Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. ”

Hacking 357

Hacking Ransomware Banking Accountability 357

Security Affairs

MARCH 29, 2025

The new Android trojan Crocodilus exploits accessibility features to steal banking and crypto credentials, mainly targeting users in Spain and Turkey. ThreatFabric researchers discovered a new Android trojan called Crocodilus, which exploits accessibility features to steal banking and crypto credentials. ” ThreatFabric concludes.

Banking 69

Banking Mobile Identity Theft Malware 69

Security Affairs

DECEMBER 6, 2022

Russia’s second-largest bank VTB Bank reveals it is facing the largest DDoS (distributed denial of service) attack in its history. State-owned VTB Bank, the second-largest financial institution in Russia, says it is facing the largest DDoS (distributed denial of service) attack in its history. ” Source USnews.com.

Banking 142

Banking DDOS Cyber Attacks Government 142

Security Affairs

NOVEMBER 20, 2021

banking regulators have approved a new rule that orders banks to notify federal regulators of significant cybersecurity incidents within 36 hours. banking regulators this week approved a rule that obliges banks to report any major cybersecurity incidents to the government within 36 hours of discovery. Pierluigi Paganini.

Banking 145

Banking Cybersecurity Financial Services Insurance 145

Security Affairs

DECEMBER 27, 2021

Researchers analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco that spreads through fake Google Play Store pages. “_lTAU_SINC/sincronizador Android malware targets the Brazilian bank Itaú Unibanco’s users and tries to perform fraudulent financial transactions without the victim’s knowledge.”

Banking 145

Banking Malware Hacking Mobile 145

Security Affairs

JULY 27, 2024

Ukraine launched a massive cyber operation that shut down the ATM services of the biggest Russian banks on July 27, reported the Kyiv Post. Ukraine has launched a massive cyberattack against ATMs of Russian banks, the cyber operation began on July 23. reported the KyivPost.

Banking 145

Banking Mobile Hacking Internet 145

Security Affairs

NOVEMBER 24, 2024

Stolen information offered for sale on the carding website included bank account, credit card, and debit card numbers and associated information for conducting transactions. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Cybercrime 132

Cybercrime Cryptocurrency Banking Accountability 132

Security Affairs

SEPTEMBER 24, 2024

A new version of the Android banking trojan Octo, called Octo2, supports improved features that allow to takeover infected devices. ThreatFabric researchers discovered a new version of the Android banking trojan Octo, called Octo2, that supports more advanced remote action capabilities needed for Device Takeover attacks.

Banking 128

Banking Mobile Malware Social Engineering 128

Security Affairs

OCTOBER 28, 2024

“No passwords” , “no bank cards” , “no content of communications (emails, SMS, voice messages, etc.)” The company said that passwords and bank card details were not compromised, it also pointed out that its customers’ communications were not exposed. million IBAN details. .

Cyber Attacks 127

Cyber Attacks Telecommunications Data breaches Banking 127

Security Affairs

MAY 19, 2024

A new Grandoreiro banking trojan campaign has been ongoing since March 2024, following the disruption by law enforcement in January. IBM X-Force warns of a new Grandoreiro banking trojan campaign that has been ongoing since March 2024. The banking Trojan is likely operated as a Malware-as-a-Service (MaaS).

Banking 135

Banking Malware Antivirus Accountability 135

Security Affairs

OCTOBER 28, 2024

. “Milan prosecutors allege the business intelligence agency tapped into three key databases: one gathering alerts over suspicious financial activities; one used by the national tax agency with citizens’ bank transactions, utility bills, income statements; and the police investigations’ database, the person said.”

Computers and Electronics 137

Computers and Electronics Banking Marketing Hacking 137

Security Affairs

MARCH 25, 2022

Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from the Central Bank of Russia. This week the Anonymous hacker collective claims to have hacked the Central Bank of Russia and stole accessed 35,000 documents. SecurityAffairs – hacking, Central Bank of Russia).

Banking 141

Banking Government Hacking Authentication 141

Security Affairs

APRIL 28, 2024

ICICI Bank, a major private bank in India, mistakenly exposed the sensitive data of thousands of new credit cards to unintended recipients. ICICI Bank, one of the leading private banks in India, accidentally exposed data of thousands of new credit cards to customers who were not the intended recipients.

