Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Financial data is a desired target for cybercriminals. Hackers frequently attack financial institutions such as banks, loan services, investment and credit unions, and brokerage firms. Security incidents in the financial sector are extremely expensive (surpassed only by the healthcare industry), with the average total cost of a data breach reaching $4.35 million in 2022.

An insider threat is a cyberthreat that happens within an organization. Insider threats occur when current or former employees, partners, contractors or vendors cause sensitive data and systems to become compromised or steal data for their own malicious purpose. Insider threats can be intentional or unintentional, depending on the goal of the insider and if the insider is working with someone else.

TD Ameritrade is a large-scale investment company with more than 11 million clients throughout the world. The organization has more than 6,000 independent investment advisors, manages more than $1 trillion in assets, and is a big deal in the investing community. That's why it's frightening to learn that the company was breached recently and that personal and likely financial data was lost in the process.

In recent years, fake job hiring scams have become a common form of social engineering. Threat actors use these scams to steal money, launder money, commit identity theft, or carry out other fraudulent or illegal activities. The motives of threat actors behind fake job hiring scams vary. Some are simply looking to make a quick buck, while others are more interested in stealing personal information or committing identity theft.

It’s human nature: when we do something we’re excited about, we want to share it. So it’s not surprising that cybercriminals and others in the hacker space love an audience. Darknet Diaries, a podcast that delves into the how’s and why’s and implications of incidents of hacking, data breaches, cybercrime and more, has become one way for hackers to tell their stories – whether or not they get caught.

New York State’s Department of Financial Services (DFS) recently published a proposed amendment to its cybersecurity regulation affecting New York financial institutions. Part 500 of Title 23 of the New York Codes, Rules and Regulations (23 NYCRR 500) governs cybersecurity requirements for financial services companies. When first adopted in 2017, it was the first comprehensive cybersecurity regulation from a state government to govern the financial services sector.

Cross-site leaks (XS leaks) are a class of web security vulnerabilities that allow hackers to obtain sensitive information from a user’s browsing session on other websites or web apps. Modern web applications share data through various features and APIs — a function attackers can exploit to access this user data.