Tim Starks – Page 45 – WindowsTechs.com

SEC fines brokerage firms over email hacks, customer data exposure

Posted on August 31, 2021 by Tim Starks

The Securities and Exchange Commission has fined several brokerages a total of $750,000 for exposing the sensitive personal information of thousands of customers and clients after hackers took over employee email accounts. All of the companies settled the SEC charges, in three separate actions: Cetera Advisor Networks, Cetera Investment Services, Cetera Financial Specialists, Cetera Advisors, and Cetera Investment Advisers; Cambridge Investment Research and Cambridge Investment Research Advisors; and KMS Financial Services. The firms ran afoul of the SEC’s “Safeguards Rule,” which requires companies to write and adopt procedures for protecting customer records and information. “Investment advisers and broker dealers must fulfill their obligations concerning the protection of customer information,” said Kristina Littman, chief of the SEC Enforcement Division’s Cyber Unit. “It is not enough to write a policy requiring enhanced security measures if those requirements are not implemented or are only partially implemented, especially in the face of known attacks.” […]

The post SEC fines brokerage firms over email hacks, customer data exposure appeared first on CyberScoop.

Continue reading SEC fines brokerage firms over email hacks, customer data exposure→

White House cyber summit with private sector nets impressive gains, but points to considerable work needed ahead

Posted on August 26, 2021 by Tim Starks

The White House summit Wednesday demonstrated positive momentum for both the Biden administration and private sector in terms of their approach to cybersecurity, but also laid bare what remains inadequate, cyber experts said. The high-profile meeting brought together CEOs from the education, energy, finance, insurance and tech sectors, featuring companies like Amazon, Bank of America and ConocoPhillips. Some pledged billions more in cyber investments, while others committed to providing training and smaller services in response to the administration’s “call to action.” While impressive, observers noted, those commitments will require considerable follow-up, from expansion to other sectors to policy changes that could emerge from closer-knit relationships between industry and government. Even as the nonprofit Global Cyber Alliance’s Megan Stifel commended the White House for holding the meeting and the broad commitments that the companies made, she said it illustrated the lengths to which the U.S. can improve national cybersecurity. “A couple […]

The post White House cyber summit with private sector nets impressive gains, but points to considerable work needed ahead appeared first on CyberScoop.

Continue reading White House cyber summit with private sector nets impressive gains, but points to considerable work needed ahead→

White House rolls out pipeline, supply chain security initiatives as companies pledge billions in cyber spending

Posted on August 25, 2021 by Tim Starks

The Biden administration on Wednesday announced initiatives to bolster supply chain and natural gas pipeline security, following a White House private sector cybersecurity summit where major companies pledged billions of dollars in cyber spending. The National Institute of Standards and Technology will collaborate with industry to develop guidelines for building secure technology, in the first of two administration initiatives. In the other, the administration formally expanded its industrial control systems cybersecurity initiative — under which 150 electric utilities agreed to deploy control system security tech — to natural gas pipelines. Tech giants, insurance companies and educational organizations exit the summit with cybersecurity commitments large and small. Among those vowing the biggest dedication of dollars: Microsoft announced $20 billion over five years to integrate “cybersecurity by design,” which means incorporating security into products as they’re being built, while Google announced $10 billion over the same period to expand “zero trust” programs, […]

The post White House rolls out pipeline, supply chain security initiatives as companies pledge billions in cyber spending appeared first on CyberScoop.

Continue reading White House rolls out pipeline, supply chain security initiatives as companies pledge billions in cyber spending→

Apple, JPMorgan Chase bosses among industry heads set to gather at White House for cyber ‘call to action’

Posted on August 25, 2021 by Tim Starks

President Joe Biden will huddle Wednesday with industry leaders to issue a “call to action” on cybersecurity and make “concrete announcements” to counter the fundamental causes of cyberattacks, according to a senior administration official. It’s a star-studded afternoon gathering scheduled to include the likes of Apple CEO Tim Cook and JPMorgan Chase CEO Jamie Dimon from the financial, technology, energy, insurance and education sectors, then feature discussions led by top administration officials. The White House has been working to secure commitments from industry in advance of the meeting, mostly in the areas of “technology and talent,” the official said in a background call with reporters on Tuesday. Two points of emphasis, the official said, are building technology that is secure from the outset, and better defending critical infrastructure after the ransomware attack on Colonial Pipeline led to a fuel scare. “We need to bake in security by design into tech,” […]

The post Apple, JPMorgan Chase bosses among industry heads set to gather at White House for cyber ‘call to action’ appeared first on CyberScoop.

Continue reading Apple, JPMorgan Chase bosses among industry heads set to gather at White House for cyber ‘call to action’→

Hackers exploit WhatsApp modification tool to snoop on texts, force paid subscriptions

Posted on August 24, 2021 by Tim Starks

A malicious version of a popular modification or “mod” of the encrypted messaging app WhatsApp is carrying a mobile trojan that can launch advertisements, issue paid subscriptions and intercept text messages, security researchers said Tuesday. According to Kaspersky, hackers inserted the Triada trojan into a modified version of FMWhatapp, a WhatsApp mod. Such mods have a following among users who want to customize WhatsApp, such as being able to send larger files or apply custom animated themes. FMWhatsapp isn’t available on the Google Play store and is only available via third party websites, which means users who desire the extra features the mod offers don’t get the security protections inherent in more officially-vetted apps. Kaspersky first spotted Triada in 2016, when the company deemed the hacking tool “one of the most advanced mobile Trojans our malware analysts have ever encountered.” Users grant FMWhatsapp permission to read SMS messages, Kaspersky said, […]

The post Hackers exploit WhatsApp modification tool to snoop on texts, force paid subscriptions appeared first on CyberScoop.

