Bizarro Banking Trojan

Schneier on Security

Bizarro is a new banking trojan that is stealing financial information and crypto wallets. Uncategorized backdoors banking credentials cryptography malware reports

Bank Card "Master Key" Stolen

Schneier on Security

The bank's master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank's encrypted master key in plain, unencrypted digital language at the Postbank's old data centre in the Pretoria city centre.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Details of a Computer Banking Scam

Schneier on Security

This is a longish video that describes a profitable computer banking scam that’s run out of call centers in places like India. And three, it’s an evolving tactic that gets around banks increasingly flagging blocking suspicious electronic transfers.

New Android banking Malware targets Brazil’s Itaú Unibanco Bank

Security Affairs

Researchers analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco that spreads through fake Google Play Store pages. SecurityAffairs – hacking, Android banking malware).

The Building Blocks of Neo Bank Security

Appknox

Neo banks are fighting an uphill battle. From strict AML laws and KYC processes to fraudsters and criminals looking to take advantage, neo bank security is a major concern. mobile banking mobile security mobile banking security Neo Banking Neo Bank

Bank loses customers’ social security numbers after ransomware attack

Hot for Security

Because what if two weeks later the hacked bank (did I mention it was in the top 75 list of largest banks in the United States?) However, things became even more serious when it became apparent that the hackers were contacting the bank’s customers, informing them of the breach.

Conti ransomware gang started leaking files stolen from Bank Indonesia

Security Affairs

The central bank of the Republic of Indonesia, Bank Indonesia, confirmed the ransomware attack that hit it in December. Bank Indonesia confirmed that it was the victim of a ransomware attack that took place last month.

U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours

Security Affairs

banking regulators have approved a new rule that orders banks to notify federal regulators of significant cybersecurity incidents within 36 hours. The rule aims at forcing banks to quickly respond to cybersecurity incidents. banking).

Banking’s Digital Future Raises Security Concerns

Security Boulevard

As the global financial services industry undergoes a seismic shift, disruption is prompting the industry to replace traditional practices, with emphasis on the inevitable digital future banks will have to embrace.

The State of Commercial Banking and Security

Security Boulevard

The shift to digital banking has been a game-changer for financial institutions. But while digital has opened up whole new avenues for customer experience and revenue within the banking sector, one major worry continues to cause many financial professionals to lose sleep: Cybersecurity.

Securing UX in Open Banking Apps

Security Boulevard

Historically, only large, well-established banks had control over the majority of consumer and corporate finances, making it highly challenging for smaller financial services providers to break into the market. The post Securing UX in Open Banking Apps appeared first on Security Boulevard.

Cyber 2022 Predictions About Open Banking

Security Boulevard

Unlike traditional banking where all customer data is controlled by the parent bank, in open banking, customer data is securely exposed to third-party providers via application programming interfaces (APIs).

Bizarro banking Trojan targets banks in Brazil and abroad

Security Affairs

Bizarro is a new sophisticated Brazilian banking trojan that is targeting customers of tens of banks in Europe and South America. Bizarro banking Trojan allows to capture online banking credentials and hijacking Bitcoin wallets from the victims.

Banks Must Report Cyber Incidents Beginning in May 2022

Lohrman on Security

financial institutions are leaders in global cyber defense. Recently approved rules will mandate the reporting of security incidents next year. We explore the topic with cybersecurity expert Michael McLaughlin

Reserve Bank of New Zealand Data Breach Caused by Antiquated Third Party Software

Adam Levin

The data breach of the Reserve Bank of New Zealand has been attributed to the compromise of a third party file sharing service. “A The post Reserve Bank of New Zealand Data Breach Caused by Antiquated Third Party Software appeared first on Adam Levin.

Interview: Open Banking Opens Customer Data to Third Parties

Security Boulevard

In open banking, customer data is securely exposed to third-party providers via application program interfaces. The post Interview: Open Banking Opens Customer Data to Third Parties appeared first on Radware Blog.

