Wall Street & Technology's Security Weblog

Click iTunes icon or copy url below into your rss reader.

One of India's first surveys on security across the country's financial institutions has found that 30% of banks reported to have been victims of identity theft during the last year.

The sophistication of increasingly widespread fraudulent techniques such as Man-in-the-Browser attacks are forcing financial institutions to re-assess how they fight electronic fraud.

Lehman Bros has filed a lawsuit against Marubeni Corp., the Japanese trading giant, responsible for defrauding the New York-based investment bank out of US$352 million through a scam carried out by two rogue employees.

With the aim of boosting security in the financial services industry, ISO, the world's largest developer of international standards, has issued a new biometric standard for financial firms.

Several dozen financial industry and technology professionals recently gathered at the Tribeca Grand Hotel in New York, to attend a private advanced screening of "The New Face of Cybercrime," a documentary film by Academy Award-nominated filmmaker Fredric Golding.

A security expert says financial institutions must adopt a strong multi-factor security solution, which can protect them from all kinds of online attacks and do not need to be re-written when a new threat is identified.

In a bid to turn Apple’s iPhone into a business tool, Astaro, a unified threat management solution maker, announced it will now offer iPhone support to VPNs controlled by its Astaro Security Gateway appliance.

UK intelligence network MI5 has contacted 300 chief executives and security experts at leading British financial institutions, warning them that Chinese state organizations may be spying on them.

Security firm F-Secure has warned of an upsurge in attacks against banking sites, using a new generation of malicious codes in a technique called "Man in the Browser".

In the last 24 hours, there has been a spike in malicious attacks against banks, and in particular against C-level executives at financial institutions around the world.

According to a new survey, most financial services firms are not currently considering using Apple's iPhone on a corporate level – but this could change in the future.

At Wall Street and Technology's Executive Peer Roundtable on Security Risk this week, delegates pressed financial firms to consider the security threat posed by employees -- or potential employees -- using social networking sites, such as Facebook and MySpace.

It is critical to secure applications and data inside a company, they said. But it is equally important to keep a careful eye on communications between employees and the outside world.

Last week, TD Ameritrade became the latest financial firm to hit the headlines after suffering a data breach, with over 6.3m customer records stolen. Other financial institutions have also reported data breaches recently: these include JPMorgan, Fidelity Investments and Ameriprise Financial. These incidents generally stemmed from stolen laptops or careless employees (who, in the case of JPMorgan threw a bunch of clients' financial paperwork in the garbage in the street).

So, what makes TD Ameritrade’s breach so different?

TD Ameritrade Holding Corp said contact information for more than 6.3 million customers was stolen after one of its databases was hacked into.

The online broker apologized to its clients and said the breach stemmed from unauthorized code in its systems that allowed hackers to access an internal database. The discovery – and elimination of the unauthorized code – was made by the brokerage following an internal investigation of stock-related SPAM.

Four men have pleaded guilty to charges relating to a pump-and-dump market manipulation scheme that netted more than $20 million in profit. According to the U.S. Department of Justice, securities of more than 15 publicly traded companies had their prices inflated through deceptive trading practices and misinformation spread through false statements in press releases and spam e-mails sent to tens of millions of e-mail addresses.

With the number of cyber attacks continuing to rise, top security watchdog Financial Services Information Sharing and Analysis Center (FS-ISAC) has announced a partnership with MessageOne to provide urgent fully automated security alerts to its 4,000-member firms.

Job hunters posting resumes online – and recruiters perusing them - are at risk. Symantec says a Trojan targeting popular job site Monster.com has recently stolen more than 1.6 million records.

A growing number of companies are blocking their employees from using the popular social networking Web site Facebook on fears of proscrastination and security. But there are some things you can do - at least to make it safer.

According to a survey of 600 global companies carried out by security firm Sophos, 50 percent of companies ban their employees from accessing Facebook.

Most are concerned that employees are wasting company time. But many are also afraid their employees are sharing too much information on the site, which could in turn lead to targeted phishing attacks against their employer.

Welcome. My name is Mike Ellison and I am the EVP at Corporate Insight. We’re a firm that looks at the retail experience at a number of brokerage, mutual fund, and banking firms. From time to time, I’m going to be blogging on subjects related to wealth management. Much of what I will be talking about will come from our experiences in maintaining live accounts at the firms we follow in our research. When we uncover something I feel would generate some lively discussion, I’ll post it and hopefully you’ll chime in with your opinions.

To open our discussion, we recently received an email from E*TRADE on identifying and avoiding fraud that I think should generate some dialog.

Merrill Lynch has become the latest financial institution to hit the headlines because of a security lapse.

Last week, the brokerage announced it would offer free credit monitoring to an unspecified number of employees after a laptop containing staffing records and personal financial details was stolen from its corporate offices in New Jersey.

Financial institutions looking to protect themselves against identity theft and security lapses should be looking to voice biometrics, says Tel Aviv, Israel-based CellMax Systems.

Voice biometrics - the technology that authenticates the identity of a person based on their voice – is a good solution for any company doing business over a communications network that needs a person to be positively identified on the other end, Ziv Barzilay, founder and CTO of voice biometrics company CellMax, says.

If your company has leapt onto the Web 2.0 bandwagon – embracing applications like blogs, wikis and podcasts that foster increased collaboration and communication - it could be exposing its corporate networks to new attacks from hackers.

If you work for an alternative asset management firm, so much rides on protecting intellectual property, customer data and the reputation of your firm. That is the message from Raffi Jamgotchian, chief information officer at Canaras Capital LLC, an alternative asset manager specializing in credit markets that was founded in 2006.

With botnets and other dangerous forms of crimeware anonymously launching distributed attacks on companies, Canaras Capital set out to protect the firm’s reputation.

A new study has found that the Web application security landscape is still fraught with danger – and financial services firms had better watch out.

At least seven out of popular 10 Web applications have vulnerabilities that could potentially lead an unauthorized party to steal critical personal information such as social security numbers or transfer money to their accounts, according to a report by Santa Clara, Calif-based Cenzic .

May 2008 Sun Mon Tue Wed Thu Fri Sat         1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Weblogs of Interest Dark Reading: Firewalled Chief Risk Officer: New Era of Risk Management InformationWeek's Blog Digest Parry Aftab, the Privacy Lawyer

Categories Archives May 2008 April 2008 March 2008 February 2008 January 2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 May 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 February 2006 January 2006