Krebs on Security

NOVEMBER 19, 2024

Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. However, it did reference many of the same banks called out as Finastra customers in the Nov.

Data breaches 327

Data breaches Banking Cybercrime Advertising 327

Security Affairs

NOVEMBER 5, 2024

The ToxicPanda Android malware has infected over 1,500 devices, enabling attackers to perform fraudulent banking transactions. Cleafy researchers spotted a new Android banking malware, dubbed ToxicPanda, which already infected over 1,500 Android devices. ” reads the report published by Cleafy.

Banking 121

Banking Malware Accountability Authentication 121

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking 314

Hacking Accountability Government Social Engineering 314

Krebs on Security

OCTOBER 30, 2024

” But in June 2024 testimony to the Senate Finance Committee, it emerged that the intruders had stolen or purchased credentials for a Citrix portal used for remote access, and that no multi-factor authentication was required for that account. Last month, Sens. Mark Warner (D-Va.) and Ron Wyden (D-Ore.) Mark Warner (D-Va.)

Healthcare 315

Healthcare Insurance Computers and Electronics Data breaches 315

Security Affairs

NOVEMBER 30, 2024

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. Ugandan officials confirmed on Thursday that the national central bank suffered a security breach by financially-motivated threat actors. The Daily Monitor newspaper reported that the attackers stole 47.8

Banking 98

Banking Government Accountability Hacking 98

Security Affairs

MARCH 28, 2025

Russian authorities arrested three suspects for developing Mamont, a newly identified Android banking trojan. Russian authorities arrested three suspects in Saratov for developing Mamont (Russian for mammoth), a recently discovered Android banking trojan. Mamont can also spread to contacts in the victims messenger app.

Banking 114

Banking Computers and Electronics Mobile Malware 114

Schneier on Security

FEBRUARY 13, 2025

Meanwhile, only partially redacted names of CIA employees were sent over an unclassified email account. This approach, known as “separation of duties,” isn’t just bureaucratic red tape; it’s a fundamental security principle as old as banking itself. After that, Medicaid and Medicare records were compromised.

Government 363

Government Artificial Intelligence Banking Software 363

Malwarebytes

MARCH 19, 2025

California Cryobank (CCB) is a sperm donation and cryopreservation firm and one of the US top sperm banks. The information potentially involved varies by customer but includes names and one or more of the following: Drivers license numbers Bank account and routing numbers. Take your time. Consider not storing your card details.

Banking 93

Banking Data breaches Computers and Electronics Insurance 93

Malwarebytes

JUNE 18, 2025

In the latest example of this type of scam, we found tech support scammers hijacking the results of people looking for 24/7 support for Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal. It often starts, as with so many attacks, with a sponsored search result on Google. Often, this ad leads people to a fake website.

Banking 137

Banking Scams Accountability Media 137

Security Affairs

MARCH 19, 2025

California Cryobank, the largest US sperm bank, suffered a data breach exposing customer information. California Cryobank (CCB) is the largest sperm bank in the U.S., providing frozen donor sperm and reproductive services, including egg and embryo storage. At this time, it is unclear if the exposed information includes any donor data.

Data breaches 108

Data breaches Banking Insurance Hacking 108

SecureList

MAY 28, 2025

Introduction Zanubis is a banking Trojan for Android that emerged in mid-2022. Since its inception, it has targeted banks and financial entities in Peru, before expanding its objectives to virtual cards and crypto wallets. The malware operated as an overlay-based banking Trojan that abused Android’s accessibility service.

Banking 101

Banking Malware Encryption Energy and Utilities 101

Security Boulevard

OCTOBER 31, 2024

Wire transfer fraud occurs when scammers convince a company to send money to a fraudulent account. The post Shedding AI Light on Bank Wire Transfer Fraud appeared first on Security Boulevard. While weeding out suspicious requests like this may seem rudimentary, it’s not.

Banking 109

Banking Accountability Social Engineering Security Awareness 109

Security Affairs

NOVEMBER 24, 2024

Stolen information offered for sale on the carding website included bank account, credit card, and debit card numbers and associated information for conducting transactions. seized $283,000 in cryptocurrency from an account linked to Sami as part of actions against the illicit activities of PopeyeTools. million in revenue.

