Who will the winners be in the future of fintech?

So what happens when fintech ‘brings it all together’? In a world where people access their financial services through one universal hub, which companies are the best-positioned to win? When open data and protocols become the norm, what business models are set to capitalize on the resulting rush of innovation, and which will become the key back-end and front-end products underpinning finance in the 2020s?

Cyber security leaders prepare as criminals gear up for 'Cyber Monday'

WASHINGTON (Gray DC) -- The deals will be hot and consumers are looking to take advantage. But criminals are also hoping to cash in this Cyber Monday. The Department of Homeland Security is hoping to guide Americans to internet safety.

Keystrokes in place of shopping carts and long lines. No hand-to-hand combat with neighbors over the last tv in the store. But danger looms on the web...bad actors licking their chops ahead of Cyber Monday.

"Trying to find that person that (they) can trick into clicking on a link or downloading a malicious attachment," said Jeanette Manfra, Assistant Director for Cybersecurity for the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.

Security lessons from a Mac-only fintech company

Build America Mutual, a leading U.S. municipal bond insurer, is an all Apple shop. And even though macOS and iOS are generally secure, threats to the platforms continue to rise.

Apple remains a highly secure choice for enterprise professionals, but security threats remain and the environment requires sophisticated endpoint management tools, according to Build America Mutual (BAM) CTO David McIntyre.

Data breach possibly compromised personal info of over 500 Virginia police employees

Officials say a possible data breach may have compromised the personal information of more than 500 employees of a Virginia police department.

Fairfax County Police Chief Edwin Roessler Jr. told the Washington Post that he doesn't have any reports that officers' personal information has been exploited.

But the chief says he is concerned after learning that officers' names, dates of birth and Social Security numbers may have been compromised by the potential breach at a neighboring police department.

Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources

WASHINGTON (Reuters) - Senior government officials in multiple U.S.-allied countries were targeted earlier this year with hacking software that used Facebook Inc’s (FB.O) WhatsApp to take over users’ phones, according to people familiar with the messaging company’s investigation.

Sources familiar with WhatsApp’s internal investigation into the breach said a “significant” portion of the known victims are high-profile government and military officials spread across at least 20 countries on five continents. Many of the nations are U.S. allies, they said.

The hacking of a wider group of top government officials’ smartphones than previously reported suggests the WhatsApp cyber intrusion could have broad political and diplomatic consequences.

City of Joburg, banks under cyber attack

The City of Johannesburg reported a breach of its network on Thursday night and shut down its website and all e-services, hours after receiving a bitcoin ransom note from a group called the Shadow Kill Hackers.

The hack occurred at the same time that several banks also reported internet problems believed to be related to cyber attacks.

In a message on Twitter posted just after 11pm the city said it had “detected a network breach which resulted in an unauthorised access to our information systems”.

Banks no longer 'like god': Are we ready for fintech 2.0?

International fintech entrepreneurs are watching the local financial technology sector closely and warn Australia may not be prepared for the new world of banking just around the corner.

Next February, Australia's "consumer data right" will be put into action when banks will be required to share customer information on a range of products including mortgages and transaction accounts.

A hacker’s paradise? 5G and cyber security

The rollout of fifth-generation mobile networks — which offer the potential for downloads speeds of up to 10 times faster than today’s — will change how we communicate, work and stream video.

However, the faster speeds are also likely to present an opportunity for hackers to target more devices and launch bigger cyber attacks, experts say.

The problem is unlikely to be the security of 5G technology itself. Despite researchers uncovering apparent flaws in 5G’s security — such as the ability for attackers to use fake mobile base stations to steal information — 5G’s stronger encryption of data and better verification of network users are widely considered to be a significant improvement on 4G.

Cyber Security Market to be Driven by Increasing Cases of Phishing and Malware Threats Till 2025 | Million Insights

FELTON, California, Sept. 16, 2019 /PRNewswire/ -- The global Cyber Security Market is estimated to witness a healthy CAGR during the forecast period, according to a report available on Million Insights. Cyber security is defined as advanced technology that protects computer systems, programs, and networks from digital attacks. These attacks are aimed at accessing, changing, and destroying important information related to businesses. Implementation of advanced cyber security solutions in organizations provides complete protection against threats such as malware, ransomware, phishing, and social engineering.