Continue reading Hackers exploit WhatsApp modification tool to snoop on texts, force paid subscriptions→

Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up

Posted on August 23, 2021 by Tim Starks

It’s a sure sign of trouble when leading insurance industry executives are worried about their own prices going up. Two separate CEOs of major insurance giants remarked in recent weeks about a considerable jump in cyber insurance premium prices: AIG’s chief executive said rates increased by 40% for its clients, while Chubb’s chief executive said that company was charging more, too. Rather than welcoming the trend, Chubb CEO Evan Greenberg offered a warning. Those price increases, he said, still don’t reflect the grave risk that a catastrophic cyber event poses. “That is not addressing by itself the fundamental issue,” he said. Those are just two data points about how, in the past year, the evolution of ransomware has radically altered the landscape of cyber insurance, according to analysts inside and outside the industry. Cyber insurance covers a range of ransomware-related costs, like extortion demands, remediation efforts and other losses. Ransomware […]

The post Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up appeared first on CyberScoop.

Continue reading Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up→

Researchers nab wannabe ransomware scammer trying to convince victims to help hack their employer

Posted on August 19, 2021 by Tim Starks

Ransomware operators have taken their profession’s profitability to new heights in the last couple years by outsourcing their work with the “ransomware-as-a-service” model, in which hackers lease out their malware in exchange for shares of the resulting extortion payments. Now, a cyber firm has found a ransomware operator going one step further: asking prospective victim companies’ personnel to deploy ransomware on their behalf, then take a cut of the proceeds. Abnormal Security on Thursday said it recently blocked a batch of emails to its customers that solicited recipients to infect their employers’ networks with ransomware. Researchers set up a fake identity to communicate with the would-be ransomware/insider scheme mastermind — who went by the screen name “Pablo” — under the ruse that the persona would do Pablo’s criminal bidding. The incident, which occurred in mid-August, marks another tactical swerve in the ever-shifting world of ransomware techniques, and if Pablo’s to […]

The post Researchers nab wannabe ransomware scammer trying to convince victims to help hack their employer appeared first on CyberScoop.

Continue reading Researchers nab wannabe ransomware scammer trying to convince victims to help hack their employer→

Japan’s Tokio Marine is the latest insurer to be victimized by ransomware

Posted on August 17, 2021 by Tim Starks

Ransomware struck Japan’s largest property and casualty insurer, Tokio Marine Holdings, at its Singapore branch, the company disclosed on Monday. Tokio Marine, which has a U.S. division and offers a cyber insurance product, said it did not have any immediate indication that any customer information was breached. Such data could be a smorgasbord for hackers who would use the data to extort victims based on their coverage amounts. It’s at least the third major insurer to disclose a ransomware attack in recent months, following CNA and AXA. And it’s the second insurer just this week, with Ryan Specialty Group — fresh off launching an initial public offering — to disclose a cyber incident. Cyber insurers have, of late, taken to asking more detailed questions about policyholders’ cybersecurity safeguards as a condition for providing coverage. But the spate of recent successful attacks suggests that insurers, too, might need to step up […]

The post Japan’s Tokio Marine is the latest insurer to be victimized by ransomware appeared first on CyberScoop.

Continue reading Japan’s Tokio Marine is the latest insurer to be victimized by ransomware→

SEC, education company Pearson settle charges over 2018 security incident for $1 million

Posted on August 16, 2021 by Tim Starks

British educational software company Pearson settled charges with the U.S. Securities and Exchange Commission for $1 million over it “misleading” handling of a 2018 data breach, the SEC announced Monday. The SEC based its charges on a July, 2019 disclosure to the agency that a hypothetical “data privacy incident” could “result in a major data privacy or confidentiality breach” when the company had in fact already been breached and known about it for months, among other statements. In its public response to the incident, which involved the theft of student information and administrator log-in accounts for 13,000 district, school and university customer accounts, Pearson also left out details about the extent of the stolen information, the SEC said. Pearson claimed to have “strict protections” in place even though it had left a critical vulnerability unpatched for six months that the hackers exploited, along with other poor security practices cited by […]

The post SEC, education company Pearson settle charges over 2018 security incident for $1 million appeared first on CyberScoop.

Continue reading SEC, education company Pearson settle charges over 2018 security incident for $1 million→

Hackers stole client info, work materials in Accenture ransomware attack

Posted on August 12, 2021 by Tim Starks

Ransomware hackers began leaking Accenture data after the consulting giant suffered a security incident where the perpetrators made off with client-related documents and work materials. The gang, known as LockBit 2.0, has threatened to leak further after providing purported proof of the breach. Accenture acknowledged the attack on Wednesday, but has downplayed its severity. “Through our security controls and protocols, we identified irregular activity in one of our environments,” an Accenture spokesperson said. “We immediately contained the matter and isolated the affected servers. We fully restored our affected servers from back up. There was no impact on Accenture’s operations, or on our clients’ systems.” In an internal memo, Accenture said it noticed the “security incident” on July 30. “While the perpetrators were able to acquire certain documents that reference a small number of clients and certain work materials we had prepared for clients, none of the information is of a […]

The post Hackers stole client info, work materials in Accenture ransomware attack appeared first on CyberScoop.

Continue reading Hackers stole client info, work materials in Accenture ransomware attack→