Attacks, Threats, and Vulnerabilities
MI5 warns of spies using LinkedIn to trick staff into spilling secrets (BBC News) The security agency says thousands of UK workers have been approached by spies using fake profiles.
Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass
Techniques and Pulse Secure Zero-Day (FireEye) This post examines new persistence and auth bypass techniques for Pulse Secure VPNs, which we've observed being used by one or more groups.
DoubleVerify Uncovers and Stops ‘OctoBot’ — Unprecedented CTV-Focused Fraud Scheme With Multiple Tentacles (GlobeNewswire News Room) DV confirms connection between seven large-scale fraud schemes that began operating 18 months ago, defrauding digital advertisers out of $Millions/month...
Codecov hackers breached hundreds of restricted customer sites: sources (Reuters) Hackers who tampered with a software development tool from a company called Codecov used that program to gain restricted access to hundreds of networks belonging to the San Francisco firm's customers, investigators told Reuters.
Vulnerability Spotlight: Remote code execution vulnerabilities in Cosori smart air fryer (Cisco Talos) A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Malware That Spreads Via Xcode Projects Now Targeting Apple's M1-based Macs (The Hacker News) Hackers have retooled an Xcode malware campaign to work with Apple's new M1 chips and steal data from cryptocurrency apps.
PR Campaign: Babuk Ransomware Gang Claims Decryptor Repaired (GovInfo Security) The Babuk ransomware gang launched a public relations campaign Saturday, posting a message on its website saying it had repaired a defect in the decryptor it
Malvertisers hacked 120 ad servers to load malicious ads (The Record by Recorded Future) A malvertising operation known under the codename of Tag Barnakle has breached more than 120 ad servers over the past year and inserted malicious code into legitimate ads that redirected website visitors to sites promoting scams and malware.
Tag Barnakle One Year Later: 120+ More Revive Adserver Hacks (Medium) A year ago, we published a comprehensive disclosure that introduced Tag Barnakle, a threat actor whose specialty is the mass compromise of…
WhatsApp Spying Site Blames WhatsApp for Letting It Spy (Vice) A WhatsApp tracking site marketed to catching suspected cheating spouses blames WhatsApp for facilitating the service with its always-on online status feature.
Recent Chromium bug used to attack Chinese WeChat users (The Record by Recorded Future) A Chrome exploit published online last week has been weaponized and abused to attack WeChat users in China, a local security firm reported on Friday.
MI5 warns of spy threat from professional networking sites (Digitpatrox) Over 10,000 British nationals have been focused on-line prior to now 5 years by hostile states resembling China, as overseas spies more and more
Serious Security: Rowhammer is back, but now it’s called SMASH (Naked Security) Simply put: reading from RAM in your program could write to RAM in someone else’s
NitroRansomware Asks for $9.99 Discord Gift Codes, Steals Access Tokens (BusinessWire) The malware seems like a silly coding lark at first, but further exploration shows it can wreak serious damage in follow-on attacks.
Geico admits fraudsters stole customers’ driver’s license numbers for months (TechCrunch) The auto insurance giant said it has fixed the website bug.
Geico discloses website bug that exposed driver's license numbers (The Record by Recorded Future) US car insurer Geico said it plugged a bug on one of its official websites that allowed threat actors to obtain customer driver's license numbers for more than a month.
Hackers stole driver's license numbers from Geico's website (Engadget) Geico has filed a data breach notice with the California attorney general’s office, admitting that fraudsters had stolen customers' driver's license numbers from its website.
Yet another data leak: One million credit cards of Domino's Pizza customers (Business Standard) Data is worth 13 terabytes and also includes 180 million orders with phone nos, emails, addresses, and payment details, says intelligence firm chief
Dutch telecoms firm KPN: no sign Huawei has improperly monitored users (Reuters) Dutch telecoms company KPN NV said on Monday that equipment supplier Huawei had not to its knowledge improperly monitored any of its mobile users, following a newspaper story that alleged a 2010 consultants' report had flagged such a risk.
Durham Region needs to be more transparent about cyberattack, says Durham College professor (Toronto Star) A Durham College professor is concerned about Durham Region's handling of a recent cyber security breach.
