toward technology such as chip-and-PIN is not always cut and dry.
 

LinkedIn spam run aims to foist Zeus on victim PCs

Dan Kaplan September 28, 2010

Users of LinkedIn are being targeted in a massive spam campaign designed to install the bank credential-stealing Zeus trojan on their machines. The emails, accounting for nearly a quarter of all spam at one point Monday, mimic LinkedIn invitations, according to Cisco. But when users click on the link contained in the message, they are delivered to a website that reads "PLEASE WAITING...4 SECONDS" and then are directed to Google. During that time, however, Zeus is installed on their machines if they are unpatched for certain browser vulnerabilities. This particular spam campaign and ensuing drive-by download attempts are notable because of the size and the apparent targets: business professionals with access to corporate bank accounts, Henry Stern, a Cisco senior security researcher, said in a blog post. — DK
 

Websites suffer from 13 security flaws on average

Angela Moscaritolo September 24, 2010

The average website contains nearly 13 "serious" vulnerabilities, according to a report released this week by White Hat Security, a website risk management solutions provider. The report, which was compiled using data from more than 2,000 websites across 350 organizations, found that cross-site scripting and information leakage flaws were most prevalent, and websites belonging to large organizations - those with more than 2,500 employees - had the highest average number of serious flaws. In terms of industry, banking organizations had the least amount of vulnerabilities on average, followed by insurance and health care firms. — AM
 

Financial services: Legal matters

Greg Masters September 24, 2010

Brokerage services provider Aon Corp. found help in streamlining its network operations throughout its global reach into 120 countries, reports Greg Masters.
 

Up to code: Data protection laws

Greg Masters September 24, 2010

An insurance provider in Massachusetts had basic security measures in place, but these were not enough to be fully compliant with a strict, new state regulation, reports Greg Masters.
 

PCI Council: P2PE simplifies PCI DSS compliance

Angela Moscaritolo September 23, 2010

The group responsible for managing payment security rules plans to release two new guidance documents early next month assessing the impact of emerging data security technologies on payment card security.
 

Authorities charge 53 in N.J. identity theft/bank fraud ring

Angela Moscaritolo September 17, 2010

The U.S. Department of Justice on Thursday charged 53 individuals in New Jersey in connection with a widespread identity theft and fraud ring.
 

Prison sentence for RBS hacker suspended in Russia

Angela Moscaritolo September 09, 2010

One of the leaders of a cybercriminal gang that hacked into payment services provider RBS WorldPay and stole $9 million has received a six-year suspended sentence in Russia, according to reports.
 

Heartland settles with Discover over breach

Dan Kaplan September 01, 2010

Heartland Payment Systems, the New Jersey-based credit card processor that fell victim to the largest reported data breach of all time, announced on Wednesday that it will settle with Discover for $5 million. Heartland already has settled with Visa for $60 million and MasterCard for $41.4 million over the breach, which exposed an estimated 130 million credit and debit card numbers to organized criminals. The settlement money will be used by Discover to recoup costs related to reissuing cards and any incidents of fraud consumers may have experienced. — DK
 

Judge OKs Countrywide breach settlement

Dan Kaplan August 26, 2010

A U.S. District Court judge in Kentucky this week granted final approval to settle a class-action lawsuit relating to a data breach that pinned millions of Countrywide Financial customers against the mortgage company. The agreement provides free credit monitoring for up to 17 million people whose personal data was exposed, according to reports. To be eligible, victims must have used Countrywide, now owned by Bank of America, before July 1, 2008. In addition, participants are eligible to receive up to $50,000 per incident of identity theft, though Countrywide representatives have denied that anyone fell victim to fraud. — DK
 

Forum to address risks of mobile financial services

Angela Moscaritolo August 25, 2010

Nonprofit financial service industry consortium BITS and the Financial Services Technology Consortium have scheduled a forum to address business, security and fraud risks facing the mobile financial services market. The forum, to take Oct. 14 and 15 in Arlington, Va., will provide a look at the threats, risks and mitigations of the mobile financial services environment. Senior level financial institution executives, information security, privacy protection and fraud prevention specialists are encouraged to attend. — AM
 

Latest News

Popular Topics
Android Breaches & Exposures Cyber Attack Cyber War Cyberattack Cybercrime Cyberwarfare Data Breaches DDoS Education Email Security Finance Government Hackers Insider Threat Malware Mobile Devices Mobile Endpoint Security Patch Management Phishing Retail SCADA Social Media Spam Vulnerabilities & Flaws