Insurance regulators pitched on FICO-style score for cybersecurity

Insurers don't have a good way to measure their customers' cyber risk because because companies don't know how vulnerable they are.

financial news

Jeff Sessions made investors want to throw money at dark web intelligence firms

by Patrick Howell O'Neill • 4 weeks ago

"Regardless of your politics, when Jeff Sessions stands up and says 'the dark net is a concern,' that gets a lot of attention."

Insurers: Major cyberattack on cloud provider could cost more than huge hurricane

by Shaun Waterman • 1 month ago

A successful major hacking attack on a global cloud provider could cripple the nascent cyber-insurance market even though only a fraction of the losses would be covered, a new report says.

Hottest trend for phishing scammers: Buying web domains instead of hacking them

by Shaun Waterman • 2 months ago

Hackers are increasingly abusing the highly decentralized web domain name registration system to buy internet addresses they can use in phishing attacks.

10 ways to secure sensitive information on AWS

by cyber_admin • 2 months ago

Op-ed: Skyhigh Networks' Sekhar Sarukkai looks at how enterprises should protect themselves in order to avoid a repeat of the Deep Root Analytics incident.

Fitch: Cybersecurity insurance market crossed billion-dollar earnings mark in 2016

by Shaun Waterman • 2 months ago

Insurers earned $1.35 billion from cyber insurance premiums last year, a 35 percent increase over the year before, according to new figures from the ratings agency Fitch.

Insurance industry increasingly anxious about its own cyber risks

by Shaun Waterman • 3 months ago

Insurance companies are worried more than ever about cybersecurity, which is rated one of the top three risks the global industry faces for the first time in a recent survey.

Only half of U.S. firms have cyber insurance, fewer than in U.K., Canada

by Shaun Waterman • 3 months ago

About half of U.S. businesses say they don't have cyber risk insurance, compared to fewer than a third in the U.K., and the healthcare sector is lagging the worst, according to a recent survey.

Sizing up risk management: Accountants issue guide for cyber audits

by Shaun Waterman • 3 months ago

The largest professional organizations for qualified accountants issued guidance to its members this week about how to audit management claims about their company's cybersecurity.

Ukrainian hacker who stole data for insider trading ring sentenced

by Shaun Waterman • 3 months ago

A Ukrainian member of a hacker gang that stole advance copies of electronic press releases from newswire companies got two-and-a-half years in prison for his role in the insider trading scam, which prosecutors say netted about $30 million.

It finally happened: Criminals exploit SS7 vulnerabilities, prompting concerns about 2FA

by Chris Bing • 4 months ago

Cybersecurity researchers warned us that it would happen. Earlier this year, hackers were able to remotely pilfer German bank accounts by taking advantage of vulnerabilities evident in an important yet outdated communications protocol known as Signaling System 7, or SS7.

Former DHS cyber official Schneck takes financial consulting job

by Shaun Waterman • 4 months ago

Phyllis Schneck, the most senior official at the Obama Department of Homeland Security with solely cybersecurity responsibilities, has taken a job with Promontory Financial Group, one of Washington's most powerful and best-connected banking consultancies.

Verizon's annual data breach report is depressing reading, again

by Shaun Waterman • 4 months ago

The takeaway from the 10th annual Verizon Data Breach Investigations Report is depressingly familiar: Of the 1,935 breaches analyzed 88 percent were accomplished using a familiar list of nine attack vectors, meaning they could probably have been prevented by a few simple cyber-hygiene measures.

Oracle databases at risk because of a leaked NSA hacking tool, researcher says

by Chris Bing • 4 months ago

The recent outing of leaked NSA hacking tools designed to compromise SWIFT Service Alliance servers comes with a key to pry open thousands of Oracle servers around the globe, new research suggests. A mysterious group self-named the Shadow Brokers, which has been publishing authentic internal NSA documents since last summer, shared new material on April 14 detailing an expansive U.S. espionage operation aimed at hacking into Middle Eastern SWIFT service bureaus.

Hong Kong regulators move to tighten cybersecurity rules after hacks cost stockbrokers over $14M

by Patrick Howell O'Neill • 4 months ago

A wave of successful cyberattacks against Hong Kong financial institutions prompted the island's regulator to act.

Shadow Brokers leak NSA documents that may reveal operation aimed at Middle Eastern banks

by Chris Bing • 4 months ago

The mysterious group dropped their biggest leak yet Friday, including evidence that the NSA compromised offices connected to a global banking system in order to spy on Middle Eastern banks.

Business lobby pushes back on NIST Framework measurement plans

by Shaun Waterman • 4 months ago

Public comments filed by business groups voice concern about what metrics should be used for measurement and how public that demonstration ought to be.

North Korea's plan to cultivate an army of cybercrime masterminds

by Patrick Howell O'Neill • 4 months ago

Conventional wisdom says North Korea is an arsenal-craving backwater under the rule of despots. The regime, however, is driving a furious growth of its cyber capabilities.

Insider charged with writing malware to steal Wall Street firm's crown jewel algorithms

by Patrick Howell O'Neill • 4 months ago

The accused senior systems administrator was caught only when his luck ran out, according to the FBI.

North Korean hackers wanted investigators to think Russians hacked banks

by Chris Bing • 5 months ago

A group of highly skilled hackers accused of working for the North Korean government, breaking into the New York Federal Reserve Bank and stealing $81 million from Bangladesh Bank are using hacking tools with foreign computer code to make it appear like a Russian outfit is responsible. Cybersecurity researchers tell CyberScoop that the group, dubbed Lazarus, is fusing Russian language strings into their tools in an effort to confuse defenders and obfuscate attribution. The technique, discovered by Kaspersky and presented Monday at the company’s Security Analyst Summit in St. Maarten, shows how sophisticated threat actors will design attacks in ways that make it more difficult for forensic analysts to track their activity.

New warning: Super-stealthy fileless malware on the rise

by Shaun Waterman • 5 months ago

Super-stealthy, fileless malware is increasingly being used to defeat cybersecurity systems, according to a new government warning.

Continue to CyberScoop.com