Business security kit used for cyberattack on Highlands university (Times) A security toolkit used in industry was adapted for a ransomware attack on a Scottish university, cybersecurity professionals have confirmed.Cobalt Strike, which helps researchers conduct penetration
Campus Still Closed as Portsmouth University Reels from Ransomware (Infosecurity Magazine) Campus Still Closed as Portsmouth University Reels from Ransomware. Planned start to the new term is delayed after cyber-attack
Trends
Q1 Vulnerability Roundup (Digital Shadows) As teams work to monitor and protect their attack surface, we looked at the top five events and trends emerging in the vulnerability landscape today.
A-LIGN’s First Annual Compliance Benchmark Report Reveals Compliance Programs Overwhelmingly on Track Despite Pandemic (A-LIGN) 85% of Respondents Completed Their Planned Audits or Assessments, While Highlighting New Opportunities and Challenges for Compliance Teams.
Cyber Security Spending has Risen Over the Last Year to $2.6m per US Firm, Reveals Hiscox (Hiscox) Hiscox®, the international specialist insurer, reveals that US businesses’ cyber security spending is on the rise and they are leaders in cyber expertise, but still have more work to do when it comes to ransomware and phishing emails.
Cyber Attacks on the Rise for Businesses, Pushing Many to the Brink: Hiscox (Insurance Journal) The proportion of businesses targeted by cyber criminals in the past year increased from 38% to 43%, with over a quarter of those targeted (28%)
Mimecast Report: 61% Of Organizations Were Infected With Ransomware In 2020 (Mimecast) Annual “The State of Email Security” report also finds 79% suffered disruption or financial loss due to cyber preparedness shortcomings
Hackers Used to Be Humans. Soon, AIs Will Hack Humanity (Wired) Like crafty genies, AIs will grant our wishes, and then hack them, exploiting our social, political, and economic systems like never before.
Ransomware attacks on SMBs drop but became more vicious - Kaspersky (Manila Bulletin) While ransomware attacks against small and medium-sized businesses (SMBs) in the Philippines dropped over 15 percent in 2020, the threat has become more targeted and malicious, according to the latest Kaspersky Security Network (KSN) report.
Globally, the Philippines ranked number 50 in term
Why the Chip Shortage Is So Hard to Overcome (Wall Street Journal) Semiconductor producers are trying to increase output by changing manufacturing processes, opening spare capacity to rivals and swapping over production lines. But the small gains are unlikely to fix the shortfalls hampering production of everything from cars to home appliances to PCs.
Unemployment fraud attempts surge in Delaware and across the U.S. (Delaware Online) Delaware unemployment fraud attempts have risen sharply since the beginning of the COVID-19 pandemic.
23 Billion IoT Connections will Present New Threat Vectors and Generate US$16 Billion in IoT Security Revenues (ABI Research) New whitepaper highlights the vulnerabilities and opportunities of IoT security
Marketplace
Cybersecurity M&A Roundup for April 12-18, 2021 (SecurityWeek) Several cybersecurity-related acquisitions and mergers were announced in the week of April 12-18, 2021.
Mastercard buys digital identity firm Ekata for $850 million (ZDNet) The move will bolster Mastercard's digital identity and security platform and framework.
Performanta Makes Key Acquisition Of Identity Experts To Bolster Microsoft (MarTech Series) Performanta, a fast-growing global provider of managed cyber security services to enterprise customers, has today announced the acquisition of Identity Experts, a Microsoft Gold Security Partner and Identity & Access Management (IAM) specialist consultancy.
Grip Security Raises $6M from YL Ventures, CrowdStrike’s George Kurtz and Cybersecurity Luminaries to Revolutionize SaaS Security (BusinessWire) Grip Security, a startup revolutionizing SaaS security, today announced $6 million in seed funding led by YL Ventures with participation from CrowdStr
SAIC secures ~$200M Defense Intelligence Agency contract (SeekingAlpha) Science Applications International has been awarded a ~$200M ceiling ID/IQ contract to provide laboratory operations and support to the Defense Intelligence Agency.
