NY DFS Industry Letters

Cybersecurity Alert: Cisco Zero-Day Vulnerabilities

The New York State Department of Financial Services issued a cybersecurity alert regarding active exploitation of Cisco zero-day vulnerabilities. Regulated entities are required to immediately identify affected Cisco devices and follow remediation steps outlined by CISA, including potential disconnection of end-of-support hardware.

NY DFS Guidance on Virtual Currency Custody and Customer Protection

The New York State Department of Financial Services has issued updated guidance on virtual currency custody and customer protection, replacing its 2023 guidance. The updated guidance provides further direction on sub-custody arrangements and emphasizes sound custody and disclosure practices to protect customers in the event of insolvency.

Guidance on Managing Third-Party Cybersecurity Risks

The New York State Department of Financial Services issued guidance on managing cybersecurity risks associated with third-party service providers. The guidance clarifies existing requirements and recommends best practices for covered entities to strengthen their oversight of these providers.

DFS Alert: Phishing Scam Targeting Regulated Entities

The New York Department of Financial Services (DFS) issued an alert regarding a phishing scam targeting regulated entities. The notice advises entities to exercise caution with unexpected communications and verify legitimacy before taking action.

Cybersecurity Advisory on Targeted Vishing Attacks

The New York State Department of Financial Services (DFS) issued a cybersecurity advisory highlighting an increase in targeted vishing attacks. Regulated entities are urged to review their cybersecurity programs and implement enhanced measures to protect against credential theft and unauthorized access.