The European Aviation Industry’s New Cybersecurity Rules

Europe has expanded its cybersecurity rules around airline flight safety. And for the first time, the requirements cover a range of companies in the aviation supply chain. 

WSJ Pro Cybersecurity reporter Catherine Stupp joins host Julie Chang to discuss the new rules and how companies are responding

Cybersecurity Experts on Edge Amid Ex-Uber Executive’s Trial

The trial of Uber's former head of security is being closely watched by cybersecurity professionals, who worry it could set a precedent for who is liable when a company is hacked. 

WSJ cybersecurity reporter Robert McMillan joins host Zoe Thomas to discuss the ins and outs of the trial and its wider ramifications.

The ongoing battle to beat the crypto thieves

The price of crypto currencies has plunged recently, but whatever the value of their investment, for digital asset holders, protecting their crypto from thieves is an ongoing problem. In March this year, hackers carried out one of the biggest cryptocurrency heists of all time and with cyber criminals increasingly wielding high-tech tools and techniques, in 2021 cryptocurrency theft grew by around 500 per cent over the previous year.

Former NSA Director on cybersecurity risks from Russia

Former head of NSA and U.S. Cyber Command Admiral Michael Rogers weighs in the risk of a Russian cyber-attack.

Who will secure the Metaverse - and how will they do it?

With the metaverse being talked up everywhere — even though the concept still seems to be a bit vague — concerns about safety have bubbled up, and you wouldn’t be along in wondering what cybersecurity challenges may come with it.

The metaverse, a concept of the next incarnation of the Internet, an immersive virtual 3D world connecting all sorts of digital environments, has been gaining a strong foothold in the media and has quickly become one of the hot topics in the digital landscape. You can even consider it as a new decentralized marketing ecosystem, characterized as social, live, and persistent, as it will contain a lot of user-generated content. It will also be easy to join and contribute to for hardware-agnostic users.

Just like in any other digital landscape where authentication plays a key role, cybersecurity will play a significant role in keeping the parties safe. No matter how sophisticated the technology and techniques of circumventing security measures will be, businesses will need to stay one step ahead of cyber criminals. So, the armaments race in cybersecurity that we’ve known for years will get even more intense.

And what will actually happen to the cheaters? Will they be sent to a sub-universe where they’re free to cheat where cheating is accepted as part of the rules? How will users in the metaverse be monitored to ensure any removal of possible illegal operations, morally corrupt conduct, and hate speech? By private companies themselves or by some governmental cyber-police?

There are a lot of open questions to be answered and certainly an interesting challenge for the metaverse community as well as the cybersecurity providers.

Find out more HERE. 

 

Triple Extortion Ransomware - What it is and how to prevent It

The global surge in ransomware attacks increased by 102% in 2021 compared to the beginning of 2020, and shows no sign of slowing down

The number of organizations impacted by ransomware globally has more than doubled in the first half of 2021 compared with 2020.

The healthcare and utilities sectors are the most targeted sectors while organizations in Asia Pacific are targeted more than any other region.

Since April, researchers at Check Point Research (CPR) have seen an average of over 1,000 organizations being impacted by ransomware every week.

Prominent attacks that have taken place at the end of 2020 and the beginning of 2021 point at a new attack chain – essentially an expansion to the double extortion ransomware technique, integrating an additional, unique threat to the process – that CPR calls the Triple Extortion. 

What is Triple Extortion? You can find out HERE.

A practical guide to Log4shell remediation

Log4Shell (CVE-2021 – 44228): is a zero-day vulnerability in Log4j, a popular Java logging framework. Log4j has left businesses and government officials scrambling to deal with the blatant cybersecurity threat to global computer networks. The bug disclosed recently could trigger potentially devastating cyberattacks spanning economic sectors and international borders, security experts say.

Leading researchers and technology companies have warned that hackers with links to foreign governments and ransomware criminal groups seek to exploit vulnerabilities in targets’ computer systems.

Find out more and what you should be doing HERE.

You can’t stop the ‘next SolarWinds’ — but you can slow it down

It was one of the biggest questions in cybersecurity of 2021, and it’s sure to remain on the minds of countless businesses into 2022, too: How do you prevent a software supply chain attack?

Such attacks have soared by 650% since mid-2020, due in large part to infiltration of open source software, according to a recent study by Sonatype.

But an even bigger driver of the question, of course, has been the unprecedented attack on SolarWinds and customers of its Orion network monitoring platform. In the attack, threat actors compromised the platform with malicious code that was then distributed as an update to thousands of customers, including numerous federal agencies.

Find out more, HERE. 

