Financial – Page 9 – WindowsTechs.com

SEC’s breach notification proposal one step closer to a final vote

Posted on February 9, 2022 by Tonya Riley

The Securities and Exchange Commission voted Wednesday 3-1 to approve a recommendation for tighter mandatory cybersecurity requirements for financial institutions. The proposed rule will now open to public comment before a final vote. “The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers and funds against cybersecurity threats and attacks,” SEC Chairman Gary Gensler said at the agency’s open meeting. Most critically, the new rule would require confidential reports of any “significant” cybersecurity incidents to the SEC within 48 hours. The proposal also would require advisers and funds to adopt, at a minimum, cybersecurity protections including a risk assessment; user security and access controls; information protection and monitoring to protect systems from unauthorized use; and an annual written review of cybersecurity risks and policies. The report would require review by a board of directors. Commissioners said they want more […]

The post SEC’s breach notification proposal one step closer to a final vote appeared first on CyberScoop.

Continue reading SEC’s breach notification proposal one step closer to a final vote→

Inside the numbers of another big year for cyber mergers, acquisitions and investments

Posted on February 9, 2022 by Joe Warminsky

Sustained demand for cybersecurity services and continued innovation across the industry helped 2021 become a record-setting year for deals involving cyber companies, analysts say. The funding that flowed into cyber companies increased 136% over 2020 levels, to $29.3 billion, up from $12.4 billion the previous year, according to the executive summary of a report from Momentum Cyber, which advises cyber companies on mergers and acquisitions. Likewise, the total volume of mergers and acquisitions activity reached $77.5 billion, up 294% from calendar year 2020, according to the report. Several trends are driving those numbers, analysts and executives say: Companies across the economy have expanded their budgets for reliable cybersecurity services, boosting revenues for the industry. In turn, big investors — including private equity groups and venture capitalists — are following that money. And as cyberthreats increase in severity and complexity, smaller firms continue to develop valuable expertise in niche areas of […]

The post Inside the numbers of another big year for cyber mergers, acquisitions and investments appeared first on CyberScoop.

Continue reading Inside the numbers of another big year for cyber mergers, acquisitions and investments→

New York couple accused of laundering cryptocurrency from $4.5 billion Bitfinex hack

Posted on February 8, 2022 by Tonya Riley

Federal law enforcement arrested a Manhattan couple Tuesday for allegedly conspiring to launder $4.5 billion worth of cryptocurrency stolen in a 2016 hack of virtual cryptocurrency exchange Bitfinex. The Department of Justice said it so far has seized more than $3.6 billion in cryptocurrency tied to the hack, its largest recovery to date. The complaint accuses Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31 of laundering the money over a course of five years, sometimes into their own financial accounts. The DOJ’s announcement does not specify if they were allegedly involved in the initial hack itself. Justice Department officials described the arrest as a warning to criminals trying to use virtual currencies to hide their tracks. “Today’s arrests, and the department’s largest financial seizure ever, show that cryptocurrency is not a safe haven for criminals,” Deputy Attorney General Lisa O. Monaco said in a statement. “Thanks to the meticulous […]

The post New York couple accused of laundering cryptocurrency from $4.5 billion Bitfinex hack appeared first on CyberScoop.

Continue reading New York couple accused of laundering cryptocurrency from $4.5 billion Bitfinex hack→

Russian government continues crackdown on cybercriminals

Posted on February 8, 2022 by AJ Vicens

Russian authorities seized the websites of several Russian cybercrime forums Monday, the latest in a string of high-profile actions the government there has taken against cybercriminals. Visitors to the websites for Sky Fraud, a forum for stolen credit card data, were greeted with a message posted by the Russian Ministry of Internal Affairs announcing that the page was blocked. Other “carding” and cybercrime forums were also seized, including Ferum and Trump’s Dumps, as well as U-A-S Shop, which offered illicit remote access to various organizations through the remote desktop protocol (RDP) tool. “The SKYFRAUD resource was closed forever during a special law enforcement operation,” the message reads in Russian translated to English. “Management ‘K’ of the BSTM of the Ministry of Internal Affairs of Russia warns: theft of funds from bank cards is illegal!” Within the source code of the seized website, the Russian government left a message: “Which of […]

The post Russian government continues crackdown on cybercriminals appeared first on CyberScoop.

Continue reading Russian government continues crackdown on cybercriminals→

Hackers stole more than $320 million in cryptocurrency from DeFi platform Wormhole

Posted on February 3, 2022 by Tonya Riley

A hacker stole $320 million worth of Ethereum cryptocurrency from a decentralized finance platform Wormhole on Wednesday. The attack is the largest against the cryptocurrency industry so far in 2022 and one of the top hacks of the industry to date. As of Thursday morning, all of the stolen funds were “restored,” the trading platform was back up, and an incident report was coming soon, according to tweets by the company. The vulnerability used by the attacker had been fixed, Wormhole said late Wednesday. The platform allows users to send Ethereum and Solana cryptocurrencies across two different blockchains. A preliminary analysis of the attack by blockchain security firm CertiK shared with CyberScoop found that the hacker was able to exploit a vulnerability that allowed it to create a fake Solana transfer that it used to claim real Ethereum. “We seem to be at an awkward point where the demand for […]

The post Hackers stole more than $320 million in cryptocurrency from DeFi platform Wormhole appeared first on CyberScoop.