Rising cases of phishing and malware threats in organizations is anticipated to propel cybersecurity market growth. Growing adoption of digitalization prompts organizations to depend on digital information. Sharing huge volume of data in internal and external environment across the globe is likely to create vulnerabilities in the network. Such network vulnerabilities allow hackers to intrude and access important data. This factor is expected to impel demand for advanced network solutions to secure information and software. Stringent government regulations on data privacy in organizations is expected to impel market growth. Moreover, growing adoption of data center, cloud computing, and wireless communication will drive the cyber security industry over the forecast period.

'There will be accidents ... in the cloud,' ECB warns

A senior official at the European Central Bank warned that banks embracing external data storage and other digital technology need to face an uncomfortable truth: there’s a good chance they’ll get hacked.

“There will be accidents, especially in the cloud,” Korbinian Ibel, a director general at the ECB’s supervisory arm, said in an interview. “It’s not that clouds are more vulnerable, they’re actually often better protected than in-house systems, but they’re seen as juicy targets.”

So far, Europe has been spared the kind of hack that hit Capital One Financial, which said last month that data from about 100 million people in the U.S. was illegally accessed. That may change as the region’s banks face increasing pressure to reduce costs with new technology and make up for the squeeze on revenue from lower interest rates.

ECB shuts down one of its websites after hacker attack

FRANKFURT (Reuters) - The European Central Bank (ECB) shut down one of its websites on Thursday after it was hacked and infected with malicious software.

The ECB said no market-sensitive data had been compromised during the attack on its Banks’ Integrated Reporting Dictionary (BIRD), which it uses to provide bankers with information on how to produce statistical and supervisory reports.

But it added malware had been injected on the server hosting the site, adding that the email addresses, names and titles of the subscribers of the BIRD newsletter might have been stolen.

Banking on Security: Keeping Data Secure in Financial Services

The protection of sensitive data in line with regulations, both for banks and other financial services organisations, is currently a big challenge. The way these organisations operate has changed dramatically in recent years, due mostly to the fact that financial institutions are not only heavily regulated by data privacy requirements, but they are also under mounting pressure to be open to consumers and businesses about how they are protecting their data from potential breaches.

The increasing expectations of consumers means that banks and financial institutions are trying to achieve a balancing act: how can they protect data privacy, while at the same time remaining transparent about how data is being protected? However, it doesn’t have to be a play-off between meeting these customer expectations and meeting cyber security and compliance requirements: banks and financial services organisations can utilise technology to the fullest extent while still protecting data. 

How the Accused Capital One Hacker Stole Reams of Data From the Cloud

The woman who allegedly pulled off one of the largest-ever bank-data heists appeared to have exploited a vulnerability in the cloud that security experts have warned about for years.

Paige A. Thompson, a former employee at Amazon.com Inc. AMZN -1.73% ’s cloud-computing unit who was arrested Monday, is accused of carrying out the massive theft of 106 million Capital One Financial Corp. COF -1.16% records.

Why Today’s Cybersecurity Requires Detection, Not Prevention

Given the current risk climate, cybersecurity is top of mind for organizations of all sizes and industries. In fact, according to recent research, the global cybersecurity market is expected to grow significantly from 2018 to 2023, amassing a global revenue of $193.76 billion by 2023.

Data breach prevention tactics, such as anti-virus software, network perimeter security and end-user training, have become commonplace, and IT departments are bolstering their cybersecurity toolboxes at a rapid clip to avoid data loss and becoming the target of a debilitating attack. Additionally, the security perimeter continues to change as smartphones and cloud apps make it easier to share data, collaborate on projects and access anything, at anytime and anywhere – including our sensitive work files. The new security perimeter is us, and this shift and introduction of new attack vectors has naturally influenced even greater global expansion of the cybersecurity market.

BankThink The brightest fintech minds could be right in your office

In the coming decade, the financial services industry will be faced with unprecedented opportunities and challenges: With changing workforce demographics, the disruption of traditional business models and rapid technology shifts.

The industry needs to adapt by revitalizing the system from within, and seizing new ways to drive innovation, productivity and performance.

