Many consumers have shifted their banking and investment transactions to the time-saving apps on their phones. But along with convenience, a reliance on mobile devices has attracted scammers looking to steal information and assets. A growing type of fraud exploiting mobile phone usage is known as SIM swapping.
The term “metaverse” has attracted significant attention and curiosity in recent years from the media, entertainment and technology sectors. Though the term has no concrete definition, and interpretations may differ, the metaverse is generally viewed as the next evolution of today’s internet.
Companies that use Fortinet’s FortiManager product could be exposed to a remote, unauthenticated attacker executing arbitrary code or commands due to a critical product vulnerability (CVE-2024-47575), according to two recent alerts from the Cybersecurity & Infrastructure Security Agency (CISA).
n the event a Vendor misses transmission of TRACE data and would like to request retransmission, please follow the steps outlined on this page. Note: Only existing vendors can request retransmission of TRACE data.
On This PageResponsibilitiesFirm or Identity Provider (IdP)FINRA or Service ProviderIntegration RequirementsCertificate HandlingSupported ProtocolIdP Entity IdEmail DomainAuthentication FlowSAML2 Details SP MetadataNameId FormatBindingsAttributesSP Message Algorithms:GlossaryResponsibilitiesFirm or Identity Provider (IdP)The Identity Provider is responsible for ensuring accurate
FINRA requires firms to report short interest positions in all customer and proprietary accounts in all equity securities twice a month. All short interest positions must be reported by 6 p.m. Eastern Time on the second business day after the reporting settlement date designated by FINRA.See the schedule of reporting dates below.2024 Short Interest Reporting
On June 25, 2024, Progress Software released the MOVEit Transfer Critical Security Alert Bulletin (the Alert Bulletin) for CVE-2024-5806, a newly identified Critical Vulnerability, which was described as an Improper Authentication vulnerability in MOVEit Transfer, Secure File Transfer Protocol (SFTP) module and could lead to Authentication Bypass.
ONNX Store, a Phishing-as-a-service platform (PhaaS), is targeting Microsoft 365 (M365) accounts at FINRA member firms with an advanced social engineering attack known as quishing: a business email compromise (BEC) attack that uses QR codes in embedded PDF documents to redirect victims to phishing URLs.
LockBit, one of the most deployed ransomware variants in recent years, continues to impact organizations across the globe, including FINRA member firms. Since November of 2023, FINRA has received reports from several member firms related to cyber incidents allegedly perpetrated by LockBit. The reported incidents varied in severity from no impact to significant disruptions in firms’ business operations. As a result, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision Program is notifying firms of the increased activity of this threat actor to heighten awareness and visibility of this risk. CAU is also providing a compilation of resources that outline effective practices firms may consider in response to this elevated risk.
This notification warns member firms of an ongoing phishing campaign that began on or around Oct. 9 that involves fraudulent emails purporting to be from FINRA executives, in some instances containing a PDF attachment. These emails are not from FINRA, and firms should delete them and consider blocking their domains.
