Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label bloomberg. Show all posts
OCC
Banks bloomberg Cyber Attacks Data Sharing digital data email security financial attack Financial Data Hacker attack OCC

Top U.S. Banks Cut Off Digital Data Sharing With OCC After Major Cyberattack

 

Several of the largest banks in the United States have curtailed or reassessed how they share sensitive data with the Office of the Comptroller of the Currency (OCC), after a significant cyberattack compromised the regulator’s email system. 

According to Bloomberg, JPMorgan Chase and Bank of New York Mellon have paused all electronic communications with the OCC. Bank of America is continuing to share data, but through what it considers more secure digital channels. The decision follows the discovery that hackers had accessed over 100 email accounts at the OCC for more than a year—a breach labeled a “major incident” by both the OCC and the U.S. Treasury Department. 

The hackers reportedly obtained highly sensitive information related to financial institutions, although their identities remain unknown. The OCC, a bureau under the Treasury, oversees over 1,000 national banks and savings associations, including the U.S. branches of foreign institutions. Among the materials potentially exposed are reports on cybersecurity protocols, internal vulnerability assessments, and National Security Letters—documents that may contain classified intelligence regarding terrorism or espionage. 

Banks have raised concerns about the extent of the breach and the OCC’s communication about the incident. Some financial institutions reportedly did not learn of the scope of the compromise until media coverage surfaced. As a result, there is growing distrust among regulated institutions regarding how the OCC has handled disclosure and mitigation. The OCC said it is actively working with independent cybersecurity experts, including Mandiant and Microsoft, to investigate the breach and determine whether stolen data has surfaced on the dark web. 

A contractor is also reviewing two internal communication systems—BankNet and another used for transferring large files—to assess whether they were affected. While JPMorgan and BNY Mellon have suspended digital transmissions, Citigroup has continued data sharing due to its existing consent order with the OCC. It remains unclear whether other major banks like Wells Fargo or Goldman Sachs have taken similar steps. Experts warn that the breach could enable targeted cyberattacks or extortion attempts, as the stolen material may offer insight into institutional vulnerabilities. 

According to former Treasury CIO Eric Olson, the exposed data is “as sensitive as it gets.” The incident has drawn attention from Congress, with both the House Financial Services Committee and the Senate Banking Committee seeking more information. Experts view the banks’ decision to reduce data sharing as a sign of eroding trust in the OCC’s ability to safeguard critical regulatory communications.
Read more »
Twitter X
Biometric data bloomberg Privacy Privacy Policy Twitter users Twitter X

New Privacy Policy: X Plans on Collecting Users’ Biometric Data


According to a new privacy policy introduced by X (formerly known as Twitter), it will soon be collecting its users’ biometric data. 

The policy says that the company intends to compile individuals' employment and educational histories. According to the policy page, the modification will take effect on September 29. 

The updated policy reads, “Based on your consent, we may collect and use your biometric information for safety, security, and identification purposes.” While biometric data usually involves an individual’s physical characteristics, like their face or fingerprints, X has not yet specified the data they will be collecting. Also, X is yet to provide details on its plans to collect it. 

In a conversation with Bloomberg, the company noted that biometrics are only for premium users and will have the opportunity to submit their official ID and a photograph in order to add an additional layer of verification. According to Bloomberg, biometric information can be retrieved from both the ID and the image for matching reasons.

“This will additionally help us tie, for those that choose, an account to a real person by processing their government issued ID[…]This will also help X fight impersonation attempts and make the platform more secure,” X said in a statement to Bloomberg.

Last month, X had its name filed in a ‘proposed class action suit,’ where it was accused of illicitly capturing, storing and using Illinois residents’ biometric data,, including facial scans. The lawsuit says X “has not adequately informed individuals” that it “collects and/or stores their biometric identifiers in every photograph containing a face.”

In addition to the modified details of the biometric collection, X’s updated policy reveals its intention of storing users’ employment and education history. 

“We may collect and use your personal information (such as your employment history, educational history, employment preferences, skills and abilities, job search activity and engagement, and so on) to recommend potential jobs for you, to share with potential employers when you apply for a job, to enable employers to find potential candidates, and to show you more relevant advertising,” the updated policy reads.

The move seems to be related to the beta functionality of X, which enables verified companies on the network to publish job postings on their accounts. The prominent social networking platform has also established a legitimate @XHiring account. The hiring drive is a component of Musk's plans to make X an "everything app."  