Everything You Need to Know About Neo Bank Security

Appknox

fintech Security practices mobile banking security Vulnerability Assessment Neo Banking Neo BankOf all the modern business ecosystems, the Fintech sector is one of the most volatile landscapes that is teeming with industry and technological disruptions.

Indonesia's central bank confirms ransomware attack, Conti leaks data

Bleeping Computer

Bank Indonesia (BI), the central bank of the Republic of Indonesia, has confirmed today that a ransomware attack hit its networks last month. [.].

TSB Bank Disaster

Schneier on Security

This seems like an absolute disaster: The very short version is that a UK bank, TSB, which had been merged into and then many years later was spun out of Lloyds Bank, was bought by the Spanish bank Banco Sabadell in 2015. It is bad enough that bank IT problem had been so severe and protracted a major newspaper, The Guardian, created a live blog for it that has now been running for two days. banking dataprotection

Everything You Need to Know About Open Banking Security

Appknox

It is no longer necessary to wait in queues to speak with a bank teller. financial fintech mobile banking API Security Open BankingFinancial services have developed at a breakneck pace, resulting in fierce competition among financial technologies.

Banking scam uses Docusign phish to thieve 2FA codes

Naked Security

Phishing Banking phishing scamsThis scam is obviously inapplicable to 999 people in every 1000. but there are LOTS of 1-in-1000 people in the world!

Hydra Android trojan campaign targets customers of European banks

Security Affairs

Experts warn of a new Hydra banking trojan campaign targeting European e-banking platform users, including the customers of Commerzbank. . Experts warn of a malware campaign targeting European e-banking platform users with the Hydra banking trojan.

A Bank SMS Text Phish Attempt

Security Boulevard

I received an SMS text message that contained a phishing attempt for a Canadian Bank. The message implied that I have received a new notification with this bank and I should visit the provided link. The post A Bank SMS Text Phish Attempt appeared first on The State of Security.

Best of 2021 – The Rising Online Banking Frauds in India

Security Boulevard

The post The Rising Online Banking Frauds in India appeared first on Kratikal Blog. The post Best of 2021 – The Rising Online Banking Frauds in India appeared first on Security Boulevard.

When Bank Communication is Indistinguishable from Phishing Attacks

Troy Hunt

You know how banks really, really want to avoid their customers falling victim to phishing scams? And how banks are the shining beacons of light when it comes to demonstrating security best practices? Ok, that final one might be a bit of a stretch , but the fact remains that people have high expectations of how banks should communicate to ensure that they themselves don't come across as phishers: Just a good old phish. banks will never do things that look like a phish?

Android Banking Trojan Vultur uses screen recording for credentials stealing

Security Affairs

Experts spotted a new strain of Android banking Trojan dubbed Vultur that uses screen recording and keylogging for the capturing of login credentials. The banking Trojan leverages Accessibility Services to determine what application is in the foreground.

Alien Android Banking Trojan Sidesteps 2FA

Threatpost

A new 'fork' of the Cerberus banking trojan, called Alien, targets victims' credentials from more than 200 mobile apps, including Bank of America and Microsoft Outlook.

TeaBot Android banking Trojan targets banks in Europe

Security Affairs

Malware researchers from Cleafy warn of a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Europe. TeaBot supports the main features of Android banking Trojan and like other similar malware families it abuses Accessibility Services.

Android banking Trojan BrazKing is back with significant evasion improvements

Security Affairs

The BrazKing Android banking trojan is back with significant improvements and dynamic banking overlays to avoid detection. RAT capabilities—BrazKing can manipulate the target banking application by tapping buttons or keying text in.

Flubot Android banking Trojan spreads via fake security updates

Security Affairs

The Android malware has been used to steal banking credentials, payment information, and sensitive data from infected devices. The post Flubot Android banking Trojan spreads via fake security updates appeared first on Security Affairs.