Zoom launches $100M Zoom Apps investment fund (TechCrunch) When Zoom launched Zoom Apps and the Marketplace as a place to sell them last year, it was a big signal that the company wanted to be more than just a popular video conferencing application. It wanted to be a platform, which developers could use to build applications on top of Zoom. Today the compa…
iboss Closes Q1 with Record Growth after Successful Execution of Globa (PRWeb) iboss, the leading Secure Access Service Edge (SASE) cloud security provider, today announced it has seen tremendous growth over the first quarter in 2021. Since rai
Satori Selected as Finalist for RSA Conference 2021 Innovation Sandbox Contest (GlobeNewswire) Satori Recognized for Revolutionizing Data Access, Security and Privacy
Leo Infocomm spins off distributor business to represent Zscaler across ASEAN (Channel Asia) Leo Infocomm has launched a new spin-off value-added distributor in the form of AZ Asia-Pacific, created with the aim of servicing Zscaler demand.
Regulatory crackdowns and power outages could end Bitcoin bull run (Verdict) Cryptocurrencies have enjoyed a boom during the pandemic. However, the Bitcoin bull run could soon stop as politicians plan to crack down on the sector.
7 Cybersecurity Stocks to Buy for Years of Growth (InvestorPlace) These cybersecurity stocks are leading toward a new era of risk and security management in tackling a variety of cyber threat actors
Accomplished Privacy Risk Management Professional Jamie Danker Joins Venable as Senior Director of Cybersecurity Services in Washington, DC (Venable) Venable LLP is pleased to announce that Jamie Dankerhas joined the firm as a senior director of cybersecurity services in the Washington, DC office. Ms. Danker combines her federal government and private sector experience to help clients build more trustworthy systems, products, and services through adoption of cybersecurity and privacy risk management practices.
Guy Carpenter Names Co-Heads of Cyber, Hiring Swiss Re's Cordonnier, Promoting Davis (Insurance Journal) Guy Carpenter & Co., the reinsurance brokerage business of Marsh McLennan, announced the appointment of Anthony Cordonnier as managing director and
Secret Double Octopus Hires New VP Of Global Sales (Mobile ID World) Secret Double Octopus will be looking to expand its customer base after bringing on Steve Laubenstein as its new VP of Global Sales
Intel 471 Adds its First Chief Information Security Officer and Names New Chief Marketing Officer (GlobeNewswire) Fueled by Increased Demand, Threat Intelligence Company Adds C-suite Cybersecurity Industry Veterans from Netenrich, RedSeal, CybelAngel and LookingGlass Cyber Solutions
Products, Services, and Solutions
Charlotte Douglas International Airport Selects Telos to Process Background Checks for Aviation Workers (Telos Corporation) Ashburn, Va. – April 20, 2021– Telos® Corporation (NASDAQ: TLS), a leading provider of cyber, cloud and enterprise security solutions for the world’s most security-conscious organizations, today announced that the City of Charlotte has contracted with Telos to provide Transportation Security Administration (TSA)-approved Designated Aviation Channeling (DAC) services for processing worker background checks at Charlotte Douglas International... Read more
ThreatQuotient Sponsors ASRG to Enable Cyber Threat Intelligence Sharing Across the Automotive Industry (BusinessWire) ThreatQuotient sponsors ASRG bringing threat intelligence sharing to the automotive industry with their ThreatQ threat intelligence platform
StorCentric Announces QV1020 (Violin) StorCentric Announces QV1020 on the Violin QV-Series Platform Simple, Cost-Effective, High Performance, All-Flash NVMe Storage Entry Capacity Point with Best Price/Performance Ratio Enables Businesses of All Sizes to Achieve the Fastest Application Response Times and Increase Application Availability Sunnyvale, Calif., February 17, 2021 – StorCentric, a global enterprise leader in data management and reliable storage …
Pacific Medical Centers Selects Redspin to Prepare for DoD’s Cybersecurity Maturity Model Certification Assessment (BusinessWire) Redspin, a division of CynergisTek (NYSE AMERICAN: CTEK), announced that Pacific Medical Centers, a primary and integrated multi-specialty healthcare
DoD Contractors Leverage SteelCloud Technology to Automate CMMC Compliance (PR Newswire) SteelCloud LLC, a leading STIG and CIS compliance automation software developer, announced today that they now have a sixth contractor who has...
Advanced Cyberdefense US DoD’s CMMC Maturity Level 5 (ISACA) Advanced persistent threats (APTs) require that organizations respond with active and credible cyberdefenses.
