Bizarro Banking Trojan

Schneier on Security

Bizarro is a new banking trojan that is stealing financial information and crypto wallets. Uncategorized backdoors banking credentials cryptography malware reports

Bank Card "Master Key" Stolen

Schneier on Security

The bank's master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank's encrypted master key in plain, unencrypted digital language at the Postbank's old data centre in the Pretoria city centre.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Details of a Computer Banking Scam

Schneier on Security

This is a longish video that describes a profitable computer banking scam that’s run out of call centers in places like India. And three, it’s an evolving tactic that gets around banks increasingly flagging blocking suspicious electronic transfers.

Securing UX in Open Banking Apps

Security Boulevard

Historically, only large, well-established banks had control over the majority of consumer and corporate finances, making it highly challenging for smaller financial services providers to break into the market. The post Securing UX in Open Banking Apps appeared first on Security Boulevard.

Bank loses customers’ social security numbers after ransomware attack

Hot for Security

Because what if two weeks later the hacked bank (did I mention it was in the top 75 list of largest banks in the United States?) However, things became even more serious when it became apparent that the hackers were contacting the bank’s customers, informing them of the breach.

Android Banking Trojan Vultur uses screen recording for credentials stealing

Security Affairs

Experts spotted a new strain of Android banking Trojan dubbed Vultur that uses screen recording and keylogging for the capturing of login credentials. The banking Trojan leverages Accessibility Services to determine what application is in the foreground.

Reserve Bank of New Zealand Data Breach Caused by Antiquated Third Party Software

Adam Levin

The data breach of the Reserve Bank of New Zealand has been attributed to the compromise of a third party file sharing service. “A The post Reserve Bank of New Zealand Data Breach Caused by Antiquated Third Party Software appeared first on Adam Levin.

Report Shows Major Security Holes in Banking Apps

Adam Levin

A security analysis of 30 major banking and financial apps has shown major security holes and a lax approach to protecting user data. The analysis was conducted by the Aite Group, which looked at mobile apps in eight categories: retail banking, credit cards, mobile payment, healthcare savings, retail finance, health insurance, auto insurance and cryptocurrency. The post Report Shows Major Security Holes in Banking Apps appeared first on Adam Levin.

Bizarro banking Trojan targets banks in Brazil and abroad

Security Affairs

Bizarro is a new sophisticated Brazilian banking trojan that is targeting customers of tens of banks in Europe and South America. Bizarro banking Trojan allows to capture online banking credentials and hijacking Bitcoin wallets from the victims.

Toddler mobile banking malware surges across Europe

Zero Day

The Android malware is a new and persistent threat to European citizens and banks alike

When Bank Communication is Indistinguishable from Phishing Attacks

Troy Hunt

You know how banks really, really want to avoid their customers falling victim to phishing scams? And how banks are the shining beacons of light when it comes to demonstrating security best practices? Ok, that final one might be a bit of a stretch , but the fact remains that people have high expectations of how banks should communicate to ensure that they themselves don't come across as phishers: Just a good old phish. banks will never do things that look like a phish?

TSB Bank Disaster

Schneier on Security

This seems like an absolute disaster: The very short version is that a UK bank, TSB, which had been merged into and then many years later was spun out of Lloyds Bank, was bought by the Spanish bank Banco Sabadell in 2015. It is bad enough that bank IT problem had been so severe and protracted a major newspaper, The Guardian, created a live blog for it that has now been running for two days. banking dataprotection

How to achieve financial inclusion with Open Banking

CyberSecurity Insiders

If you have seen the latest banking news, you may have seen that the Competition and Markets Authority in the UK recently launched a consultation on the future of open banking to set out the principal features for open banking in its next phase of implementation.

‘Numberless’ bank cards could be the future: here’s why

CyberSecurity Insiders

No matter where you go, no matter which issuing bank you have, you will be able to pay with your card, in store and online, as long as they are EMV compliant. The case for removing numbers on banking cards.

