Category Archives: Financial

$2 million in rewards posted for accused SEC hackers

Posted on by

It’s just like the old saying goes: If you can’t beat ’em, tweet about it. The U.S. government embarked on a public awareness campaign Wednesday seeking help in the apprehension of two Ukrainian men accused of hacking the U.S. Securities and Exchange Commission. The State Department offered rewards of up to $1 million apiece for information leading to the arrest or conviction of Artem Radchenko and Oleksandr Ieremenko. The bounty that comes more than a year after the pair were indicted in a scheme to breach an SEC database, steal nonpublic information and then sell it for a profit. The Secret Service, meanwhile, sent a series of tweets highlighting existing charges against the pair, and asked other Twitter users to provide more information. The effort to breach an SEC database resulted in more than $4.5 million in profit, the Secret Service tweeted. “As their criminal reach is worldwide, we welcome the cooperation and […]

The post $2 million in rewards posted for accused SEC hackers appeared first on CyberScoop.

Continue reading $2 million in rewards posted for accused SEC hackers

Decline in early cyber investments continues alongside coronavirus concerns

Posted on by

Fewer face-to-face meetings between security startups and potential investors contributed to a steep decline in the number of venture capital deals since COVID-19 spread throughout the world. Investments in early stage cybersecurity companies fell by 37.7% during the second fiscal quarter of 2020, compared to the same time period in 2019, according to a financially-focused paper published Tuesday by venture firm DataTribe. It’s a downward trend that began at the end of last year and continued into the first months of 2020 as global economies reacted to the coronavirus pandemic. Early stage investments in the overall technology sector are down by roughly 45% over the first two quarters of this year, according to DataTribe co-founder Mike Janke. Other external factors — such as uncertainty about U.S. politics, shifting monetary policy and increasingly high investment levels — also are fueling the decline in investing. Venture deals typically close 90 days after […]

The post Decline in early cyber investments continues alongside coronavirus concerns appeared first on CyberScoop.

Continue reading Decline in early cyber investments continues alongside coronavirus concerns

Fixing supply chain vulnerabilities should be a team effort

Posted on by

In the last few weeks, the Ripple20 vulnerabilities have once again brought the challenge of securing IoT and OT devices to the forefront, underscoring the risky supply chain of software and hardware components that serves as the foundation for many of these devices. While these vulnerabilities are significant on their own, what they show on a more fundamental level is the dire need to rethink how we are all approaching IoT security as an industry, all the way from manufacturing to the mitigation of vulnerabilities. What makes the Ripple20 vulnerabilities so widespread is that the security flaws lie in the TCP/IP stack that underlies many embedded systems, including industrial control systems, medical devices, and printers. It’s not just one type of device or manufacturer that is impacted by this, but potentially hundreds of millions that this software crept into their supply chain. This is an opaque process, with little or […]

The post Fixing supply chain vulnerabilities should be a team effort appeared first on CyberScoop.

Continue reading Fixing supply chain vulnerabilities should be a team effort

Accused Cypriot scammer threatened to publish stolen data if victims didn’t pay huge extortion fees

Posted on by

The government of Cyprus has extradited a 21-year-old accused cybercriminal to the United States after he was accused of breaching a number of U.S. companies as part of a years-long extortion effort. Joshua Epifaniou, a Cypriot national, arrived in New York City on Friday, more than two years after he was initially arrested in connection with a corporate hacking spree. Epifaniou is charged with stealing personal information from at least four sites, then demanding a payment in exchange for not publishing that data, according to the U.S. Department of Justice. Epifaniou also hacked Ripoff Report, a business accountability site, and charged his clients between $3,000 and $5,000 to delete relevant complaints, prosecutors contend. Epifaniou also allegedly worked with a search engine optimization firm to research companies disparaged on Ripoff Report that would be most likely to pay for his services. The Justice Department announced Saturday that Epifaniou was the first […]

The post Accused Cypriot scammer threatened to publish stolen data if victims didn’t pay huge extortion fees appeared first on CyberScoop.

Continue reading Accused Cypriot scammer threatened to publish stolen data if victims didn’t pay huge extortion fees

Private equity firm to acquire Forescout for $1.4 billion after awkward start

Posted on by

A scheduled private equity acquisition of a major cybersecurity vendor is back on after a lawsuit and questions about the strength of its business during the coronavirus pandemic. San Jose, California-based Forescout announced Wednesday it would drop litigation against Advent International, a private equity firm, as part of a revised acquisition agreement. Advent will purchase outstanding Forescout shares for $29 per share, down from the $33 per share it initially said it would pay when the two companies announced a proposed agreement in February. The final deal values Forescout at $1.43 billion, down from the initial price of $1.9 billion. Forescout said its board of directors unanimously approved the deal, which is expected to close in the third fiscal quarter. The resolution comes after Boston-based Advent said in May it would hold up the acquisition over a “material adverse effect” that it had not anticipated when the two sides first […]

The post Private equity firm to acquire Forescout for $1.4 billion after awkward start appeared first on CyberScoop.