Cybercrime 130

Cybercrime Cryptocurrency Banking Accountability 130

Malwarebytes

NOVEMBER 14, 2024

Employees of these companies were tricked into clicking malicious attachments and links and filling in their email account login information on fake sites. With our law enforcement partners, we will continue to aggressively investigate, pursue, and hold accountable the crooks who perpetrate frauds online, wherever they are.”

Accountability 141

Accountability Banking Internet Internet 141

Security Affairs

MARCH 29, 2025

The new Android trojan Crocodilus exploits accessibility features to steal banking and crypto credentials, mainly targeting users in Spain and Turkey. ThreatFabric researchers discovered a new Android trojan called Crocodilus, which exploits accessibility features to steal banking and crypto credentials. ” ThreatFabric concludes.

Banking 67

Banking Mobile Identity Theft Malware 67

Jane Frankland

MAY 16, 2025

From AI-generated voices to realistic websites and stolen accounts, scams today are slick, fast, and global. Here’s a breakdown of the most widespread and damaging scams today: Impersonation Scams (51% of fraud cases) where fraudsters pose as: Banks, HMRC, DVLA, or government agencies. Couriers (e.g., Royal Mail, DHL, FedEx).

Scams 130

Scams Password Management Passwords Banking 130

SecureWorld News

JUNE 4, 2025

These breachesaffecting Cartier, Main Street Bank, and The North Faceunderscore the rising threat landscape facing luxury and everyday consumer brands. While no operational impact was reported, the bank terminated its relationship with the vendor. The reputational damage could be immense."

Retail 70

Retail Banking Financial Services Social Engineering 70

Malwarebytes

JUNE 19, 2025

Take the 184 million logins for social media accounts we reported about recently. But that doesn’t take away from the fact that these credentials are in the hands of cybercriminals who can use them for: Account takeovers : Cybercriminals can use stolen credentials to hijack social media, banking, or corporate accounts.

Identity Theft 138

Identity Theft Passwords Phishing Accountability 138

Security Affairs

OCTOBER 29, 2024

Change passwords : After malware removal, update passwords for key accounts (email, banking, work, social media) and enable two-factor authentication. Use a password manager : Simplifies managing strong, unique passwords across accounts. Report stolen data : Notify relevant parties if sensitive details (e.g.,

Identity Theft 124

Identity Theft Malware Passwords Banking 124

Thales Cloud Protection & Licensing

MAY 6, 2025

Opening Up Open Banking: The CFPB's Personal Financial Data Rights Rule andrew.gertz@t Tue, 05/06/2025 - 18:23 Explore the impact of the CFPBs new Personal Financial Data Rights rule and how it aims to empower consumers, drive competition, and reshape open banking in the U.S. The rule comes into effect on April 1, 2026.

Banking 62

Banking Data privacy Financial Services Marketing 62

SecureWorld News

MARCH 20, 2025

Attackers are mimicking tournament brackets, betting promotions, and registration formstricking users into handing over credentials or linking bank accounts to fraudulent sites. A simple click on what seems like an innocent bracket challenge or promo offer can lead to compromised financial accounts before tipoff.

Scams 95

Scams Social Engineering Phishing Mobile 95

Security Affairs

OCTOBER 28, 2024

. “Free was “the victim of a cyberattack targeting a management tool” leading to “unauthorized access to some of the personal data associated with the accounts of certain subscribers ,” the second largest telephone operator in France confirmed to Agence France-Presse (AFP) on Saturday, October 26.

Cyber Attacks 125

Cyber Attacks Telecommunications Data breaches Banking 125

Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. A Nigerian national was sentenced to 26 years in prison in the US for stealing millions by compromising the email accounts of real estate businesses. for phishing scams that resulted in the compromise of millions of email accounts. million in restitution.

Scams 123

Scams Phishing Identity Theft Accountability 123

Security Affairs

MARCH 24, 2025

They can also steal personal data, banking details, cryptocurrency info, emails, and passwords by scraping the files the users upload. If users fall victim to this scam, immediately contact their financial institutions, secure their accounts, and change all passwords using a trusted device. Reporting the incident to IC3.gov

Malware 116

Malware Scams Identity Theft Antivirus 116

SecureWorld News

FEBRUARY 6, 2025

Grubhub detected unusual activity within its environment, later traced to an account associated with a third-party service provider used for customer support. Upon discovery, the company swiftly terminated access to the compromised account and removed the provider from its systems. What happened? How did this happen?