How can Digital First banking benefit financial institutions?

CyberSecurity Insiders

The benefits of Digital First banking for the consumer are clear. Whether it’s both physical and digital card issuance, real-time card management or secure, hassle-free online payments, the services on offer to consumers when it comes to Digital First banking are almost endless.

Top 2021 banking and fintech security regulations

Security Boulevard

As more people move to fintech and digital banking, financial data security compliance is becoming tougher. The post Top 2021 banking and fintech security regulations appeared first on Intertrust Technologies.

70 European and South American Banks Under Attack By Bizarro Banking Malware

The Hacker News

A financially motivated cybercrime gang has unleashed a previously undocumented banking trojan, which can steal credentials from customers of 70 banks located in various European and South American countries.

The Risk of Weak Online Banking Passwords

Krebs on Security

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords. A screenshot of a password-checking tool being used to target Chase Bank customers who re-use passwords from other sites.

Your top five questions on biometric bank cards answered

CyberSecurity Insiders

As we stated in a previous blog , biometric bank cards are a strong trend defining the future of payments. The main method of registering customers on biometric bank cards is done very simply with a sleeve. For example, banks can enrol their customers’ fingerprints in the branch.

TeaBot Android banking Trojan targets banks in Europe

Security Affairs

Malware researchers from Cleafy warn of a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Europe. TeaBot supports the main features of Android banking Trojan and like other similar malware families it abuses Accessibility Services.

Indian Bank Hit in $13.5M Cyberheist After FBI ATM Cashout Warning

Krebs on Security

12, KrebsOnSecurity carried an exclusive : The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 The Blacksburg bank is now suing its insurance provider for refusing to fully cover the loss. On Sunday, Aug.

Bizarro: a banking Trojan full of nasty tricks

Malwarebytes

Researchers have discovered a new banking Trojan that has been found targeting customers of European and South American banks. Bizarro has quite a few tricks up its sleeve: It can capture login credentials entered on banking sites. Emulating banking sites on the fly.

Banks Attacked through Malicious Hardware Connected to the Local Network

Schneier on Security

Kaspersky is reporting on a series of bank hacks -- called DarkVishnya -- perpetrated through malicious hardware being surreptitiously installed into the target network: In 2017-2018, Kaspersky Lab specialists were invited to research a series of cybertheft incidents. At least eight banks in Eastern Europe were the targets of the attacks (collectively nicknamed DarkVishnya), which caused damage estimated in the tens of millions of dollars.

Accelerate Open Banking Innovation with These 7 Data Capabilities

Security Boulevard

Accelerate Open Banking Innovation with These 7 Data Capabilities. The inability to automate data impedes time to market with open APIs and banking features at over half of Europe’s banks, according to new research. Data Capabilities to Accelerate Open Banking Innovatio n .

Alien Android Banking Trojan Sidesteps 2FA

Threatpost

A new 'fork' of the Cerberus banking trojan, called Alien, targets victims' credentials from more than 200 mobile apps, including Bank of America and Microsoft Outlook.

Implementing Controls Without Breaking Everything (Including the Bank)

CyberSecurity Insiders

The post Implementing Controls Without Breaking Everything (Including the Bank) appeared first on Cybersecurity Insiders. A very common complaint among information security professionals is lack of a budget to implement the best security tools.

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Krebs on Security

Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 According to a lawsuit filed last month in the Western District of Virginia, the first heist took place in late May 2016, after an employee at The National Bank of Blacksburg fell victim to a targeted phishing email. That second computer had the ability to manage National Bank customer accounts and their use of ATMs and bank cards.

How banks and banking customers can protect themselves against financial crimes

Tech Republic Security

Account takeovers and online banking fraud are two types of attacks on the rise against financial institutions and their customers, says Feedzai

Some URL shortener services distribute Android malware, including banking or SMS trojans

We Live Security

The post Some URL shortener services distribute Android malware, including banking or SMS trojans appeared first on WeLiveSecurity. On iOS we have seen link shortener services pushing spam calendar files to victims’ devices.

