Financial Services Cybersecurity Weekly Briefing 01-26-2018

Weekly FS Cybersecurity Blast

Weekly FS Cybersecurity Blast

Penetration Testing is a Reference Point, not a Strategy
If penetration and other testing of your defenses is something you’re prioritizing this year, be aware: the information you will obtain is not revelatory, and simply addressing the specifics of whatever vulnerability was exploited will not appreciably change the outcome for the next penetration test (which may not be a test).


The Graham Leach Bliley Act (GLBA) is One of the Central Regulations for Financial Service Companies
While the Financial Privacy Rule governs how institutions collect and disclose customers’ personal financial information, the Safeguards Rule requires financial institutions to have controls in place to secure customer information. Additionally, institutions covered by the Rule must take steps to ensure that their service providers and affiliates protect customer data as well. The infographic below describes the 5 key elements required to comply with the GLBA Safeguards Rule. You can also download the PDF for reference here.


New Evidence Reportedly Puts North Korean Hackers Behind a List of High-stakes Bitcoin Heists

  • North Korean hackers have been linked to recent attacks on a South Korean cryptocurrency exchange.
  • US cyber-security firm Recorded Future analyzed methods used in recent cryptocurrency attacks and noticed a trend.
  • The malware is linked to a North Korea-tied hacking unit called Lazarus.
  • The report comes amid recent allegations that North Korea is mining and hacking cryptocurrencies as a way to deal with crippling economic sanctions.


OnePlus Confirms Credit Card Breach Impacted Up to 40,000 Customers

“One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered,” the company said. “The malicious script operated intermittently, capturing and sending data directly from the user’s browser. It has since been eliminated. We have quarantined the infected server and reinforced all relevant system structures.”


Cyber-attacks Push Corporate Fraud to All-time High
This year was the first where information theft overtook the stealing of physical assets and stock in the decade that Kroll has undertaken its survey. Just under 30 per cent of companies reported they had suffered information theft, loss or attack in 2017, making it the most common type of organizational loss.


Expect More Cybersecurity ‘Meltdowns’
First, these flaws often affect consumers devices, many of which are not designed to receive patches. Second, firmware flaws are tricky for consumers to install, and sometimes OEMs never even build and distribute patches. Finally, for 20 years, microprocessors have been built to prioritize speed over security. “Security researchers are starting to look more closely at these systems, so expect to hear about more vulnerabilities along these lines,” he says.


Stay up to date on the Financial Services Information Security news that you need to know by signing up for our Financial Cybersecurity Briefing Here.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.