Read more »
Unauthorized access
Asia bloomberg CCTV Cyber Security Dark Web Database Breach Telegram Unauthorized access

Data Centers Hacked to Collect Data from Multinational Firms

Over the past 18 months, there have been reports of cyberattacks against numerous data centers in various parts of the world, which have led to the leakage of information about some of the biggest corporations in the world and the publication of access privileges on the dark web.

Resecurity discovered several actors on the dark web, some of whom may have come from Asia, who were able to access customer records and exfiltrate them from one or more databases linked to particular apps and systems utilized by various data center firms during the campaign.

Initial access in at least one of the situations was probably obtained through a weak helpdesk or ticket management module which was connected with other programs and systems, allowing the threat actor to move laterally.

According to Resecurity, the threat actor was able to harvest credentials for data center IT personnel and clients, as well as a list of CCTV cameras and their corresponding video stream identifiers used to monitor data center settings.

Bloomberg said that two of the victim companies are GDS Holdings, based in Shanghai, and ST Telemedia Global Data Centres, based in Singapore. Resecurity did not identify the data center operators that were mentioned in the attack.

According to Bloomberg, GDS acknowledged that a customer assistance website was compromised in 2021 but insisted that there was no risk to the IT systems or data of its clients. It presented no risk to the clients, according to ST Telemedia.

According to Resecurity, businesses with a global presence in finance, investment funds, biomedical research firms, technology vendors, e-commerce sites, cloud services, ISPs, and content delivery network firms were among those whose information was exposed. According to the researchers, the companies are headquartered in the US, UK, Canada, Australia, Switzerland, New Zealand, and China.

Resecurity has not pinpointed any known APT groups as the perpetrators of the attacks. The experts point out that numerous, distinct perpetrators might compromise the victims.
Read more »
Russia
bloomberg Central Bank of Russia Crypto Currency Crypto Currency law crypto legalisation Cyber Security Digital Asset digital currency Russia

The Moscow Kremlin and the Russian Government Have Estimated the Russian Cryptocurrency Market at $214 Billion

 

Bloomberg claims, citing its own sources that the Kremlin and the Russian government have estimated the Russian cryptocurrency market at $214 billion. This assessment is used during the development of a plan to regulate the industry. 

The volume of cryptocurrency held by Russians was calculated in January 2022 by analyzing the IP addresses of major cryptocurrency exchange users and other information. The agency writes that the estimate may be an underestimate because many traders hide their activities. 

In November 2021, the Central Bank of Russia estimated the annual volume of transactions of Russians with digital assets at $5 billion. The data were obtained based on the results of a survey of large banking organizations in July 2021. The Central Bank also noted that Russian users are among the most active participants in the digital currency market. Russia is among the leaders in the number of visits to digital currency exchanges. 

Later, during the parliamentary hearings, Anatoly Aksakov, head of the State Duma Committee on Financial Market, estimated investments of Russian residents in cryptocurrencies at $194 million. Aksakov stressed that unqualified investors are also interested in digital assets, so the authorities need to determine the position on digital assets and legislate it. 

It is interesting to note that on January 20, the Central Bank published a report for public discussion, in which it proposed to ban the issuance, circulation, and exchange of cryptocurrencies in Russia, as well as the organization of these operations. The regulator also considers it necessary to ban the mining of digital assets and start monitoring the investments of Russians in cryptocurrency on foreign trading platforms. 

However, after the Central Bank report, Deputy Prime Minister Dmitry Chernyshenko approved a roadmap on cryptocurrencies, which proposes the regulation of cryptocurrencies, rather than their prohibition, identification of customers, responsibility for illegal trafficking of digital assets, as well as the development of a methodology for assessing the value of cryptocurrencies. 

Representatives of the Ministry of Finance, the Ministry of Economic Development, the Prosecutor General's Office, Rosfinmonitoring, the FSB, the Ministry of Internal Affairs, the Federal Tax Service, the Ministry of Finance, and the Bank of Russia participated in the development of the roadmap. 

On January 26, Russian President Vladimir Putin called on the government and the Central Bank to come to a consensus on the regulation of digital assets. The Head of state said that he was familiar with the discussion concerning the regulation of cryptocurrencies. 

Earlier, CySecurity News reported that the Russian billionaire Oleg Deripaska criticized the Central Bank for allegedly “infantilely closing his eyes to the growing cryptocurrency market.” As an argument, the billionaire cited the actions of the US Treasury, which, according to him, invests in the crypto industry.
Read more »
Subscribe to: Posts (Atom)