Banking, Information Security and Passwords

GUEST ESSAY: The key differences between ‘information privacy’ vs. ‘information security’

The Last Watchdog

JUNE 12, 2023

Information privacy and information security are two different things. Related: Tapping hidden pools of security talent Information privacy is the ability to control who (or what) can view or access information that is collected about you or your customers. still available for you to use.

Information Security

Information Security Data breaches CISO Encryption

Anonymous claims to have hacked the Central Bank of Russia

Security Affairs

MARCH 24, 2022

The Anonymous hacker collective claims to have hacked the Central Bank of Russia and stole accessed 35,000 documents. Anonymous continues to target Russian government organizations and private businesses, now it is claiming to have hacked the Central Bank of Russia. SecurityAffairs – hacking, Bank of Russia).

Banking

Banking Hacking Government Cyber Attacks

An initial access broker claims to have hacked Deutsche Bank

Security Affairs

NOVEMBER 11, 2022

An initial access broker claims to have hacked Deutsche Bank and is offering access to its systems for sale on Telegram. A threat actor ( 0x_dump ) claims to have hacked the multinational investment bank Deutsche Bank and is offering access to its network for sale online. The IAB is offering access to the Deutsche Bank 7.5

Banking

Banking Hacking InfoSec Insurance

Santander: a data breach at a third-party provider impacted customers and employees

Security Affairs

MAY 16, 2024

The Spanish bank Santander disclosed a data breach at a third-party provider that impacted customers in Chile, Spain, and Uruguay. The bank recently became aware of unauthorized access to one of its databases hosted by a third-party provider. ” reads the statement published by the bank. ” continues the statement.

Data breaches

Data breaches Banking Passwords Marketing

ShinyHunters is selling data of 30 million Santander customers

Security Affairs

MAY 31, 2024

The threat actor ShinyHunters claims breach of Santander and is offering for sale bank data, including information for 30 million customers. A notorious threat actor ShinyHunters is offering a huge trove of data allegedly stolen from the Santander Bank for sale. reads the statement published by the bank.

Banking

Banking Data breaches Cybercrime Passwords

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once obtained the SIM cards, they were able to bypass SMS-based 2FA used to access bank accounts and steal the money.

Banking

Banking Accountability Mobile Cryptocurrency

South Korean Woori Bank is accused of unauthorized use of customer data

Security Affairs

FEBRUARY 11, 2020

Unauthorized use of customer information by Woori Bank, ‘crime act’ for customers. The bank changed 23,000 passwords in 2018 without consent. It is controversial that Woori Bank changed the p assword s of 23,000 customer dormant accounts without consent in July 2018. About the author: ???

Banking

Banking Passwords Accountability Advertising

Flubot Android banking Trojan spreads via fake security updates

Security Affairs

OCTOBER 2, 2021

Android has detected that your device has been infected,” states the fake security warning observed by the researchers. “FluBot is an Android spyware that aims to steal financial login and password data from your device. You must install an Android security update to remove FluBot.” ” states the report.

Banking

Banking Malware Spyware Passwords

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Security Affairs

NOVEMBER 22, 2019

The Russian hacker who created and used Neverquest banking malware has finally been sentenced to 4 years in prison by a US District Court. The Neverquest was used by cyber criminals to steal login credentials from banking customers, it leverages on injection mechanisms to provide users fake forms into legitimate banking websites.

Banking

Banking Malware Advertising Passwords

Swiss real estate agency Neho fails to put a password on its systems

Security Affairs

MAY 31, 2023

Real estate agencies handle sensitive data, including customers’ personally identifiable information, bank account details, and other data highly valued by cybercriminals. The file contained PostgreSQL and Redis databases credentials, including host, port, username, and password. Ensuring cybersecurity is vital.

Passwords

Passwords Phishing Accountability Banking

5-star customer service: fraudsters launch massive campaign against Indonesia’s major banks on Twitter

Security Affairs

MARCH 31, 2021

Experts warn that cybercriminals are targeting Indonesia’s major banks posing as bank representatives or customer support team members on Twitter. To lure victims, cybercriminals pose as bank representatives or customer support team members on Twitter. From January to early March 2021, this scheme grew in scope 2.5-fold

Banking

Banking Scams Accountability Media

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

These pieces of malware are created with the intent of stealing valuable data, such as login credentials, financial information, personal details, and more. This data may include usernames, passwords, credit card numbers, social security numbers, and other sensitive information.

