Tech Talk: A cyber enforcement action, fintech partnerships, an ATM attack alert, and more!
- NYDFS takes cyber enforcement action
- Regulator's push for fintech partnerships
- Banks cleared to service crypto businesses
- ATM maker's software used in attacks
- Bank trojan distributed by botnet
- Data aggregator sued for data privacy violations
- Fintech launches SMB services
- Easy access savings accounts
- Tech to meet today's digital demand
- Spam, Scams & Breaches
- Updates, Patches & Alerts
- and on the lighter side...
NYDFS takes cyber enforcement action
The New York Department of Financial Services (DFS) has taken its first cybersecurity enforcement action against one of the largest providers of title insurance in the U.S. DFS alleges that First American Title Insurance Company violated six provisions of DFS' Cybersecurity Regulation, which went into effect in March 2017, when an ongoing data leak at the company allegedly exposed the transaction records of nearly 900 million customers. A vulnerability in the title firm's IT systems exposed millions of documents containing consumers’ sensitive personal information, including bank account numbers, mortgage and tax records, Social Security Numbers, wire transaction receipts, and drivers’ license images. Krebs on Security has the details.
Regulator's push for fintech partnerships
In an effort to address regulatory and operational hurdles that many banks face when developing or deploying innovative new products, the FDIC wants to establish a standards-setting organization that would foster partnerships between fintechs and banks. The federal regulator is seeking input on a voluntary certification program that could assess the tech partners' compliance with standards, help standardize due diligence practices, and reduce associated costs. Banking Dive has the details.
Banks cleared to service crypto businesses
The banking industry has had a precarious relationship with cryptocurrency businesses due to fraud and money laundering concerns associated with the technology that offers users – and criminals – of anonymity. In an interpretive letter issued this week by the Office of the Comptroller of the Currency (OCC), national banks have been given the green light to provide cryptocurrency custody services, as well as hold unique cryptographic "keys" associated with cryptocurrency on behalf of customers. In the letter, the OCC also reaffirmed its position that banks may service any lawful business, including cryptocurrency businesses, so long as they maintain compliance and manage the risks, reports Forbes.
ATM maker's software used in attacks
Using a stolen copy of the ATM manufacturer's software, cybercriminals launched a series of jackpotting attacks against ATMs across Europe that forced the machines to dispense cash to crooks. Self-service solutions provider Diebold Nixdorf has issued a global alert to customers warning all banks of a new variation of these black box attacks, aka jackpotting attacks, that leverage the ATM's black box software to interact with and control the ATM's cash dispenser. Threatpost has the details.
Bank trojan distributed via botnet
It's not uncommon for malicious malware to fall off the grid and then later resurface, with some new tricks up their nefarious sleeves. Case in point is the infamous botnet Emotet, which is back after a five-month break with a new Microsoft Office phishing campaign that distributes a sophisticated credential-stealing banking trojan. When the malspam operation was first spotted by Malwarebytes Labs, it was installing TrickBot on compromised Windows systems. But within a matter of days, researchers at the security firm discovered that the botnet switched to pushing the QakBot banking trojan at an unusually high rate, reports Bleeping Computer.
Data aggregator sued for data privacy violations
For the second time in a month, data aggregator Plaid is under fire for data privacy violations. A class-action lawsuit has been filed against the fintech firm for allegedly collecting information on more than 200 million users' financial accounts and misusing the data without the customers' knowledge. According to the lawsuit, login screens that appeared identical to the customers' banks but were wholly controlled by Plaid were presented to users under the guise of helping them easily access online banking. Banking Dive has the details.
Fintech launches SMB services
In recent months – and amid the global pandemic – fintechs have set their sights on the small business market, and small businesses have been turning to nonbank digital platforms to get quick access to the help they need during these unprecedented times. Adding to its fintech suite of products, online lender Kabbage is launching a small business checking account. In partnership with bank holding company Green Dot, the FDIC-insured checking account features an attractive APY and no-overdraft-fees, with additional features to be added later on. Banking Dive has the details.
Easy access savings accounts
Joining other nonbank challengers who have launched PFM (personal finance management) apps to compete with incumbent banks, UK fintech Chip has rolled out an interest-bearing savings account with a competitive easy access rate. Customers who sign up for the service will have their money bundled into a single shared trust account, enabling Chip to negotiate better rates from individual banks. The fintech, which leverages Open Banking to enable users to connect their bank accounts to its platform and set savings goals, plans to release more rates and accounts soon, reports Finextra.
Tech to meet today's digital demand
Goldman Sach's Marcus bank is meeting today's growing demand for digital banking now and in a post-COVID world, reports ATM Marketplace. The historic, rapid migration to doing business remotely and relying on digital technologies is expected to continue long after the COVID crisis ends. With the emerging technologies available today, there are numerous ways financial institutions can help customers transition to the "new normal" and keep customers and staff safe. ATM Marketplace has the details.
Spams, Scams, and Breaches
- Threatpost: Mac users targeted by trojanized crypto trading apps
- Tripwire: Phishing campaign sends victims to legitimate enterprise cloud sites
- Security Week: Chinese nationals charged for hacking hundreds of organizations
- Threatpost: Advanced multipurpose malware framework deployed by Lazarus Group
- Cyber Scoop: North Korean hackers perfecting their trade and scouting for new targets
Updates, Patches, and Alerts...
- US-CERT: Current Activity
- Threatpost: Critical Adobe Photoshop flaws patched in an emergency update
- Tech Radar: Businesses across the world targeted by fake Google Chrome update
- Help Net Security: Microsoft releases new encryption, data security enterprise tools
See what other current hot cyber and technology topics affecting financial institutions BOL users are discussing in the Technology Forum.
And on the lighter side...
Despite the term "Dog Days of Summer" that is often used to describe this time of year, dogs have nothing to do with the hot, humid and oppressive days that have descended upon most of the country. If you must leave the comfort of your home or office AC in the unbearable heat, Sony has developed a portable, wearable AC that is a high-tech cross between a wireless mouse and a baby monitor.
First published on 07/24/2020