Source Defense Partners with Prevalent to Extend Visibility into Third Party Web Vulnerabilities (PR Newswire) Source Defense, the market leader in client-side web security, today announced its partnership with Prevalent, the company that takes the pain...
Endeavor Energy Resources Continues to Modernize its Operations with Datadobi (BusinessWire) Datadobi announced today that Endeavor Energy Resources, L.P. has selected DobiMigrate.
IronNet: Cybersecurity With Network Effects (Seeking Alpha) IronNet is developing a new "collective defense" cybersecurity technology which if successful will have a compelling network effect.
Aruba Announces Edge-to-Cloud Security, Network Capabilities (eWEEK) At its recent Atmosphere event, Aruba announced new features to simplify the connection and security of the hybrid work environment
NEC delivers digital services platform to Australia’s largest prison (CRN Australia) Aruba-based system deployed at Clarence Correctional Centre.
Fugue Adds Google Cloud Support to its Multi-Cloud Security Platform (Fugue) Fugue, the company transforming cloud security to help organizations innovate faster, announced it has added support for Google Cloud to its multi-cloud security platform.
Red Balloon Security Introduces Expanded Portfolio of Embedded Security Solutions (BusinessWire) Red Balloon Security, the leader in embedded device security, today announced an expanded and customizable set of offerings for critical infrastructur
Guangqi Honda Chooses Radware for Cloud Native Protector Service (Radware) Radware®, (NASDAQ: RDWR) a leading provider of cyber security and application delivery solutions, announced today that Guangqi Honda, a renowned automobile enterprise, has chosen Radware’s Cloud Native Protector service to provide strong cloud security support for its network construction and business development.
Zscaler Advances Zero Trust Security Digital Business (Zscaler) Zscaler Advances Zero Trust Security for the Digital Business Disrupting Decades of Legacy IT Security and Networking Models
Armis and Eseye Provide Industry-First Synergy to Secure Connected Devices on Any Cellular Network (Armis) Armis and Eseye Provide Industry-First Synergy to Secure Connected Devices on Any Cellular Network Strategic partnership ensures devices connected to cellular networks globally are secure without deploying agents or additional hardware Palo Alto, CA and Guildford, UK – April 20, 2021 – Global connectivity specialist Eseye, and leading agentless device security platform provider Armis, today […]
Sift Streamlines Digital Trust & Safety Suite to Protect Merchants Against the Fraud Economy (StreetInsider.com) New features deliver more control, transparency, and connection to combat fraud and accelerate growth
Go Beyond Fraud Prevention (Sift) Your team is fighting more than just fraud. Safeguard the entire customer journey and streamline operations, and combat the Fraud Economy with Sift.
MITRE Engenuity Announces Results from Evaluating Enterprise Security Products Against Cybercrime Threats (MITRE Engenuity) ATT&CK® Evaluations Emulated Threats known as FIN7 and Carbanak McLean, VA, and Bedford, MA, April 20, 2021— MITRE Engenuity released its third round of independent ATT&CK Evaluations for enterprise cybersecurity products from 29 vendors. The MITRE Engenuity team’s mission is to drive cyber innovation for public good by helping government and industry combat security threats […]
Technologies, Techniques, and Standards
NATO tests its hand defending against blended cyber-disinformation attacks (CyberScoop) NATO nations have banded together in recent days to confront a simulated blended cyber and disinformation campaign aimed at a NATO member.
Have you been hacked? Google Chrome and other sites can help you find out (USA TODAY) Data breaches are common, but there are tools to find out if hackers have your password and how to fix it right away.
Strengthening Weakest Link: Healthcare Cybersecurity Starts, Ends with Employees (PRWeb) As healthcare organizations look for ways to cut costs, improve efficiency, centralize data, and boost employee productivity, many turn to cloud-based comput
Recognize signs of insider threat: Cyber expert (Business Insurance) Companies need to be aware of the signs of insider threat to address the issue, says a cybersecurity expert.
U.S. banks deploy AI to monitor customers, workers amid tech backlash (Reuters) Several U.S. banks have started deploying camera software that can analyze customer preferences, monitor workers and spot people sleeping near ATMs, even as they remain wary about possible backlash over increased surveillance, more than a dozen banking and technology sources told Reuters.
