Finance

Report: Cyber Ring Stole Data To Game Stock Market | Reuters

Reuters has the story this morning about a new report out from the folks at FireEye about a cyber espionage ring that targets financial services firms. The campaign, dubbed FIN4 by FireEye, stole corporate secrets for the purpose of gaming the stock market. FireEye believes that the extensive cyber operation compromised sensitive data about dozens of publicly held companies. According to FireEye the victims include financial services firms and those in related sectors, including investment bankers, attorneys and investor relations firms. Rather than attempting to break into networks overtly, the attackers targeted employees within each organization. Phishing e-mail messages led victims to bogus web sites controlled by the hackers, who harvested login credentials to e-mail and social media accounts. Those accounts were then used to expand the hackers reach within the target organization: sending phishing email messages to other employees. The criminals behind FIN4 sought data that could be useful to stock traders, including Securities and […]

Continue Reading

White House Cyber Chief: JP Morgan Underscores Critical Infrastructure Risk

The White House’s cyber security czar, Michael Daniel, said the Obama Administration is deeply concerned about the reported hack of systems belonging to banking giant JP Morgan Chase & Co. but sees the incident as part of a larger trend of attacks against U.S. critical infrastructure. Asked about the targeted attack against JP Morgan and other banks and financial institutions, Daniel said that the White House was concerned, but not surprised by the incident. “We have watched for several years the trend of malicious actors in cyber try to figure out how to target critical infrastructure,” he said. “Financial services is critical infrastructure.” The White House was concerned that a major U.S. bank would fall victim to hackers, but sees it in the context of a “broad trend,” rather than an isolated incident, he said. Speaking with Michael Farrell, the Cybersecurity Editor at Christian Science Monitor, Daniel hit on many of the now-common talking […]

Continue Reading
vArmour

With $42m Invested, vArmour uncloaks with Software Defined Security

In the old days, startups would pull together funding from a small group of early “angel” investors and rush to get a product – any product- to market as soon as possible. The idea was to prove viability in the hopes of attracting larger investments that would let you actually develop the product you really want to sell. But that doesn’t work well for companies that want to solve really hard problem. Such projects, justifiably, need a longer runway that isn’t suited to vaporware or rapid product iteration. vArmour Networks, a Mountain View-based startup that emerged from “stealth” mode yesterday, is a good example of that latter kind of start-up. The company has already raised $42 million in three rounds, dating back to January, 2013. It is offering technology to tackle a vexing product: how to secure the information flowing within and between the growing ranks of virtual data centers. With […]

Continue Reading
Moscow International Business Center

Must Read: How Russian Hackers Stole the Nasdaq – Businessweek

If there’s one story you should read this week, its Michael Riley’s extensive report over at Businessweek on the 2010 compromise of systems belonging to the Nasdaq stock exchange, “How Russian Hackers Stole the Nasdaq.” The incident was extensively reported at the time, but not in great depth. Obviously, the parties involved weren’t talking. And Nasdaq’s public statements about the compromise woefully downplayed its severity, as Riley’s report makes clear. Among the interesting revelations: the Nasdaq may have fallen victim to a third-party compromise – similar to the hack of Target earlier this year. In the case of Nasdaq, investigators from the FBI, NSA and (eventually) CIA found discovered that the website run by the building management company responsible for Nasdaq’s headquarters at One Liberty Plaza had been “laced with a Russian-made exploit kit known as Blackhole, infecting tenants who visited the page to pay bills or do other maintenance.” What’s clear is […]

Continue Reading
Internet of Things and Enterprise Risk Panel

Video: The Internet of Things and Enterprise Risk

The Security Ledger recently hosted our inaugural event: The Security of Things Forum (SECOT). This was a high-energy, day long conference in Cambridge, Massachusetts, that brought together subject experts, executives and thought leaders from disparate areas like high tech, finance and industrial systems to talk about the tsunami of change that is the Internet of Things. One of the big questions hovering over the event: how will IoT technologies and services change the security paradigm that we’ve all be operating under- but especially in enterprises. In fact, IoT and enterprise was the topic of our very first discussion of the day: a panel chaired by Chris Rezendes of INEX Advisors, a leading consultancy focusing on IoT. SECoT Forum 2014 – Democratized Data, IOT and Enterprise Risk from Exhibitor Media Group on Vimeo It’s a really big and messy problem. As panelist Ken Pfeil of Pioneer Investments pointed out: the hack of […]

Continue Reading
1 3 4 5 6 7