Security news aggregator

Latest coverage for Finance

Stay secure in the finance sector. Explore the latest in financial cyber security news, trends, and best practices to protect valuable assets and data.

10 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Finance covers the institutions, markets, and services that move, store, lend, invest, and insure money. Its distinctive assets include customer identities, account balances, payment instructions, trading positions, claims, and confidential business data. Operations depend on core banking and ledger systems, payment networks, market-data feeds, identity services, and external processors or cloud providers. Integrity and availability are especially important: an unauthorized change to beneficiary or settlement data can cause direct loss, while an outage can interrupt payments or trading and complicate time-sensitive reconciliation.

Security work therefore focuses on online banking and trading interfaces, APIs, privileged access, credentials, and third-party connections. Useful controls include phishing-resistant multi-factor authentication, least privilege, transaction signing or approval separation, encryption, tamper-evident logging, and anomaly monitoring. Privacy protections apply to personal and financial information; PCI DSS is relevant where payment-card data is handled, alongside jurisdiction-specific financial rules. Vulnerability management should prioritize internet-facing and legacy systems, while incident response needs capabilities to contain fraudulent transactions, preserve evidence, reconcile ledgers, and restore trusted service through tested backups or failover.

Showing 10 most recent headlines Filtered view

Officials Warned New Models Could Accelerate Cyber Risks Faster Than RulesGlobal finance officials meeting in Washington warned that advanced artificial intelligence models could expose structural weaknesses across banking and payment systems, speeding vulnerability discovery and cyber exploitation faster than regulators can build guardrails.

Bank of America, Citi and Goldman Anchor Partner Cohort for OpenAI's GPT-5.4-CyberOpenAI's Trusted Access for Cyber program prioritizes financial institutions to drive adoption of GPT-5.4-Cyber in regulated environments, highlighting a split with Anthropic’s developer-centric, tech-heavy partnerships and raising questions about partnership value and data-sharing models.

Bank Info Security 3 months ago

Stryker Hack Affects First Quarter Results

Stryker Has Said It Doesn't Carry Cyber insuranceStryker notified regulators that its March cyberattack will impact the medtech maker's first quarter financial results. The company also does not appear to have a cyber insurance policy in place to help cover costs associated with the disruptive incident claimed by Iranian hackers.

A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors

Fraud Expert Ken Palla on Why Detection Controls Still Lag BehindFraud continues to climb even as banks invest heavily in detection tools and analytics. The gap between technology spending and fraud losses reflects a deeper issue in how financial institutions approach scam prevention, says Ken Palla, retired director at MUFG Bank.

CEO Solomon Says Bank is Working with Anthropic, Vendors on ControlsGoldman Sachs CEO David Solomon said the bank is "hyper-aware" of the heightened capabilities of Anthropic's Mythos model, as it works with the firm and security vendors to harness its potential. His comments come amid concern over the model's ability to accelerate cyberattacks.

Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google's Discover feed and trick users into enabling persistent browser notifications that lead to scareware and financial scams