Ransomware attack on Flagstar bank and Data Stolen

CyberSecurity Insiders

Flagstar Bank, a Michigan based company that specializes in providing mortgage loans, has reportedly become a victim of ransomware attack in January this year. However, the bank made the cyber incident public now, as it was waiting for investigation related to the incident over.

Bizarro banking malware targets 70 banks in Europe and South America

Bleeping Computer

A banking trojan named Bizarro that originates from Brazil has crossed the borders and started to target customers of 70 banks in Europe and South America. [.].

Tedrade banking malware families target users worldwide

Security Affairs

The Tetrade term coined by Kaspersky experts to refer four large banking trojan families developed and spread by Brazilian crooks worldwide. The Brazilian cybercrime underground is recognized as the most focuses on the development and commercialization of banking trojans.

5 Growing Trends to Watch in Banking Cybersecurity

Security Boulevard

As Cybercrime against the Financial Sector Jumps by 238%, What Can Banks Do to Address the Risk? The post 5 Growing Trends to Watch in Banking Cybersecurity appeared first on CybeReady. The post 5 Growing Trends to Watch in Banking Cybersecurity appeared first on Security Boulevard.

SolarWinds hackers remained hidden in Denmark’s central bank for months

Security Affairs

Russia-linked threat actors compromised Denmark’s central bank (Danmarks Nationalbank) and remained in its systems for months. Russia-linked threat actors infected the systems of Denmark’s central bank (Danmarks Nationalbank) and maintained access to its network for more than six months.

Hacker steals funds from customer bank accounts through Brute Force Attacks

CyberSecurity Insiders

First Horizon Bank of United States witnessed a cyber attack on a few of its customers resulting in fund loss of $1 million in total. The bank has launched a detailed inquiry and the culprits behind the attack are likely to be nabbed shortly. News First Horizon Bank

The Ursnif Trojan has hit over 100 Italian banks

Security Affairs

Avast researchers reported that the infamous Ursnif Trojan was employed in attacks against at least 100 banks in Italy. Avast experts recently obtained information on possible victims of Ursnif malware that confirms the interest of malware operators in targeting Italian banks.

TrickBot Spruces Up Its Banking Trojan Module

Threatpost

After focusing almost exclusively on delivering ransomware for the past year, the code changes could indicate that TrickBot is getting back into the bank-fraud game.

Is Your Chip Card Secure? Much Depends on Where You Bank

Krebs on Security

More recently, researchers at Cyber R&D Labs published a paper detailing how they tested 11 chip card implementations from 10 different banks in Europe and the U.S.

Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware

Krebs on Security

Marcus Hutchins, a 24-year-old blogger and malware researcher arrested in 2017 for allegedly authoring and selling malware designed to steal online banking credentials, has pleaded guilty to criminal charges of conspiracy and to making, selling or advertising illegal wiretapping devices. In August 2017, Hutchins was arrested by FBI agents in Las Vegas on suspicion of authoring and/or selling “ Kronos ,” a strain of malware designed to steal online banking credentials.

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Troy Hunt

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. for my *online banking*. On the one hand, it's a damn sight more generous than the previous two banks yet on the other hand, why? Let's keep pushing banks to do better, but not lose our minds about it in the process.

Phishing attacks target Chase Bank customers

Tech Republic Security

Two email campaigns discovered by Armorblox impersonated Chase in an attempt to steal login credentials

Russian hackers had months-long access to Denmark's central bank

Bleeping Computer

Russian state hackers compromised Denmark's central bank (Danmarks Nationalbank) and planted malware that gave them access to the network for more than half a year without being detected. [.].

Banks Investing in Automated Cyber-Defenses to Fight Business Email Compromise, Survey Shows

Hot for Security

The COVID-19 pandemic has intensified both the threat of fraud and the response to it, with corporate environments and banking in particular aligning on defensive automation, according to a new report. Industry News banking BEC BEC scam business email compromise fraud