These developments are expected to have tremendous consequences for the future of work. Despite best efforts, companies will not be able to escape the largest risks related to globalization and deglobalization, as well as technological and digital transformation.

How financial services combat the threat of cyber crime?

The financial services industry is naturally a lucrative target for cyber criminals so it is imperative they invest in cybersecurity. Here we look at how organisations can go about combatting the threat of cyber crime

British Airways faces record £183m fine for data breach

The airline, owned by IAG, says it is "surprised and disappointed" by the penalty from the Information Commissioner's Office (ICO).

At the time, BA said hackers had carried out a "sophisticated, malicious criminal attack" on its website.

The ICO said it was the biggest penalty it had handed out and the first to be made public under new rules.

How artificial intelligence is helping banks

Investment in AI by banks and financial institutions for risk-related functions such as fraud and cybersecurity, compliance, and financing and loans has grown dramatically in the last half-decade compared to customer-facing functions.

We recently launched our AI in Banking Vendor Scorecard and Capability Map report, our largest report on the state of artificial intelligence in banking. During the course of our research, we worked with experts including PhDs in AI and corporate heads of AI at top US banks to categorize AI vendor products based on the banking functions into which they are applied. We found that many of the AI products we categorized could be applied to more than one business function.

Facebook co-founder: Libra currency could give firms excess power

One of Facebook’s co-founders has warned the social network’s plans for a digital currency called Libra could allow corporations involved in the scheme to wield power over nation states.

Chris Hughes, whose role in the early days of Facebook has given him a net worth estimated at $430m (£340m), said global regulators should intervene to slow the progress of the cryptocurrency.

Facebook is developing Libra from a base in Switzerland, in partnership with 27 other corporations – including Mastercard, Paypal, Uber and Vodafone – collectively known as the Libra Association.

Central bank calls on financial institutions to sign up on cybersecurity sharing platform

TO HELP strengthen the banking industry’s resilience to cyber attacks, the Bangko Sentral ng Pilipinas (BSP) has ordered BSP-supervised financial institutions (BSFIs) to participate in a cybersecurity sharing platform hosted by the Bankers Association of the Philippines (BAP).

“In order to further strengthen the industry’s cyber-resilience amidst growing threats, the BSP reiterates the need for BSFIs to have a collective, coordinated and strategic cyber response through information sharing and collaboration,” according to BSP Memorandum No. M-2019-016 issued on June 11 and published last June 13 as signed by Sector-in-Charge Restituto C. Cruz of the Financial Supervision Sector.

Personal Information of Nearly 900,000 Banking Customers of Three Major Russian Banks Leaked Online

Customer data belonging to OTP Bank, Alfa Bank, and HCF Bank have been made publicly available on the internet.

The data includes customer names, phone numbers, addresses, credit limit, passport details, and in some cases the place of work, year of birth, passport data, and account balance.

Over 2.3 billion sensitive business data were exposed online in the last 12 months

• This is a 50% increase when compared to the 1.5 billion files exposed during 2017-18.
• The United States exposed the most data, accounting for over 326 million files.

Misconfigured online file storage technologies have exposed more than 2.3 billion corporate files in the last 12 months. This is an increase of 50% when compared to the 1.5 billion files exposed during 2017-18.

Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra.

Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and has previously launched attacks against a number of media organizations, aerospace, financial and critical infrastructure sectors across the world.

The group had also reportedly been associated with the WannaCry ransomware menace that last year shut down hospitals and big businesses worldwide, the SWIFT Banking attack in 2016, as well as the Sony Pictures hack in 2014.

'GozNym' Banking Malware Gang Dismantled by International Law Enforcement

In a joint effort by several law enforcement agencies from 6 different countries, officials have dismantled a major global organized cybercrime network behind GozNym banking malware.

GozNym banking malware is responsible for stealing nearly $100 million from over 41,000 victims across the globe, primarily in the United States and Europe, for years.

GozNym was created by combining two known powerful Trojans—Gozi ISFB malware, a banking Trojan that first appeared in 2012 and Nymaim, a Trojan downloader that can also function as ransomware.

A new wave of attacks targeting financial services and online services in Africa

During Kaspersky Lab’s annual Cyber Security Weekend that took place in Cape Town, South Africa, Kaspersky Lab experts discussed the wide spread growth of mobile payments across the globe and the many cyber risks that surround such technology.