Banking 138

Banking Financial Services Retail Mobile 138

Security Affairs

JULY 9, 2024

The Lockbit ransomware attack on Evolve Bank has compromised the personal information of over 7.6 At the end of June, the LockBit gang announced that it had breached the systems of the Federal Reserve of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.” million individuals.

Data breaches 134

Data breaches Banking Retail Ransomware 134

Security Affairs

OCTOBER 9, 2023

Flagstar Bank announced a data breach suffered by a third-party service provider exposed the personal information of over 800,000 US customers. Flagstar Bank is warning 837,390 US customers that their personal information was exposed after threat actors breached the third-party service provider Fiserv.

Data breaches 135

Data breaches Banking Hacking Mobile 135

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. Monitor financial accounts : Check bank statements and report any suspicious transactions promptly.

Identity Theft 127

Identity Theft Passwords Malware Banking 127

Security Affairs

FEBRUARY 21, 2022

Xenomorph Android trojan has been observed distributed via the official Google Play Store targeting 56 European banks. Researchers from ThreatFabric have spotted a new Android banking trojan, dubbed Xenomorph , distributed via the official Google Play Store that has over 50,000 installations. SecurityAffairs – hacking, Xenomorph).

Banking 139

Banking Malware Marketing Hacking 139

Security Affairs

NOVEMBER 15, 2021

Security researchers from Cleafy discovered a new Android banking trojan, named SharkBot, that is targeting banks in Europe. At the end of October, researchers from cyber security firms Cleafy and ThreatFabric have discovered a new Android banking trojan named SharkBot. SecurityAffairs – hacking, SharkBot).

Banking 144

Banking Mobile Social Engineering Malware 144

Security Affairs

JANUARY 12, 2025

” On Saturday, January 11, the attacks targeted Italian ministries and government institutions, while on Sunday a new wave of DDoS attacks hit Italian banks and private businesses. Noname057(16) hackers also hit Italian banks, including Intesa, Monte Paschi di Siena, and Italian ports of the cities of Taranto and Trieste.

DDOS 123

DDOS Banking Government Marketing 123

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc.

Hacking 242

Hacking Accountability Data breaches Marketing 242

Security Affairs

JUNE 4, 2024

Resecurity uncovered a cybercriminal group that is providing a sophisticated phishing kit, named V3B, to target banking customers in the EU. “Currently, it is estimated that hundreds of cybercriminals are using this kit to commit fraud, leaving victims with empty bank accounts. . ” reads the report published Resecurity.

Banking 131

Banking Phishing Social Engineering Engineering 131

Security Affairs

MAY 27, 2022

A new version of the ERMAC Android banking trojan is able to target an increased number of apps. The ERMAC Android banking trojan version 2.0 ERMAC was first spotted by researchers from Threatfabric in July 2021, it is based on the popular banking trojan Cerberus. SecurityAffairs – hacking, ERMAC 2.0). “ERMAC 2.0

Banking 145

Banking Malware Cybercrime Phishing 145

Security Affairs

MARCH 18, 2022

Experts spotted a new Unix rootkit, called Caketap, that was used to steal ATM banking data. Mandiant researchers discovered a new Unix rootkit named Caketap, which is used to steal ATM banking data, while investigating the activity of the LightBasin cybercrime group (aka UNC1945 ). SecurityAffairs – hacking, Caketap).

Banking 144

Banking Telecommunications System Administration Hacking 144

Security Affairs

JUNE 24, 2024

The Lockbit ransomware group announced that it had breached the systems of Federal Reserve of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.” “Federal banking is the term for the way the Federal Reserve of the United States distributes its money. .

Hacking 145

Hacking Banking Ransomware Encryption 145

Security Affairs

JUNE 18, 2022

Malibot is a new Android malware targeting online banking and cryptocurrency wallet customers in Spain and Italy. F5 Labs researchers spotted a new strain of Android malware, named Malibot, that is targeting online banking and cryptocurrency wallet customers in Spain and Italy. SecurityAffairs – hacking, Malibot).