Continue reading Hackers stole more than $320 million in cryptocurrency from DeFi platform Wormhole→

Forescout acquires medical IoT security company CyberMDX

Posted on February 1, 2022 by Joe Warminsky

Silicon Valley cybersecurity company Forescout Technologies said Tuesday that it is acquiring CyberMDX, a medical-device security company known for its research into potential cyberthreats against health care technology. CyberMDX is a natural fit for Forescout, which focuses on securing connected devices and operational technology (OT) for large organizations — including what the industry calls the Internet of Medical Things (IoMT). Terms of the deal were not disclosed. “Cybersecurity for IoMT, much like cybersecurity for OT devices, requires specific expertise and technologies,” Forescout CEO Wael Mohamed said. “We are pleased to have the CyberMDX team join Forescout as we continue delivering new capabilities on our market-leading platform and grow our R&D center.” Research by CyberMDX has been responsible for shedding light on critical vulnerabilities in widely used medical imaging devices, patient monitors, anesthesia machines and infusion pumps. Forescout’s platform specializes in “device intelligence and network fabric technology,” or finding and classifying […]

The post Forescout acquires medical IoT security company CyberMDX appeared first on CyberScoop.

Continue reading Forescout acquires medical IoT security company CyberMDX→

Co-operator of DeepDotWeb sentenced to more than 8 years for money laundering

Posted on January 26, 2022 by Joe Warminsky

A money laundering scheme related to dark web markets has earned an Israeli citizen more than eight years in federal prison, the U.S. Department of Justice said Wednesday. Tal Prihar and co-defendant Michael Phan laundered millions of dollars in kickback payments they received as operators of DeepDotWeb, a website that connected internet users with dark web marketplaces. Prihar pleaded guilty to the money laundering charges in March. Phan is currently undergoing extradition proceedings in Israel, the DOJ said. Prosecutors said the DeepDotWeb (DDW) operators had received more than 8,000 bitcoins — about $8.4 million at the time of the transactions — since October 2013. DeepDotWeb was seized by the feds in April 2019. “To conceal the nature and source of these illegal kickback payments, Prihar transferred the payments from his DDW bitcoin wallet to other bitcoin accounts and to bank accounts he controlled in the names of shell companies,” the […]

The post Co-operator of DeepDotWeb sentenced to more than 8 years for money laundering appeared first on CyberScoop.

Continue reading Co-operator of DeepDotWeb sentenced to more than 8 years for money laundering→

Dark Overlord collaborator gets 3 years in prison for buying and selling stolen identities

Posted on January 26, 2022 by Joe Warminsky

An associate of the Dark Overlord hacking group has been sentenced to three years in prison for his role in possessing and selling more than 1,700 stolen identities on the dark web, federal prosecutors announced Wednesday. Slava Dmitriev, a 29-year-old Canadian citizen who was apprehended in Greece in September 2020, pleaded guilty in August 2021 to fraud charges. Prosecutors said he used the handle “GoldenAce” to buy and sell stolen identities on the dark web marketplace AlphaBay in 2016 and 2017. Those deals sometimes included contact with the Dark Overlord, a notorious cyber-extortion crew. “This defendant profited off buying and selling people’s stolen identities, including victims in this district,” said U.S. Attorney Kurt Erskine, referring to the Atlanta-based Northern District of Georgia, where Dmitriev was sentenced. The stolen data included names, dates of birth, Social Security numbers and other personally identifiable information, prosecutors said. Dmitriev was accused of providing the […]

The post Dark Overlord collaborator gets 3 years in prison for buying and selling stolen identities appeared first on CyberScoop.

Continue reading Dark Overlord collaborator gets 3 years in prison for buying and selling stolen identities→

APTs quiet ahead of Beijing games, but financially motivated hackers are still lurking, research says

Posted on January 26, 2022 by Tonya Riley

State-sponsored hacking groups have been uncharacteristically quiet leading up to the Olympic Games next month in Beijing. Researchers say there’s one big reason why: No one wants to get on the bad side of China. “Disruptive Russian, Iranian, and North Korean state-sponsored cyberattacks targeting the 2022 Winter Olympics are unlikely to manifest due to the close relationships those countries maintain with the host nation, China,” Recorded Future researchers write in a report on potential cybersecurity threats to the games released Wednesday. Although high-level attacks are unlikely, the Winter Games still present a target-rich environment for nation-state groups that focus on cyber-espionage, researchers say. And — as is typical for any large international event — cybercriminals also will be looking for opportunities to scam athletes, organizers, volunteers and fans during the Winter Games. Beware of SIM cards Advanced persistent threat (APT) groups from Iran and Russia, while unlikely to attack China […]

The post APTs quiet ahead of Beijing games, but financially motivated hackers are still lurking, research says appeared first on CyberScoop.

Continue reading APTs quiet ahead of Beijing games, but financially motivated hackers are still lurking, research says→

SEC’s Gensler signals enhancement of cybersecurity, breach disclosure rules for financial sector

Posted on January 25, 2022 by Tim Starks

U.S. Securities and Exchange Commission Chairman Gary Gensler is exploring an expansion of the SEC’s core cybersecurity rules to cover a broader swath of entities and require public companies to improve disclosure of breaches and risks. Gensler said in a speech on Monday that he instructed staff to look into an update of the commission’s “Regulation Systems Compliance and Integrity,” or Reg SCI, which the SEC adopted in 2014. Staff will examine whether the regulation — under which trading organizations and others must take security steps like backing up data — should extend to include the largest market-makers and broker-dealers. Gensler also said he asked staff to consider recommendations on bolstering the financial sector’s cybersecurity hygiene and incident reporting, how customers and clients receive notifications of financial sector breaches and how public companies disclose cybersecurity practices and risks. And he wants staff to examine how to better address cyber risk […]

The post SEC’s Gensler signals enhancement of cybersecurity, breach disclosure rules for financial sector appeared first on CyberScoop.

Continue reading SEC’s Gensler signals enhancement of cybersecurity, breach disclosure rules for financial sector→