Tech Talk: Cybercrime, facial recognition, identity fraud, and more!

• New bill targets crypto money laundering
• FIs must collaborate to beat identity fraud
• Combatting fraudsters is a ‘cat-and-mouse’ game
• Facial recognition: A top challenge/opportunity for ATMs
• Embedded finance to fuel SMB ambitions
• Turn ecosystem banking turns into real-time intelligence
• Charges, arrests over multi-million-dollar cybercrime schemes
• CFPB proposes registry of nonbank lawbreakers
• Banks might dump Zelle due to fraud refund scheme
• Spam, Scams & Breaches
• Updates, Patches & Alerts
• and on the lighter side...

New bill targets crypto money laundering
Sen. Elizabeth Warren on Wednesday announced bipartisan legislation to crack down on cryptocurrency money laundering with a bill called the Digital Asset Anti-Money Laundering Act of 2022. CNET has the details.

FIs must collaborate to beat identity fraud
In 2021, adults 60 and older were nearly five times as likely as their younger counterparts to report losing money to a technology support scam and twice as likely to report losses to a prize, lottery or sweepstakes scam. The “Digital Identity Tracker®” explores how firms use digital identification to slow online fraud and mitigate the harm it causes. PYMNTS.com has the details.

Combatting fraudsters is a ‘cat-and-mouse’ game
Fraudsters attempt to scare or help customers through scams, one of the techniques they use is what Zwijnenberg, chief information security officer at ING, calls “social engineering”. The bank aims to educate customers about the different methods that scammers use so they can avoid them. Finextra has the details.

Facial recognition: A top challenge/opportunity for ATMs
Although banks are beginning to adopt facial recognition at ATMs, the technology still has to overcome customer's distrust. Facial recognition is not a thing we only see in science fiction movies anymore. It has already found its way into our lives and considering the growing popularity of self-service equipment reliant upon its use, it's important to discuss the matter of its responsible use. ATM Marketplace has the details.

Embedded finance to fuel SMB ambitions
Efficiency is the name of the game when it comes to digital payments. Merchants expect digital payments from their customers to be processed swiftly and seamlessly, and to have the money in their accounts without any complications on the front or back end. PYMNTS.com has the details.

Turn ecosystem banking turns into real-time intelligence
As corporations rationalize the number of accounts they hold, demand greater visibility, and look to new providers for functions like virtual account management, banks need to step up their digital transformation efforts. Here, we look at the risks and rewards for banks looking to rethink their corporate proposition. Finextra has the details.

Charges, arrests over multi-million-dollar cybercrime schemes
The US Department of Justice has announced the arrest of four individuals for their alleged roles in a fraud scheme targeting businesses, banks, and individuals. As part of these attacks, the defendants targeted employees in charge of making payments on behalf of their businesses with fraudulent email messages that asked them to make wire transfer payments to bank accounts under the attackers’ control. SecurityWeek.Com has the details.

CFPB proposes registry of nonbank lawbreakers
A regulator has proposed creating a registry of nonbank financial lawbreakers to detect “repeat offenders.” A central repository of such nonbanks would allow the CFPB to track and mitigate the risks posed by repeat offenders, monitor all lawbreakers subject to agency and court orders, and share this information with other regulators and law enforcement agencies, according to the press release. PYMNTS.com has the details.

Banks might dump Zelle due to fraud refund scheme
Banks may choose to drop partnerships with instant payments apps, like Zelle, if they have to reimburse scam victims. The seven banks that own Zelle recently launched a plan to reimburse scam victims if the scammer is pretending to be a bank employee, according to a report by Washington Post. ATM Marketplace has the details.

Spams, Scams, and Breaches

• SecurityWeek.Com: Email Hack Hits 15,000 Business Customers of Australian Telecoms Firm TPG
• Tech Republic: Iranian State-Aligned Threat Actor Targets New Victims
• Dark Reading: API Flaws in Lego Marketplace Put User Accounts, Data at Risk
• Help Net Security: How companies can avoid costly data breaches
• Tech Republic: Improper Password Manager Use Opens Vulnerabilities to Identity Theft
• Dark Reading: CSAF Is the Future of Vulnerability Management
• Help Net Security: OPSWAT MetaDefender Cloud Email Security protects users against zero-day threats
• Tech Republic: Recognize the commonalities in ransomware attacks to avoid them
• PYMNTS.com: Ransomware Groups Target Public Companies
• SecurityWeek.Com: Rackspace Hit With Lawsuits Over Ransomware Attack
• PYMNTS.com: Responding To Flourishing Instant Payments Fraud
• Dark Reading: Rash of New Ransomware Variants Springs Up in the Wild
• TechCrunch: Ransomware gang caught using Microsoft-approved drivers to hack targets
• Tech Republic: Business email compromise attacks now targeting via SMS messages

Updates, Patches, and Alerts...

• US-CERT: Current Activity
• SecurityWeek.Com: New Python-Based Backdoor Targeting VMware ESXi Servers
• PCWorld: Update Windows now to patch this under-attack vulnerability
• SecurityWeek.Com: VMware Patches VM Escape Flaw Exploited at Geekpwn Event
• Naked Security: Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
• SecurityWeek.Com: NSA Outs Chinese Hackers Exploiting Citrix Zero-Day
• Naked Security: Apple patches everything, finally reveals mystery of iOS 16.1.2
• SecurityWeek.Com: Adobe Patches 38 Flaws in Enterprise Software Products
• TechCrunch: NSA says Chinese hackers are exploiting a zero-day bug in popular networking gear
• SecurityWeek.Com: ICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in Switches
• Dark Reading: Google Launches Scanner to Uncover Open Source Vulnerabilities
• SecurityWeek.Com: High-Severity Memory Safety Bugs Patched With Latest Chrome 108 Update
• Dark Reading: Apple Zero-Day Actively Exploited on iPhone 15
• SecurityWeek.Com: CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks
• Help Net Security: December 2022 Patch Tuesday forecast: Fine-tuning the connectivity
• SecurityWeek.Com: Over 4,000 Vulnerable Pulse Connect Secure Hosts Exposed to Internet
• SecurityWeek.Com: Cisco Working on Patch for Publicly Disclosed IP Phone Vulnerability
• SecurityWeek.Com: Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw
• Help Net Security: State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518)
• SecurityWeek.Com: Apple Patches Zero-Day Vulnerability Exploited Against iPhones
• CNET: Apple's Released iOS 16.2: Here's What's New in It
• SecurityWeek.Com: Security Firms Warn Microsoft of Signed Drivers Used to Kill EDR, AV Processes
• Dark Reading: Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update
• SecurityWeek.Com: SAP's December 2022 Security Updates Patch Critical Vulnerabilities

See what other current hot cyber and technology topics affecting financial institutions BOL users are discussing in the Technology Forum.

And on the lighter side...

No humor this week. Just some tech gadgets for 2022 that might find their way under a Christmas tree this year.