Tech Talk: Financial optimization, ID verification, biometric cards, and more!

• State-sponsored attackers stole hacking tools
• Payments have become tech arms race
• Combating the virtual and physical threats
• Navigating the security maze in a new era of cyberthreats
• Swedish challenger Rocker pilots biometric card
• Ransomware makes up half of all major incidents
• Financial optimization: The core business of a bank?
• The line between physical security & cybersecurity blurs
• ID verification is no longer an obstacle to global growth
• Spam, Scams & Breaches
• Updates, Patches & Alerts
• and on the lighter side...

State-sponsored attackers stole hacking tools
U.S. cybersecurity company FireEye has suffered a breach, FireEye CEO Kevin Mandia has disclosed on Tuesday. The attackers accessed and stole FireEye’s Red Team tools, which the company uses to probe other organizations’ security posture to help them improve it. Help Net Security has the details.

Payments have become tech arms race
The vast majority of banks (94%) believe that the Covid-19 pandemic has turned the payments market into a technology arms race for which they are unprepared. This is the finding from a survey of 200 European banking executives carried out by card issuing platform Marqeta. Finextra has the details.

Combating the virtual and physical threats
Today, banks must contend with near-constant cyber attacks from organized criminal gangs, as well as highly skilled and well-resourced threat actors working on behalf of nation-states. Help Net Security has the details.

Navigating the security maze in a new era of cyberthreats
As we look forward to the new year and the potential for a return to some measure of normalcy, we have the opportunity to consider how we might tackle the new challenges of the rapidly evolving cyber-threat environment going forward. Dark Reading has the details.

Swedish challenger Rocker pilots biometric card
Swedish digital banking challenger Rocker is set to pilot the country's first contactless fingerprint biometric debit card. The firm is working with augmented identification vendor Idemia to roll out the card early next year, enabling users to ditch their PINs for payments. Finextra has the details.

Ransomware makes up half of all major incidents
Ransomware attacks made up the majority of serious cyber intrusions this year, accounting for 51% of all incidents investigated by CrowdStrike in 2020, according to the company's yearly incident-analysis report. has the details.

Financial optimization: The core business of a bank?
You could argue that the main role of a bank is to increase the buying power of its customers and support their customers in increasing their assets. Whether through credits or investments, both solutions make purchases possible, which can lead to a positive future return. Finextra has the details.

The line between physical security & cybersecurity blurs
Protecting people and property is as important as ever, and devices like IP cameras and other sensors have put powerful new capabilities in the hands of security teams. But the connected nature of these devices has brought new challenges to bear. has the details.

ID verification is no longer an obstacle to global growth
There continues to be a huge increase in smartphone usage throughout the world. This proliferation opens the door to financial services organizations based in the west to use all the sources of information the mobile device provides to inform the identity of prospective and existing customers. has the details.

Spams, Scams, and Breaches

• TechRepublic: Experian predicts 5 key data breach targets for 2021
• Dark Reading: Phishing Campaign Targets 200M Microsoft 365 Accounts
• TechCrunch: Spam calls grew 18% this year despite the global pandemic
• Threatpost: Apple Manufacturer Foxconn Confirms Cyberattack
• Dark Reading: Global Cybercrime Losses Cross $1 Trillion Mark
• TechRepublic: How ID fraud has surged in the wake of COVID-19

Updates, Patches, and Alerts...

• US-CERT: Current Activity
• SecurityWeek.Com: Microsoft Patches Critical SharePoint, Exchange Security Holes
• Threatpost: High-Severity Chrome Bugs Allow Browser Hacks
• SecurityWeek.Com: Wormable, Zero-Click Vulnerability in Microsoft Teams
• Threatpost: 'Amnesia:33' TCP/IP Flaws Affect Millions of IoT Devices
• SecurityWeek.Com: Unauthenticated Command Injection Flaw Exposes D-Link VPN Routers to Attacks
• Threatpost: Adobe Warns Windows, macOS Users of Critical-Severity Flaws
• CISA: CERT/CC Releases Information on Vulnerabilities Affecting Open-Source TCP/IP Stacks
• SecurityWeek.Com: Possible Code Execution Flaw in Apache Struts
• Threatpost: Google Patches Critical Wi-Fi and Audio Bugs in Android Handsets
• SecurityWeek.Com: VMware Patches Workspace ONE Access Vulnerability Reported by NSA
• Krebs on Security: Patch Tuesday, Good Riddance 2020 Edition — Krebs on Security
• SecurityWeek.Com: OpenSSL Ships ‘High Severity’ Security Patch
• TechRepublic: WatchGuard Q3 cybersecurity report finds spike in network attacks and malware delivered over TLS
• SecurityWeek.Com: New Injection Technique Exposes Data in PDFs
• Help Net Security: Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack
• SecurityWeek.Com: December 2020 Android Updates Patch 46 Vulnerabilities
• Computerworld: December Patch Tuesday round-up: Winding down for the year
• SecurityWeek.Com: Cybersecurity Agencies Warn of High-Severity OpenSSL Vulnerability

See what other current hot cyber and technology topics affecting financial institutions BOL users are discussing in the Technology Forum.

And on the lighter side...

Here's a compilation of Jim Gaffigan's observations about technology, covering many changes over his long career. (It's a bit longer than what we usually post.) Jim Gaffigan on Technology