Over the past few years, we've seen a surge in popularity for both consumer fintech apps, as well as fintech services for businesses.
This shift in the financial services ecosystem has empowered users to take greater control of their financial lives, equipping them with tools to better understand how and where they spend their money, increase their credit scores, prepare taxes, aggregate disparate financial and investment accounts, among many other applications.
One of the most notable trends of the 2010s was an increase in data breaches. The Privacy Rights Clearinghouse maintains a chronological database of data breaches that stretches back to 2005. Hacks and cybersecurity threats were an issue for companies and organizations even in the 1980s and the 1990s, but a simple scroll through that database will show how much more frequent data breaches have become within the past ten years. Since 2009 or 2010, notable data breaches have occurred virtually every day.
Why are these threats on the rise? One factor is that people are living more of their lives online. Between social media, online shopping, and the growing segment of the workforce that conducts most or all of its business on the internet, there are more targets for hackers and cybercriminals than ever before. This infographic shows how dramatically the production of global data has grown even in the past five years. With so much data out there, it stands to reason that cybercrime is becoming a more significant enterprise. It’s easy to imagine the culprits behind data breaches as keyboard warriors sitting alone in dark rooms, wreaking havoc from afar. What many people don’t recognize: the threat could be coming from the cubicle next door.
US officials have warned British ministers that using Huawei technology in the UK's 5G network would be "nothing short of madness".
Prime Minister Boris Johnson reacted to the warning saying that he had no intention of putting the UK infrastructure or national security at risk. He also called on critics of Huawei to suggest alternatives.
The end of Microsoft's support for Windows 7 is now just hours away. It should not come as any sort of surprise, as coverage of the end of life for the operating system has been widespread, but there are still plenty of people and businesses using the decade-old OS.
Some are put off by the hassle of upgrading (although it's easy), while others are discouraged by cost (although you can still upgrade to Windows 10 for free). But the ramifications of sticking with Windows 7 could be serious -- so much so that the UK's National Cyber Security Centre (NCSC) has issued a stark warning not to use the operating system for email or banking.
Researchers at Malwarebytes have uncovered malware pre-installed on phones offered under the US government-funded Lifeline Assistance program.
Assurance Wireless by Virgin Mobile offers the UMX U686CL phone as their most budget-friendly option at only $35 under the scheme. However, users are getting more than they bargained for. An app called Wireless Update is designed to update the phone's OS but can also install other apps without consent.
Protecting against cyberattacks and guarding against technology failures is something that most businesses now do as a matter of course. But insuring against the risks is less common and could be leaving companies open to major losses.
We spoke to Jack Kudale, CEO of cyber insurance specialist Cowbell Cyber to find out more about cyber risk insurance and why it's increasingly being seen as an essential safeguard.
The vulnerability-finding Project Zero has found Google on the end of both criticism and praise, but there has long been concern about the policy of being very quick to reveal details of vulnerabilities that have been discovered.
Previously Project Zero has given software developers a 90-day window of opportunity to fix bugs before it goes public. Details of vulnerabilities would also be published as soon as a fix was released. For 2020, Google is trying something new. The company will wait a full 90 days before disclosing a vulnerability, regardless of when the bug is fixed.
Multiple vulnerabilities in the popular TikTok video-sharing app and its back end could have allowed attackers to manipulate content on user accounts, and even extract confidential personal information.
Researchers at Check Point have found that an attacker could send a spoofed SMS message to a user containing a malicious link. If the user clicked on the link, the attacker was able to access the user's TikTok account and manipulate its content by deleting videos, uploading unauthorized videos, and making private or 'hidden' videos public.
Increasingly IT security is seen as an issue for the entire organization. This means it's often included in business targets, but setting these in a meaningful way -- and being able to meet them -- is a major challenge .
We spoke to Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic, to find out more about the difficulties of setting and measuring the success of targets for security.
Travelex, the London-based foreign exchange company, has suspended some of its services and taken its UK website offline following a cyber attack that took place on New Year's Eve.
A malware infection caused the company to take the decision to cut the cord on its services. It said that this was merely a "precautionary measure" which was done "in order to protect data". The suspension of services has caused problems for customers around the world and has had a knock-on effect for other companies including Tesco Bank and Asda.
Apple says virtualization tools violate DMCA... but Corellium says the company is attacking jailbreaking
Apple has long played a game of cat and mouse with the developers of jailbreak tools, constantly amending the code of its mobile operating systems to prevent people from unlocking their iPhones and iPads.
In an ongoing spat with Corellium -- a company which virtualizes iOS for use by security researchers -- Apple has amended the lawsuit it brought against the company this summer saying the tools it produces infringe on copyright. Corellium has responded with an open letter saying that Apple's line of attack "should give all security researchers, app developers, and jailbreakers reason to be concerned".
JPMorgan Chase is to enforce stricter security measures, banning third-party fintech apps from accessing customer passwords.
The existing method of data sharing provides -- with permission -- numerous apps with access to customers' bank accounts, but concerns have been voiced about the possible dangers. No timetable has been set out, but the American finance giant intends to use a token-based system that will provide third parties with access to "a narrow range of data in a secure form".
Windows 7 users will still get updates to Microsoft Security Essentials when the OS is out of support
It's now mere weeks until Windows 7 is no longer supported by Microsoft. When January 14, 2020 rolls around, the end date for support will have been reached, and Microsoft is keen for people to upgrade to Windows 10 to avoid having insecure computers that don't receive updates.
But not all security updates are being dropped. Having previously said that Microsoft Security Essentials would no longer receive updates when Windows 7 support ends, the company has indicated that updates will in fact continue to be released.
Email is suffering an identity crisis. Email’s core protocols make no provisions for authenticating the identities of senders, which has resulted in a worldwide spearphishing and impersonation epidemic, leading to billions of dollars in monetary losses, security mitigation costs, and brand damage. As a result, email security will be a central theme in the new year, both as a source of threats as well as an increasingly urgent issue for cybersecurity professionals to address.
In 2020, we will see email security prove itself to be a weak link in election security as well as corporate security. At the same time, Domain-based Message Authentication, Reporting and Conformance (DMARC) will gain popularity across several industries, driven both by the need to eliminate domain spoofing, and by the desire for brands to take advantage of Brand Indicators for Message Identification (BIMI), a new standard that requires DMARC. Email authentication works -- but it’s up to domain owners to take advantage of it. Increasingly they will do so, as they realize that a failure to proactively defend their domains can leave them vulnerable to convincing exploits from cybercriminals.
Advanced persistent threats (APTs) have become aggressive in their attempts to breach organizations’ networks. These malicious actors look to gain unauthorized access to infrastructures for prolonged periods of time so that they can perform various acts including mining and stealing sensitive data. Their ability to evade conventional security measures have allowed them to cause costly data breaches against many businesses.
Hackers have even found ways to intensify their malicious activities. According to an Accenture report, threat actors and groups have now teamed up to conduct targeted intrusions and spread malware. Among them are financially motivated groups such as the Cobalt Group and Contract Crew. These increasing cyberattack threats have prompted companies to toughen up their security. Gartner estimates that security spending will grow to $170.4 billion in 2022.