Finance

Finance

Leaked FinCEN files expose poor data security

Leaked documents, dubbed the “FinCEN Files,” describe global money laundering of $2 trillion processed by many of the world’s biggest banks between 2000 and 2017. The reveal  illuminates the struggle for the financial industry and government to provide ironclad data protection. “This sensational and unprecedented leak clearly demonstrates a wide spectrum of data protection weaknesses…

Phishing attack targeted top financial pro at large company

Attackers using a novel credential phishing attack that leverages Active Directory to verify a victim’s password and gain access to an Office 365 account targeted a top financial person in a division of a large American corporation. Once inside a victim’s account, bad actors could access sensitive financial documents, emails, calendar items and contact lists,…

Regulators levy $80 million fine, hammer Capital One for massive breach

Bank regulators dropped the hammer on Capital One, with the Office of the Comptroller of the Currency (OCC) levying an $80 million fine and the Federal Reserve filing a cease and desist order that specified what the steps the bank needed to take to redeem itself after a massive data breach in 2019 that compromised…

Financial institutions likely to doubledown on security spending

Prior to the pandemic, financial institutions spent an average $2,700 on cybersecurity per full-time employee, up from $2,300 the previous year. COVID-19 now drives the need for companies to doubledown on cybersecurity going forward, according to a study from Deloitte’s cyber risk and strategic risk services group in conjunction with the Financial Services Information Sharing…

Dave ShinyHunters hack exposes 7.5 million user records

Overdraft protection and cash advance service Dave suffered a data breach that appeared to involve the practices of a former third-party vendor, resulting in its database containing 7.5 million user records being sold at auction and then released later for free on hacker forums. The stolen information, which appeared to be taken by hacking group…

SEI Investments customer data exposed in ransomware attack on vendor

A May ransomware attack on M.J. Brunner Inc. exposed data pertaining to clients of SEI Investments Co., among them money managers like Pacific Investment Management Co. (Pimco), Fortress Investment Group LLC and Centerbridge Partners. SEI Investments said in a statement that the attack was not the result of any flaw in its network. Instead, the…

More Chinese tax software found to dish out backdoor malware

A second tax software program associated with the Chinese banking industry has now been found to contain an embedded backdoor that secretly grants attackers SYSTEM-level privileges. In late June, researchers from Trustwave SpiderLabs reported that accounting software called Intelligence Tax, developed by Chinese information security company Aisino Corporation and distributed to global clients of an…

‘GoldenSpy’ tax software campaign tries to erase evidence of malware

The actors behind a campaign to spread GoldenSpy malware via tax accounting software used by customers of a Chinese bank have recently attempted to distribute an uninstaller that deletes the backdoor in an apparent attempt to cover up their illicit activities. In a previous company blog post and threat report, Trustwave and its SpiderLabs team identified the accounting software…

Next post in Cybercrime