10 worst password snafus of 2021

Using strong and secure passwords is sound advice not just for your own personal accounts but for any accounts or services you use on the job. In fact, a weak password can create far more trouble for an organization that holds user data and other sensitive information. To show just how much trouble it can create, password manager Dashlane has unveiled a list of the worst password-related security incidents for 2021.

For its 2021's Worst Password Offenders list, Dashlane looked at the year's 10 worst security mishaps that involved hacked or stolen passwords. These fiascos show that advice about creating a strong password is still being ignored by too many individuals and too many organizations.

Read the full list HERE.

Conti Ransomware Gang Has Full Log4Shell Attack Chain

The Conti ransomware gang, which last week became the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain.

The sophisticated Russia-based Conti group – which Palo Alto Networks has called “one of the most ruthless” of dozens of ransomware groups currently known to be active – was in the right place at the right time with the right tools when Log4Shell hit the scene 10 days ago, security firm Advanced Intelligence (AdvIntel) said in a report shared with Threatpost on Thursday.

You can read the Threatpost story HERE.

Check for Log4j vulnerabilities with this simple-to-use script

If you're not certain whether your Java project is free from Log4j vulnerabilities, you should try this easy-to-use scanning tool immediately.

To find out what you should be doing check HERE.

Are Biometrics Replacing Passwords? Uncovering What Users Really Want (and Need)

Identity verification is integral to the secure use of digital platforms, many of which have become staples of consumers’ lives in recent years. But with so many authentication methods – from traditional passwords and usernames, to biometrics like face and fingerprint scans – it can be challenging to know just what consumers prefer from their apps and digital accounts, and how best to optimize these experiences from a merchant standpoint. In this virtual roundtable, PYMNTS Editor-in-Chief Matt Nesto hosts industry leaders to discuss this topic and more. Tune in.

“TOP READS OF THE WEEK” (for week 30 October to 5 November)

This is the final edition of TOP READS OF THE WEEK in this format.

However, you can still get all the top reads in banking, fintech, payments, cybersecurity, AI, IoT, risk management by reading / subscribing to the “Citadel Advantage News Digest”.

The Citadel Advantage News Digest is published at least twice a week with all the latest news on Banking, Fintech, Payments, Operations Risk and much, much more. Check it out!

Subscribe to our newsletter click HERE. Under the topmost item “Newsletter” click on “Start reading” to access.

In this weeks selection;

Top Reads

• Meta CEO Zuckerberg predicts the metaverse will be mainstream in 5-10 years
• Banks' green pledges under scrutiny
• What We Can Learn From The Sub-Saharan African FinTech Infrastructure
• Sorry, Mark. You Don't Own the Metaverse
• Starling CEO says open banking a flop: Other fintech chiefs beg to differ
• Citi makes COVID-19 vaccine mandatory for 65,000 US employees
• Regulator previews coming crypto, stablecoin policy
• Fintech Apps Still Depend on Old-School Banks to Move Money
• A Battle for Earth: 5 Ways IoT Can Help Save Our Planet
• Elon Musks Lessons In Business Scaling
• The advantages of an AI/ML-enabled search engine for FDA records
• UK regulators warn financial sector still failing to account for key climate risks
• Protecting The United States' Critical Infrastructure From Cyberattacks
• Global rule maker created for ESG disclosure standards
• Pandora Papers highlight the importance of PEP checks as part of AML armoury

From our Blog

• The Great Resignation: Why Millions Of Workers Are Quitting
• Facebook Name Change Signals High-Stakes Race for 'Metaverse'
• China's Race for AI Supremacy
• Understanding and Responding to Bribery & Corruption Red Flags
• See what three degrees of global warming looks like
• The Cost to Reduce Global Warming? $131 Trillion Is One Answer

“TOP READS OF THE WEEK” (for week ending 22 October)

This week’s top reads in banking, fintech, payments, cybersecurity, AI, IoT, risk management and much more

In this weeks selection;

Top Reads

• What is Google FLoC and How Does It Affect Your Privacy
• Facebook's Novi launches digital currency wallet pilot
• Is ethical banking a thing?
• 4 Women-led Crypto Projects That Are Driving the Blockchain Industry
• Broadcom Software's Symantec Threat Hunter Team discovers first-of-its-kind ransomware
• SEC Revives Proposal to Claw Back Executive Pay
• The surge of fintech in South America
• Forensics Monitoring Is Blockchain’s New Sheriff
• Essential Aspects of Cloud Compliance for Financial Services
• Amex will let employees work wherever they want one month a year
• Supply-Crunch Inflation Gives Central Banks an Unfixable Problem
• Treasury goes into damage control on bank data reporting
• Ransomware summit takeaways: Pledges to disrupt safe havens, money laundering
• No profit worries? Earnings week still served up drama
• What Emerging American Legislation Means for Crypto Assets and CBDCs
• Deutsche Bank’s ESG executive slams industry’s greenwashing practices
• These are the top 10 tech trends that will shape the coming decade, according to McKinsey
• 8 security and risk management trends to watch: Gartner
• Is PayPal pining for Pinterest?
• 3 Reasons Financial Institutions Can't Let Mergers Stall Innovation