BioCatch Explains How to Spot Fraudsters Before they Commit a Crime (FindBiometrics) BioCatch explains how behavioral biometrics can help spot cybercriminals before they even try to initiate a fraudulent transaction
Sustaining IT resiliency in the face of a ransomware attack (Security InfoWatch) Determining whether your network is free from residual ransomware post-attack is extremely difficult
Cities get ransomware help from NLC partners (GCN) The National League of Cities is partnering with NuHarbor Security to bring Tenable and Splunk tools to under-resourced municipality security teams.
Design and Innovation
Google translation AI botches legal terms 'enjoin,' 'garnish' -research (Reuters) Translation tools from Alphabet Inc's (GOOGL.O) Google and other companies could be contributing to significant misunderstanding of legal terms with conflicting meanings such as "enjoin," according to research due to be presented at an academic workshop on Monday.
Research and Development
Quantum Computing — a threat to encryption? (Boxcryptor) This blog article addresses the questions of what impact quantum computers and the use of quantum computing have on current encryption methods and the benefits of developing such computers.
Academia
Naval Academy Champs Talk NSA’s NCX (Breaking Defense) The Midshipmen edged out other competitors in this year's virtual cyber competition to bring home the prestigious trophy. "I think the structure and dynamic of our team is what makes us so effective: We are completely student run, trained, and managed," Gallagher said.
7 respected degrees that will shape the future of national defense (We Are The Mighty) These 7 degree programs from American Military University were designed to help learners be better prepared to support their next mission.
Legislation, Policy, and Regulation
Bigger Than 2014: US Calls Out Russian Military Buildup Along Ukraine Border (Voice of America) The United States renewed concerns about Russian military maneuvers along its border with Ukraine, charging that Moscow has now massed more troops in the area than when it invaded and seized Crimea seven years ago.
Why Putin Threatens Ukraine (Breaking Defense) Ukraine has been the number one target of Putin’s new-age imperial ambitions. He has consistently refused to recognize the legitimacy of Ukraine’s independence, stating Ukraine is not a “real country” and that it will always be part of the “Russian world.”
Russia sanctioned over SolarWinds, election interference -- even as cyber espionage continues (GCN) The White House announced a range of sanctions against Russia, and security agencies warned of software vulnerabilities that Russian intelligence services are actively exploiting.
Great Power Cyber Party (War on the Rocks) Will we remember early 2021 as a key escalatory moment in offensive cyber operations? Three top experts join us to unpack the implications of two
Zoom Won’t Stop a Nuclear War (Foreign Policy) The red telephone is gone, but a new generation of nuclear hotlines is sorely needed to manage international crises.
The digital agenda: The European Union and the USA want to take stronger action against hacker attacks (Prudent Press Agency) After intense diplomatic silence during the Trump administration, the European Union and the United States are trying to collaborate once again on the
New Zealand ducks talk of Biden's ‘alliance of democracies’ to counter China (Washington Examiner) New Zealand is not in talks to join President Joe Biden’s desired “alliance of democracies” to manage threats from China, as the top Kiwi diplomat gave the relationship with Beijing a bill of “good health” in a major foreign policy speech.
New Zealand pushes aside Five Eyes to pursue closer ties with China (The Telegraph) South Pacific nation puts itself at odds with UK and others in intelligence-sharing network by pursuing closer ties to the Communist state
British media claims Five Eyes has 'become four' after Nanaia Mahuta's comments on New Zealand's position (Newshub) International media headlines have taken a simplistic view of the Kiwi Foreign Minister's position.
India tech startups urged to boost data security after breaches (Nikkei) Mobikwik hack reveals vulnerabilities, spurring central bank to tighten rules
CERT-In asks Indian Facebook users to enhance account privacy after global data leak (HT Tech) CERT-In said that Facebook has claimed that this 'data scraping' happened by using the "contact importer" feature of the platform, which allows users to find other users by using their phone numbers.
Fast-growing ZTE, free to buy US tech, is a nightmare for Biden (Light Reading) China's second-biggest network equipment maker is allowed to buy US technology and supply that to Chinese mobile operators, raising awkward questions for America's new president.