Data breaches 102

Data breaches Accountability Social Engineering Risk 102

Schneier on Security

JUNE 27, 2025

Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical records are all integrity attacks. We need to talk about data integrity. Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage.

Internet 252

Internet Internet Banking Accountability 252

eSecurity Planet

NOVEMBER 6, 2024

This data reportedly includes everything from names and addresses to Social Security numbers and bank account details. The stolen data reportedly includes highly personal information — names, dates of birth, Social Security numbers, bank account details, and even records of residents’ interactions with city services.

Ransomware 113

Ransomware Authentication Identity Theft Penetration Testing 113

Adam Shostack

JANUARY 2, 2025

Recently, I was opening a new bank account. The bank unexpectedly sent me a temporary password to sign up, and when I did, the temporary password had expired. But then, after I went to reset the password, the bank emailed me a one time code. Theyre checking live access to the email account with the one time code.

Banking 130

Banking Passwords Password Management Authentication 130

Malwarebytes

MARCH 31, 2025

Last year a burger restaurant sent customers into a spin after sending them a fake order confirmation email, which led to customers fearing that their accounts had been hacked. If your bank gives you an unexpected phone call, ring them back on a number you know is theirs. Use a different password for every account.

Scams 138

Scams Passwords Accountability Password Management 138

eSecurity Planet

MARCH 31, 2025

One of the most common methods is smishing, which involves sending fraudulent text messages claiming your Netflix account has been locked due to suspicious activity. Another common tactic is phishing emails, which may offer fake incentives like getting paid to watch Netflix or urgent messages requesting account verification.

Scams 93

Scams Artificial Intelligence Phishing Accountability 93

Security Affairs

OCTOBER 28, 2024

. “Milan prosecutors allege the business intelligence agency tapped into three key databases: one gathering alerts over suspicious financial activities; one used by the national tax agency with citizens’ bank transactions, utility bills, income statements; and the police investigations’ database, the person said.”

Computers and Electronics 135

Computers and Electronics Banking Marketing Hacking 135

Malwarebytes

MARCH 4, 2025

The Docusign Application Programming Interface (API) allows customers to send emails that come from genuine Docusign accounts, and they can use templates to impersonate reputable companies. Weve identified an unauthorized transaction made from your PayPal account to Coinbase: Amount: $755.38

Scams 135

Scams Accountability Phishing Banking 135

Security Affairs

MAY 15, 2025

Exposed data included contact details, partial SSNs and bank info, ID images, account history, and limited internal documents. Compromised data includes: Name, address, phone, and email; Masked Social Security (last 4 digits only); Masked bank-account numbers and some bank account identifiers; GovernmentID images (e.g.,

Data breaches 85

Data breaches Banking Accountability Retail 85

Security Affairs

OCTOBER 15, 2024

The experts reported that the ATP group has been using this malware at least since 2016 to siphon millions of dollars from ATMs of small and midsize banks in Asia and Africa. The malicious code intercepts declined magnetic swipe transactions and authorizes them with random amounts in Turkish Lira for specific cardholder accounts.

Malware 132

Malware Banking Hacking Accountability 132

SecureList

JANUARY 30, 2025

The threat actor then exploits this data to hijack personal messaging accounts, impersonate account owners to request money transfers from the victims’ contacts, and compromise accounts with other services. Tria Stealer exfiltrates the data by sending it to various Telegram bots using the Telegram API for communication.

Accountability 97

Accountability Malware Banking Phishing 97

Security Boulevard

FEBRUARY 14, 2025

Plus, Europol offers best practices for banks to adopt quantum-resistant cryptography. In addition to adopting post-quantum cryptography , banks and other financial institutions should take this opportunity to boost their cryptography management practices, according to Europol.

Banking 63

Banking Cybercrime Cybersecurity Ransomware 63

Security Affairs

APRIL 21, 2025

The fraud campaign starts with fake bank alerts via SMS or WhatsApp, luring victims to call attackers. Since victims often do not recall their PIN immediately, the attackers guide them through their mobile banking application to retrieve this sensitive information.” ” reads the report published by Cleafy.

Malware 106

Malware Social Engineering Banking Engineering 106