From our Blog

• Three ways to make better decisions - by thinking like a computer
• China’s Silicon Valley is Hiding a $30 Billion Fortune
• How to Plan and Implement an Ethics & Compliance Risk Assessment Program
• Podcast “American Kleptocracy”
• China's Xi Dials Back Economic Overhaul
• Is China's economic model broken?

“TOP READS OF THE WEEK” (for week ending 15 October)

This week’s top reads in banking, fintech, payments, cybersecurity, AI, IoT, risk management and much more

In this weeks selection;

Top Reads

• Analysts pin Google retail bank U-turn on fears of higher regulatory scrutiny, low profitability
• JPMorgan Chase joins UN's Net-Zero Banking Alliance
• Why Chatbots Fail in Banking
• We may visit you at home, British financial watchdog warns bank staff
• SocGen to Cut 3,700 Jobs as Part of Domestic Retail Merger
• Crypto Could be in Trouble after China Declares all Crypto Transactions Illegal
• Two Key Digital Payments Trends in the Post-COVID World
• Capgemini’s World Payments Report 2021
• Are NFTs a Money Laundering Gold Mine?
• From tech tool to business asset: How banks are using B2B APIs to fuel growth
• Will massive outage set back Facebook's payments plans?
• 15% minimum global corporate tax faces obstacles: Tax Foundation
• U.S. SEC opens inquiry into Wall Street banks' staff communications -sources
• What's next for banks that partnered with Google now that the tech giant has scrapped its checking-account push
• How to Explain NFTs to People Who Think Theyre Just JPEGs
• Is Apple Pay Secure? - Platform Security and Privacy Overview
• DeFi Glossary 2021: Pretend You Know What is Going on
• AI Is No Match for the Quirks of Human Intelligence
• Credit-card firms are becoming reluctant regulators of the web
• Cyberattack on Ukraine grid: here's how it worked and perhaps why it was done
• Analysts pin Google retail bank U-turn on fears of higher regulatory scrutiny, low profitability
• IoT: Beyond Alexa
• ISO 20022 just one of the key steps towards cross-border payments interoperability
• PayPal takes stake in Latam SPAC

From our Blog

• How to Plan and Implement an Ethics & Compliance Risk Assessment Program
• Bitcoin Miners Tap Hydropower as Environmental Criticism Grows - WSJ
• Podcast “American Kleptocracy”
• Malinvestments, When Your Eyes Are Bigger Than Your Stomach
• Evergrande Woes Spread to China’s $12 Trillion Local Market
• 3 Major Questions Around Evergrande's Debt And China's Economy That Remain Unanswered

“TOP READS OF THE WEEK” (for week ending 8 October)

This week’s top reads in banking, fintech, payments, cybersecurity, AI, IoT, risk management and much more

In this weeks selection;

Top Reads

• Card critics call for credit routing scrutiny
• Visa Unveils UPC for Blockchain
• Google abandons plans to offer Plex checking accounts
• How Do I Get a Job in Crypto? Postings in Industry on the Rise
• Open Banking is finally here … it’s only taken 30 years!
• Digital bank fined by regulator due to weak anti-money laundering controls
• How AI is transforming the world of finance
• How to be cyber smart
• EC preps antitrust charge over Apple NFC chip access
• Neobank Alternative: Building a Hybrid Digital-First Bank from Scratch
• Your Dev Skills Deserve Recognition, so Hack the Email of Your Boss
• Richer data poised to become the pre-condition for cross-border payments to thrive
• JPMorgan stiffens vaccination policy
• Top global companies falling short in protecting domain security
• Companies Want FASB to Focus on Crypto, ESG-Related Rule Making
• Bitcoin, ‘Green’ Details Are Most-Requested Accounting Fixes
• Why You Should Quit Social Media Permanently
• What would persuade bank holdouts to share customer data?
• Spat erupts over postal banking pilot
• Parents’ Ultimate Guide to Cybersecurity
• BIS GM issues Facebook stablecoin warning
• Why Windows 11's security is such a big deal
• Why CEOs become communication chiefs after a cyberattack
• Companies expect surge in health care costs in 2022