SharkBot Android banking Trojan cleans users out

Malwarebytes

Researchers have discovered and analyzed a new Android banking Trojan that allows attackers to steal sensitive banking information such as user credentials, personal information, current balance, and even to perform gestures on the infected device.

ERMAC, a new banking Trojan that borrows the code from Cerberus malware

Security Affairs

ERMAC is a new Android banking Trojan that can steal financial data from 378 banking and wallet apps. Researchers from Threatfabric found in July a new Android banking trojan dubbed ERMAC that is almost fully based on the popular banking trojan Cerberus.

New SOVA Android Banking trojan is rapidly growing

Security Affairs

SOVA is a new Android banking trojan that targets banking applications, cryptocurrency wallets, and shopping apps from the U.S. The malware allows attacker to gather sensitive data from infected devices, including banking credentials and PII.

DarkVishnya Attacks Loot Millions from Banks

Adam Levin

Hackers stole tens of millions of dollars from Eastern European banks in a campaign called “DarkVishnya.” The first step involved planting in the target banks a device. Finally, when the hackers gained access, they siphoned as much money as they could “grab” using phony ATM withdrawals and bank transactions. The post DarkVishnya Attacks Loot Millions from Banks appeared first on Adam Levin.

Report Shows Major Security Holes in Banking Apps

Adam Levin

A security analysis of 30 major banking and financial apps has shown major security holes and a lax approach to protecting user data. The analysis was conducted by the Aite Group, which looked at mobile apps in eight categories: retail banking, credit cards, mobile payment, healthcare savings, retail finance, health insurance, auto insurance and cryptocurrency. The post Report Shows Major Security Holes in Banking Apps appeared first on Adam Levin.

Three ways banks can ensure a sustainable future

CyberSecurity Insiders

Both large financial institutions as well as community banks and credit unions are responding to growing awareness to step up pro-environmental standards from various stakeholders including consumers, employees, investors, competitors, eco-system partners and government entities.?

Banking frauds are rising as financial info is being stored digitally

CyberSecurity Insiders

Most Americans are having a habit of storing their ATM pins, bank account details and, to a certain extent, debit/credit card numbers on mobiles, computers and emails. The post Banking frauds are rising as financial info is being stored digitally appeared first on Cybersecurity Insiders.

TinyNuke banking malware targets French organizations

Security Affairs

Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations with operations in France with the banking malware TinyNuke. The post TinyNuke banking malware targets French organizations appeared first on Security Affairs.

4 Android banking trojans were spread via Google Play infecting 300.000+ devices

Security Affairs

Experts found four Android banking trojans that were available on the official Google Play Store and that infected +300,000 devices. ” The droppers were designed to distribute the Android banking trojan Anatsa , Alien , ERMAC , and Hydra.

Top 2021 banking and fintech security regulations

Security Boulevard

As more people move to fintech and digital banking, financial data security compliance is becoming tougher. The post Top 2021 banking and fintech security regulations appeared first on Intertrust Technologies.

Banks Attacked through Malicious Hardware Connected to the Local Network

Schneier on Security

Kaspersky is reporting on a series of bank hacks -- called DarkVishnya -- perpetrated through malicious hardware being surreptitiously installed into the target network: In 2017-2018, Kaspersky Lab specialists were invited to research a series of cybertheft incidents. At least eight banks in Eastern Europe were the targets of the attacks (collectively nicknamed DarkVishnya), which caused damage estimated in the tens of millions of dollars.

The Risk of Weak Online Banking Passwords

Krebs on Security

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords. A screenshot of a password-checking tool being used to target Chase Bank customers who re-use passwords from other sites.

Malicious Android app steals Malaysian bank credentials, MFA codes

Bleeping Computer

A fake Android app is masquerading as a housekeeping service to steal online banking credentials from the customers of eight Malaysian banks. [.].