European Data Protection Board Publishes Opinions on European Commission’s Draft UK Adequacy Decision (cyber/data/privacy insights) The European Commission published on February 19, 2021 its draft decision granting data protection adequacy status to the UK under Article 45(3) of the GDPR. Once published, the European Commission submitted the draft decision to the European Data Protection Board for its review, which has just issu
Statement by Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger on SolarWinds and Microsoft Exchange Incidents (The White House) The Biden Administration convened two Unified Coordination Groups (UCGs) to drive a whole of government response to the SolarWinds and Microsoft Exchange
US government starts to scale back efforts to combat SolarWinds hack (Windows Central) Several government agencies have worked together as part of a coordinated effort to combat the SolarWinds hack. These joint efforts will be scaled back, and the government will return to "standard incident management procedures."
Return to normalcy as White House closes book on SolarWinds, Exchange (SC Media) Government response to the incidents provide some hope that an effective interagency system of cyber response could be resurrected.
White House stands down SolarWinds, Microsoft Exchange cyber response groups (GCN) The White House is suspending the two interagency groups tasked with managing the government's response to the cybersecurity incidents involving SolarWinds and Microsoft Exchange, citing improving trends in patching.
Feds Stand Down UCG ‘Surge’ Responses to Solar Winds, Microsoft Hacks (Meritalk) The Federal government is curtailing its “surge” response to the SolarWinds Orion and Microsoft Exchange hacks after seeing improvements in patching that have helped to remediate the impacts of the cyber attacks, the Biden administration said today.
The Cybersecurity 202: The Biden administration rolls out a 100-day plan to improve electric grid cybersecurity (Washington Post) The Biden administration is launching a 100-day plan to shore up the cybersecurity of the nation's electricity infrastructure, it is announcing today.
FCC to Focus Efforts on 5G, Software and Cloud Service Vulnerabilities (SecurityWeek) There are huge concerns over the security of 5G. Politically, those concerns focused on Huawei and its 5G equipment – but the security issues are more systemic.
FCC Re-Ups Expert Panel To Focus On Security Of 5G Network (Law360) An advisory panel featuring a wide-ranging group of telecom experts will soon be re-launched to counsel the Federal Communications Commission on pressing issues affecting next-generation wireless network and software security, the FCC's acting chief says.
Agencies on deadline to enroll security clearance holders in continuous vetting (Federal News Network) All agencies must enroll their national security populations in an initial set of continuous vetting capabilities by the end of fiscal 2021, defense and intelligence officials have said.
Litigation, Investigation, and Law Enforcement
Russian Security Vendor Positive Technologies Dropped From MAPP Member List (SecurityWeek) Russian cybersecurity vendor Positive Technologies responds to news of U.S. Treasury Department sanctions related to the Solarwinds breach.
UK intervenes in Nvidia's takeover of ARM on national security grounds (Yahoo) Britain said on Monday it would intervene in SoftBank's sale of chip designer ARM Holdings to U.S. group Nvidia on national security grounds. Digital Secretary Oliver Dowden said: Following careful consideration of the proposed takeover of ARM, I have today issued an intervention notice on national security grounds. "As a next step and to help me gather the relevant information, the UK's independent competition authority will now prepare a report on the implications of the transaction, which will help inform any further decisions."
UK orders national-security probe of Nvidia-Arm deal (Computing) It would be appropriate to 'properly consider the national security implications of a transaction like this', says Oliver Dowden
Supreme Court Asked to Compel Airing of Secret Intelligence Court’s Decisions (Wall Street Journal) Petitioners say the Foreign Intelligence Surveillance Court’s rulings shouldn’t be withheld from the public without justification.
A.C.L.U. Asks Supreme Court to Let It Seek Secret Surveillance Court Rulings (New York Times) A prominent Republican — Ted Olson — backed the request for high court review of a spy court ruling, which would be the first of its kind.
Supreme Court asked to give access to secretive court’s work (Maryland Daily Record) Civil liberties groups are asking the Supreme Court to give the public access to opinions of the secretive court that reviews bulk email collection, warrantless internet searches and other government surveillance programs. The groups say in an appeal filed with the high court Monday that the public has a constitutional right to see significant ...
ICO issued more than £40m in data breach fines in 2020 (CRN) ICO fines revealed in latest report with British Airways receiving largest penalty
Anti-Money-Laundering Prosecution Deals Setbacks to European Banks (Wall Street Journal) Failures to police money laundering procedures hit two major banks in Europe, dealing a further setback to a region that has struggled to stop financial institutions from serving as conduits for illicit transactions.