From our Blog

• How to Plan and Implement an Ethics & Compliance Risk Assessment Program
• Tesla Prepares for Wider Release of Its Driver-Assistance Software
• How do carbon markets work? -The Economist
• Visa is working on a universal payment channel
• What China’s New Data Rules Mean for Tesla and Other Auto Makers
• Flags of Convenience - Bribe, Swindle or Steal Podcast
  

“TOP READS OF THE WEEK” (for week ending 1 October)

This week’s top reads in banking, fintech, payments, cybersecurity, AI, IoT, risk management and much more

In this weeks selection;

Top Reads

• The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous
• Jamie Dimon says 'you're a fool' if you borrow to buy bitcoin, and that he wouldn't care if its price increased 10 times
• U.K. Investment Banks Pay Women 56% of What Male Colleagues Make
• US extradites highly-prized hacker back to Russia
• What Does Bitcoin Mean for the Payment Industry of El Salvador?
• Should Your Web History Impact Your Credit Score? The IMF Thinks So
• Big Tech CEO Insider Trading During the First Half of 2021
• SEC chair Gensler worried ‘people will be hurt’ without crypto and SPAC regulations
• Visualizing the Rise of Cryptocurrency Transactions
• New York Fed researchers design climate stress test for banks
• Lazard associates are now the highest paid on Wall Street after a pay bump raises the base salary to $200,000
• Don't hold your breath for a US CBDC
• AB InBev CFO: 'You can't hide when a pandemic hits'
• Swedish university fined $66,000 for GDPR violations
• Fintech and Banking Software Firm Velmie Launches FX and Cross-Border Transfer Service in Middle East
• 4 Tech-Driven Forces That Could Bulldoze Banks Off the Map
• Mastercard to launch new BNPL service
• Wells Fargo fined $37.3M to settle DOJ foreign-exchange case
• New York Fed researchers design climate stress test for banks
• Bank Mergers Are On Track to Hit Their Highest Level Since the Financial Crisis
• Microsoft warns of new credential-stealing backdoor from SolarWinds threat actor
• In first, Japan names China, Russia and North Korea as cyberattack threats
• WhatsApp to help rural, cooperative banks accelerate digital banking adoption
• How Yahoo Built a Culture of Cybersecurity
• Central banks and the BIS explore what a retail CBDC might look like
• What China’s new data privacy law means for US tech firms

From our Blog

• How to Plan and Implement an Ethics & Compliance Risk Assessment Program
• The Frequency of Payroll Payments at U.S. Small Businesses
• What China’s New Data Rules Mean for Tesla and Other Auto Makers
• Flags of Convenience - Bribe, Swindle or Steal Podcast
• Why China’s Evergrande Has Global Markets on Edge

“TOP READS OF THE WEEK” (for week ending 24 September)

This week’s top reads in banking, fintech, payments, cybersecurity, AI, IoT, risk management and much more

In this weeks selection;

Top Reads

• Fed won't go it alone on CBDC
• There are new scams on mobile payment apps—and teens aren’t immune
• Companies must develop operational plan for ransomware recovery
• After 400 attacks, feds warn of Conti ransomware
• BlackRock losing 'patience' on pace of corporate ESG disclosure
• Deutsche Bank Explored Wells Fargo Custody Deal Before Fed Snub
• Credit Suisse charges investors to prop up Greensill Capital
• After years of being 'squeaky clean,' the Federal Reserve is surrounded by controversy
• U.S. cash payment kiosks rise despite digital age
• Companies must develop operational plan for ransomware recovery
• Corporate credit rebounds from record slump: Fitch
• The beguiling promise of decentralised finance
• Opinion | Do We Need to Shrink the Economy to Stop Climate Change?
• Record $15 Billion SPAC Merger Just Happened For A Technology You've Never Heard Of
• NY Fed vice president urges industry to move faster on Libor transition
• Funding for fintechs: patterns and drivers
• Recently reported Microsoft zero-day gaining popularity with attackers, Kaspersky says
• Finance industry warns against 'unnecessarily restrictive' crypto capital rules
• How buy now, pay later became a $100 billion industry
• Banks Oppose Strict Basel Rules Targeting Cryptocurrencies
• Trump Organization CFO appears before New York Supreme Court
• Forward Thinking on artificial intelligence with Microsoft CTO Kevin Scott
• EBA paves the way for tighter scrutiny of digital platforms
• US government ready to roll out the big guns against crypto ransomware payments
• In era of quick-fire bosses, Wall Street embraces the 'forever CEO'
• Web hosting cybersecurity concerns