Banking 145

Banking Cryptocurrency Malware Mobile 145

Security Affairs

APRIL 21, 2025

The fraud campaign starts with fake bank alerts via SMS or WhatsApp, luring victims to call attackers. Since victims often do not recall their PIN immediately, the attackers guide them through their mobile banking application to retrieve this sensitive information.” ” reads the report published by Cleafy.

Malware 108

Malware Social Engineering Banking Engineering 108

Security Affairs

FEBRUARY 22, 2025

The Bybit hack is the largest cryptocurrency heist ever, surpassing previous ones like Ronin Network ($625M), Poly Network ($611M), and BNB Bridge ($566M). Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss. billion to an unidentified address.

Cryptocurrency 132

Cryptocurrency Hacking Banking Cybersecurity 132

Security Affairs

MARCH 24, 2025

They can also steal personal data, banking details, cryptocurrency info, emails, and passwords by scraping the files the users upload. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, free online document converters) Reporting the incident to IC3.gov

Malware 118

Malware Scams Identity Theft Antivirus 118

Security Affairs

DECEMBER 12, 2021

Cofense researchers discovered a new phishing campaign using QR codes targeting German e-banking users in the last weeks. The phishing messages are carefully crafted, the content was well-structured and features bank logos. SecurityAffairs – hacking, QR codes). “The phish sites are fairly similar. Pierluigi Paganini.

Banking 145

Banking Phishing Social Engineering Engineering 145

Security Affairs

JULY 31, 2024

BingoMod is a new Android malware that can wipe devices after stealing money from the victims’ bank accounts. Researchers at Cleafy discovered a new Android malware, called ‘BingoMod,’ that can wipe devices after successfully stealing money from the victims’ bank accounts.

Banking 142

Banking Accountability Malware Mobile 142

Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. Once the funds hit the accounts, Mr. Ojelade and his coconspirators withdrew the money or transferred it into other bank accounts.” Nigerian Kolade Ojelade gets 26 years in U.S. for phishing scams that resulted in the compromise of millions of email accounts.

Scams 126

Scams Phishing Identity Theft Accountability 126

Security Affairs

FEBRUARY 13, 2024

Bank of America revealed that the personal information of some customers was stolen in a data breach affecting a third-party services provider. Bank of America began notifying some customers following a data breach at the third-party services provider Infosys McCamish System (IMS). Bank of America’s systems were not compromised.”

Data breaches 139

Data breaches Banking Identity Theft Ransomware 139

Security Affairs

APRIL 9, 2025

The confidentiality and integrity of the OCCs information security systems are paramount to fulfilling its mission, said Acting Comptroller of the Currency Rodney E. The threat actors behind the security breach remain unknown, and it’s unclear if the incident is linked to past Treasury attacks by China-linked groups.

Accountability 125

Accountability Banking Information Security Hacking 125

Security Affairs

JANUARY 2, 2022

The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar ( @nasapk ) was hacked by the Powerful Greek Army group. NASA Director account hacked by PGA!

Accountability 145

Accountability Hacking Banking Government 145

Security Affairs

SEPTEMBER 24, 2023

A new variant of a banking trojan, called BBTok, targets users of over 40 banks in Latin America, particularly Brazil and Mexico. Check Point researchers warn of a new variant of a banking trojan, called BBTok, that is targeting users of over 40 banks in Latin America. ” reads the report published by Check Point.

Banking 139

Banking Phishing Malware Hacking 139

Security Affairs

FEBRUARY 19, 2024

The Android banking trojan Anatsa resurged expanding its operation to new countries, including Slovakia, Slovenia, and Czechia. In November 2023, researchers from ThreatFabric observed a resurgence of the Anatsa banking Trojan, aka TeaBot and Toddler. ” concludes the report. ” concludes the report. .

Banking 130

Banking Malware Mobile Authentication 130

Security Affairs

JUNE 27, 2024

The LockBit ransomware group seems to have lied when they announced the hack of the US Federal Reserve. The real victim is the Evolve Bank. The LockBit ransomware group hasn’t hacked the Federal Reserve as it has recently claimed, the real victim is the Evolve Bank.

Hacking 116

Hacking Banking Retail Ransomware 116