Especially the recent SIM swap fraud wave, which have become very common in Africa and the wider region. In South Africa this type of fraud more than double in the last year, according a report of South African Banking Risk Information Centre (SABRIC).

High-volume eGobbler malvertising campaign exploits zero-day Chrome bug

A malicious actor has been leveraging a Google Chrome browser exploit to deliver malvertisements to iOS users, including a campaign earlier this month during which 500 million user sessions were exposed to a session hijacking attack.

Dubbed eGobbler by researchers at Confiant, the threat actor from April 6-10 ran a massive operation consisting of eight individual campaigns and more than 30 fake creatives. Each mini-campaign lasted around two days and had its own unique targeting, although most affected publishers were based in the U.S.

In a company blog post, Confiant researcher Eliya Stein said the operation was among “the top three massive malvertising campaigns that we have seen in the last 18 months.”

80 Eye-Opening Cyber Security Statistics for 2019

Cyber attacks have never been more prevalent than they will be in 2019 It’s an interesting and challenging time to be working in the cyber security industry. By and large, research indicates that cybercrime is on the rise — news headlines support these findings as major companies like Marriott, Equifax, Yahoo, and Facebook find themselves in the crosshairs of cyber attacks. Even sacrosanct governmental election processes the world over are not excluded from falling prey to cybercriminals and are a part of the increasing statistics about cyber security and cyber attacks.

Phishing threats 2019: The experts tell all

It is becoming better understood that, in order to stop phishing attacks, we need to be able to see them coming. At the same time, it also helps to have an idea around which phishing and malware threats we should be keeping an eye out for.

This is according to Anton Jacobsz, CEO at value-added distributor Networks Unlimited Africa who was referencing a report shared by Cofense (formerly PhishMe), a leading provider of intelligent phishing defence solutions.

Toyota reports second breach in five weeks

For the second time in five weeks, Toyota has acknowledged a breach – this one affecting 3.1 million customers at its subsidiaries while the first was in Australia and believed to be the work of Ocean Lotus, or APT32.

The company isn’t yet sure if the hackers nicked any data from its systems but said customers of subsidiaries, including , Lexus Koishikawa Sales, Lexus Nerima, Toyota Tokyo Sales Holdings, Toyota West Tokyo Corolla, Toyota Tokyo Corolla and Tokyo Tokyo Motor were among those that could be affected.

Cyber security for FinTech: Central Security Baseline for Multi-Clouds and DevOps

Fintech is a digital native business and most of them have chosen to adopt the cloud with great success to win more banking customers.

Regulations such as the EU GDPR and financial market compliance requirements are becoming more and more restricting. Moving applications and services into cloud means also having applications in a multi-cloud or even hybrid environment.

Cyber incidents, major risks for financial services -study

The financial services industry’s biggest risks are cyber incidents, which are increasingly bringing significant disruption and financial losses to the industry. Cyber incidents take the top spot for two years running with a response rate of 46% versus 51% last year. This is according to the eighth Allianz Risk Barometer 2019, an annual survey on global business risks from Allianz Global Corporate & Specialty (AGCS), which incorporates the views of a record 2,415 experts from 86 countries including CEOs, risk managers, brokers and insurance experts.

New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild

You must update your Google Chrome immediately to the latest version of the web browsing application.

Security researcher Clement Lecigne of Google's Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the computers.

The vulnerability, assigned as CVE-2019-5786, affects the web browsing software for all major operating systems including Microsoft Windows, Apple macOS, and Linux.

Cybersecurity companies look to artificial intelligence as they struggle to find human workers

If you’re going to the play the “AI” drinking game at RSA Conference 2019, you may not make it out alive.

Ahead of the industry’s largest trade show in San Francisco, vendors are already touting AI-based solutions meant to address one of the industry’s most pressing issues: a scarcity of workers qualified to defend against cyberattacks. Over the past week, both Palo Alto Networks Inc. PANW, -0.32%  and Microsoft Corp. MSFT, +0.45%  announced new AI-branded services to address an often-cited lack of cybersecurity workers qualified to keep on top of an exponentially growing number of cyberattacks.