Continue reading Private equity firm to acquire Forescout for $1.4 billion after awkward start

Credit union’s lawsuit against Fiserv is a test for cybersecurity liability

Posted on by

After more than a year of legal wrangling and bureaucratic delays, a major lawsuit is moving forward against a fintech giant for its allegedly lax cybersecurity practices. A Pennsylvania credit union is taking on Fiserv, a Fortune 500 company that claims clients in over 100 countries, in a case that is a test of the legal obligations big financial firms have to protect client data. Bessemer System Federal Credit Union’s (FCU) originally sued Fiserv in April 2019. After moving to federal court, the case took on new life Tuesday when a judge in the Western District of Pennsylvania ruled that the court would hear some of the credit union’s claims against Fiserv. The credit union accuses Fiserv, one of three companies that provide the majority of digital infrastructure used by small banks, of taking cybersecurity for granted. “Rather than addressing the problems by updating its security, Fiserv continued to use […]

The post Credit union’s lawsuit against Fiserv is a test for cybersecurity liability appeared first on CyberScoop.

Continue reading Credit union’s lawsuit against Fiserv is a test for cybersecurity liability

US cyber officials urge patching of bug affecting up to 40K SAP customers

Posted on by

A critical vulnerability in applications made by software giant SAP could affect up to 40,000 SAP customers, offering a pathway for hackers to remotely steal or alter data, researchers warned Tuesday. At least 2,500 SAP systems with the vulnerability are exposed to the internet, making life easier for anyone who would want to exploit the bug, said researchers from Boston-based security company Onapsis. Exploiting the vulnerability could give a hacker administrative access to SAP software housing business and financial data, they said. The scope of the affected organizations and the importance of the SAP software to businesses prompted the Department of Homeland Security’s cybersecurity arm to issue an alert late Monday urging organizations to address the issue. “Due to the criticality of this vulnerability, the attack surface this vulnerability represents, and the importance of SAP’s business applications, the Cybersecurity and Infrastructure Security Agency strongly recommends organizations immediately apply patches,” CISA told affected […]

The post US cyber officials urge patching of bug affecting up to 40K SAP customers appeared first on CyberScoop.

Continue reading US cyber officials urge patching of bug affecting up to 40K SAP customers

Chinese banks require clients to use tax programs laced with backdoors, report says

Posted on by

When a Chinese bank asked a new client to use a specific kind of tax software as a condition of doing business, the company didn’t know that the tax technology came with a backdoor that would give hackers a new way in, according to research from Trustwave. The Chinese bank had told the U.K.-based defense contractor that the Chinese government required firms to use that specific software tool to pay local taxes. However, findings published Tuesday by the security vendor Trustwave spotlight how the tax software’s developer has relied on a number of subcontractors to build software flaws into other software tools for years. The programs are required to be used through the Chinese government’s Chinese Golden Tax Project, a tax system launched in the 1990s meant to streamline tax administration, according to Trustwave. The security company did not identify the Chinese bank nor the U.K.-based defense contractor. The revelation that Beijing mandates […]

The post Chinese banks require clients to use tax programs laced with backdoors, report says appeared first on CyberScoop.

Continue reading Chinese banks require clients to use tax programs laced with backdoors, report says

What security concerns are there regarding website users inputting personal financial data without putting in personally identifying data?

Posted on by

I am a web developer, but I have only a rudimentary grasp of security, e.g., be careful to sanitize inputs, store as little user data as possible, encrypt passwords, keep up with security issues of libraries and packages, etc.
Today, I was… Continue reading What security concerns are there regarding website users inputting personal financial data without putting in personally identifying data?

Secret Service merging electronic and financial crime task forces to combat cybercrime

Posted on by

The Secret Service is combining its Electronic Crimes Task Forces (ECTFs) and Financial Crimes Task Forces (FCTFs) into one unified network, the agency announced Thursday. The new merged network of task forces, to be known as Cyber Fraud Task Forces (CFTFs), will detect, prevent and root out cyber-enabled financial crimes, such as business email compromise and ransomware scams, “with the ultimate goal of arresting and convicting the most harmful perpetrators,” the Secret Service said in a press release. The agency hopes the reorganization integrates the resources and know-how in the previous task forces. “Through the creation of the CFTFs, the Secret Service aims to improve the coordination, sharing of expertise and resources, and dissemination of best practices for all its core investigations of financially-motivated cybercrime,” the Secret Service said. The decision to merge task forces comes months after the Secret Service launched an effort to modernize its investigations into financially-motivated […]

The post Secret Service merging electronic and financial crime task forces to combat cybercrime appeared first on CyberScoop.

Continue reading Secret Service merging electronic and financial crime task forces to combat cybercrime