Just days after the FBI issued a private warning to the banking industry (read more here), the botnet network known as Necurs began a spamming campaign that targeted the banking industry. The activity was discovered by the security research firm Cofense. According to Cofense, the Necurs network started a concentrated spear phishing campaign

On August 10, 2018, the Federal Bureau of Investigation (FBI) issued a private warning to banks that cybercriminals are planning to “conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation.’”

A typical unlimited operation uses

President Trump recently signed into law the Economic Growth, Regulatory Relief and Consumer Protection Act, which is already making waves in the financial sector for its repeal of certain Dodd-Frank provisions that were passed in the wake of the 2008 financial crisis. Banks and other financial institutions should take note, however, that the Act also

On March 1, 2018, the New York Department of Financial Services (NYDFS) “cybersecurity regulations” (23 NYCRR Part 500) took effect, placing a number of cybersecurity requirements on banks, insurance companies, and other financial services institutions and licensees regulated by the NYDFS (“Covered Entities”).

To aid in compliance with the regulation, the NYDFS recently added new

On March 1, 2018, the one year transition period within which banks, insurance companies, and other financial services institutions and licensees regulated by the New York Department of Financial Services (“Covered Entities”)  must have implemented a cybersecurity program ends. By March 1, the Covered Entities must be in compliance with the following requirements:

23 NYCRR

Lazarus, the well-known hacking group responsible for the WannaCry ransomware attack from last year, as well as the attack on the Bangladesh Central Bank and Sony, is now targeting global financial firms and Bitcoin adopters with a phishing campaign dubbed “HaoBao.”

The phishing campaign was discovered by McAfee Labs in mid-January. The way it works

On February 15, 2018—that is, today—banks, insurance companies and other financial services institutions and licensees regulated by the New York Department of Financial Services (DFS) are required to file their first certification of compliance with DFS’s far reaching cybersecurity regulation (23 NYCRR Part 500) (the “Regulation”).

The Regulation, which became effective on March 1, 2017,

The New York Department of Financial Services announced last week that it will revise and delay the effective date of its proposed cybersecurity regulation. The announcement came two days after New York bankers brought up a number of criticisms of the proposed rules at a hearing before the state’s Standing Committee on Banks.

At the hearing, bankers lamented that the proposed regulation will prove too burdensome to implement, particularly for small community banks.
Continue Reading Bank Objections Play Key Role in Delay of New York Cybersecurity Regulation