Google Ditches Passwords in Latest Android Devices

Google has announced FIDO2 certification for devices running on Android 7 and above – meaning that users can use biometrics, fingerprint login or PINs instead of passwords.

Half of all Android users can now log into apps and websites on their devices – without having to remember a cumbersome password.

On Monday, Google and the Fast IDentity Online (FIDO) Alliance announced that devices running Android 7 or later are certified by the FIDO2 standard, meaning that users can forego using passwords and instead use their fingerprint or a PIN to log into browsers or apps on their devices.

When companies fight back against hackers

The deluge of cyberattacks sweeping across the world has governments and companies thinking about new ways to protect their digital systems, and the corporate and state secrets stored within.

For a long time, cybersecurity experts have erected firewalls to keep out unwanted traffic and set up decoy targets on their networks to distract hackers who do get in. They have also scoured the internet for hints about what cybercriminals might be up to next to better protect themselves and their clients.

Now, though, many leaders and officials are starting to think about stepping up their defensive activities, by taking more active measures. An extreme option within this field of active defense is sometimes called “hacking back” into an adversary’s systems to get clues about what they’re doing, shut down the attack or even delete data or otherwise damage an attacker’s computers.

Meeting the Threat in 2019: Cybersecurity for Financial Services

In September 2017, Equifax experienced an enormous data breach resulting from a cyberattack, with over 148 million people’s sensitive, personally-identifying information exposed. The hack that impacted Equifax resulted from a “failure to use well-known security best practices and a lack of internal controls and routine security reviews,” wrote Fortune.1

Just a few years before, in 2014, JP Morgan Chase experienced "the largest theft of customer data from a U.S. financial institution in history" up to that date, according to then-US Attorney for the Southern District of New York, Preet Bharara.2 This hack was executed by exploiting known vulnerabilities in computer programs used by the company in order to access valuable customer data. As a result of this hack, close to 76 million customers had their sensitive data jeopardized.

New Mac Malware Targets Cookies to Steal From Cryptocurrency Wallets

Mac users need to beware of a newly discovered piece of malware that steals their web browser cookies and credentials in an attempt to withdraw funds from their cryptocurrency exchange accounts.

Dubbed CookieMiner due to its capability of stealing cookies-related to cryptocurrency exchanges, the malware has specifically been designed to target Mac users and is believed to be based on DarthMiner, another Mac malware that was detected in December last year.

Uncovered by Palo Alto Networks' Unit 42 security research team, CookieMiner also covertly installs coin mining software onto the infected Mac machines to secretly mine for additional cryptocurrency by consuming the targeted Mac's system resources.

Potential global cyber attack could cause $85 billion-$193 billion worth of damage: report

(Reuters) - A co-ordinated global cyber attack, spread through malicious email, could cause economic damages anywhere between $85 billion and $193 billion, a hypothetical scenario developed as a stress test for risk management showed.

Insurance claims after such an attack would range from business interruption and cyber extortion to incident response costs, the report jointly produced by insurance market Lloyd’s of London and Aon said on Tuesday.

Total claims paid by the insurance sector in this scenario is estimated to be between $10 billion and $27 billion, based on policy limits ranging from $500,000 to $200 million.

South Africa is most spammed country in Africa

Truecaller has released findings from its Truecaller Insights report, a look into the top 20 countries affected by spam calls in 2018. Nuisance and unsolicited calls are on the rise around the globe, with Truecaller Insights report revealing that within large markets such as South Africa, Brazil, and India, the average Truecaller user receives more than 22 spam calls each month.

South Africans are not far behind and are some of the most spammed in the world, the insights study has revealed that the 5.3 million Truecaller app users receive a total of 21 spam calls monthly. This puts South Africa as the fourth most-spammed country, a staggering 71.4% increase in spam compared to findings from last year.

Dark web criminals 'forced' bank worker to embezzle

A bank worker has avoided jail after claiming he was forced by "dark web" criminals to embezzle £75,000 from his employer.

Dayne Lynn said he fell prey to unknown individuals after becoming curious about the online underworld after watching a TV show.

The 22-year-old claimed he was ordered to swindle from two accounts and transfer cash to a mystery crime gang.