From our Blog

• The Evergrande Crisis Intensifies
• The Inside Story of the Ship That Broke Global Trade
• Ray Dalio on Evergrande, China, Bitcoin and the Fed
• Evergrande - A Simple Explanation And Thoughts from the "Uneducated Economist"
• Cybercrime Rising on Telegram? & SEC Seeks Crypto Regulation

“TOP READS OF THE WEEK” (for week ending 17 September)

This week’s top reads in banking, fintech, payments, cybersecurity, AI, IoT, risk management and much more

In this weeks selection;

Top Reads

• At Fault or Default? Lessons in Leadership We Can Learn from the Collapse of Kabul
• JPMorgan's UK digital bank set to launch Tuesday
• IOSCO calls on asset managers and intermediaries for stronger AI and ML processes
• Pandemic-led AP workarounds unfit for future of hybrid working, adviser warns
• McKinsey on Risk, Number 11, August 2021
• 8 Helpful Everyday Examples of Artificial Intelligence
• How do Mid-Sized banks compete with Fintech
• Bank of America to scrap CMO role after top marketer leaves this year
• JPMorgan to buy majority stake in Volkswagen's payments business
• 'Big game hunters': Ransomware groups target their perfect victim
• Bank of America names new CFO, adds 3 women to senior management
• Eight Emerging Technologies That Are Shaping FinTech Industry In 2021
• Gartner: AI is moving fast and will be ready for prime time sooner than you think
• Alipay break-up is power grab by China's government
• Apple releases emergency patch to protect all devices against Pegasus spyware
• Advantages and Disadvantages of Artificial Intelligence: How To Use AI in Your Business
• FiVerity: The Outsized Value Of Collaboration In The Fight Against Cyber Fraud
• WFH is a cybersecurity "ticking time bomb," according to a new report
• Banks delay return to office as delta variant surges
• Boards rethink incident response playbook as ransomware surges
• Cryptocurrency Payment Gateways to The Future
• How Digital Transformation Is Revolutionizing Digital Finance
• Crypto Kid Fraudster Gets 7 1/2-Years for Ponzi Scheme
• U.S. cash payment kiosks rise despite digital age

From our Blog

• Apple’s Big September News - iPhone 13, Apple Watch Series 7 and iPad Mini
• Hundreds of iPhones Are in ‘Ted Lasso.’ They’re More Strategic Than You Think
• China Seeks to Break Up Alipay, Separate Loan Business
• Why Your Uber and Lyft Rides Are So Expensive

“TOP READS OF THE WEEK” (for week ending 10 September)

This week’s top reads in banking, fintech, payments, cybersecurity, AI, IoT, risk management and much more

In this weeks selection;

Top Reads

• Amazon takes Visa battle to Australia
• Regulators Investigate Crypto-Exchange Developer Uniswap Labs
• SPAC IPOs plunged 87% during Q2 amid tougher SEC scrutiny
• The SEC Is Serious About Cybersecurity. Is Your Company?
• What Traditional Banks Can Learn From Fintech Apps’ Explosive Growth
• One size does not fit all: the Rubik’s Cube of banking
• Cross-border payments set to soar as the world begins to emerge from lockdown
• Developing Real-Time Payment Capabilities
• The future of payments in the Middle East
• The Latest Trends in Artificial Intelligence (AI) and Machine Learning (ML)
• WhatsApp fined $235,000 by Turkey over alleged data breach
• 97% of Banks Miss These 9 Broken Journeys
• Crypto’s Rapid Move Into Banking Elicits Alarm in Washington
• Bitcoin Faces Big Test as El Salvador Makes It Legal Tender
• FinTech–shaping the future for the better (Part-II)
• Wallets Are Over. Your Phone Is Your Everything Now.
• SEC fines Kraft Heinz $62M, says procurement misled finance team
• After years of inaction against adtech, UK’s ICO calls for browser-level controls to fix ‘cookie fatigue’
• Amazon takes Visa battle to Australia
• What ransomware negotiations look like
• Remote workers complicate CFOs' state sales tax compliance
• Top Performing Artificial Intelligence (AI) Companies of 2021

From our Blog

• What El Salvador's Bitcoin Experiment Looks Like
• What are the Potential Pitfalls for Merchants Offering BNPL?
• Apple Store vs. Repair Shop: What the Right to Repair Is All About
• SEC sets its sights on the crypto “Wild West”
• Why China’s Tough Stance on Crypto Mining Is a Boon for Miners Elsewhere...