Banking

Banking Cybercrime Malware Accountability

European Central Bank (ECB) discloses data breach in BIRD Newsletter

Security Affairs

AUGUST 16, 2019

The European Central Bank (ECB) announced that threat actors had access for months to the contact information of hundreds of financial industry subscribers to its newsletter. According to the organization, hackers infected with a malware an external server that hosts the Banks’ Integrated Reporting Dictionary (BIRD).

Data breaches

Data breaches Banking Advertising Marketing

P&N Bank data breach may have impacted 100,000 West Australians

Security Affairs

JANUARY 15, 2020

P&N Bank discloses data breach, customer account information, balances exposed. The Australian P&N Bank is notifying its customers a data breach that has exposed personally identifiable information (PII) and sensitive account data. The bank hired external experts to help it in investigating the incident.

Data breaches

Data breaches Banking Cyber Attacks Accountability

Gamblers’ data compromised after casino giant Strendus fails to set password

Security Affairs

NOVEMBER 15, 2023

Source: Cybernews The information exposed in this data leak could have been exploited for fraud, identity theft, phishing attempts, or as a source of data for meticulously targeted cyberattacks.

Passwords

Passwords Identity Theft Social Engineering Spyware

New phishing campaign targets bank customers with WSH RAT

Security Affairs

JUNE 17, 2019

Security researchers at Cofense have spotted a phishing campaign aimed at commercial banking customers distributing a new remote access trojan (RAT) tracked as WSH RAT. Threat actors are using the RAT to deliver keyloggers and information stealers. ” reads the analysis published by Cofence. Pierluigi Paganini.

Banking

Banking Phishing Advertising Malware

Group-IB: More than 70% of Russian banks are not ready for cyberattacks

Security Affairs

FEBRUARY 19, 2019

According to a new research conducted by Group-IB experts, 74 percent of Russian banks were not ready for cyberattacks. Even so, 74 percent of Russian banks were not ready for cyberattacks , 29 percent were found to be actively infected with malware, and in 52 percent of cases traces of past attacks were detected.

Banking

Banking Marketing Cybercrime Information Security

Cerberus, a new banking Trojan available as malware-as-a-service in the underground

Security Affairs

AUGUST 13, 2019

Security experts analyzed a new interesting Android banking Trojan, dubbed Cerberus, that is offered for rent by its author. The malware implements banking Trojan capabilities such as the use of overlay attacks, the ability to intercept SMS messages and access to the contact list. ” continues the report.

Banking

Banking Malware Advertising Social Engineering

Attunity data leak: Netflix, Ford, TD Bank data exposed by Open AWS Buckets

Security Affairs

JUNE 29, 2019

. “Backups of employees’ OneDrive accounts were also present and spanned the wide range of information that employees need to perform their jobs: email correspondence, system passwords, sales and marketing contact information, project specifications, and more.” Pierluigi Paganini.

Banking

Banking Backups Big data Advertising

Not All MFA is Equal, and the Differences Matter a Lot

Daniel Miessler

MARCH 10, 2022

In that post we talked about 8 levels of password security, starting from using shared and weak passwords and going all the way up to passwordless. A growing percentage of malware packages now include prompts for not only a username and password, but also an MFA code. Get started with WebAuthn >>.

Authentication

Authentication Phishing Passwords Accountability

230K individuals impacted by a data breach suffered by Telco provider Tangerine

Security Affairs

FEBRUARY 23, 2024

The telecommunications provider pointed out that no financial information (credit or debit card numbers, banking details) has been compromised. No driver’s licence numbers, ID documentation details, banking details or passwords have been disclosed as a result of this incident.” ”continues the statement.

Data breaches

Data breaches Telecommunications Banking Mobile

Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha

Security Affairs

FEBRUARY 27, 2021

‘Hotarus Corp’ Ransomware operators hacked Ecuador’s largest private bank, Banco Pichincha, and the country’s Ministry of Finance. ?A The group claims to have also stolen data from the Banco Pichincha bank and infected a system at Ministry of Finance using for training purposes with PHP-based ransomware.

Hacking

Hacking Banking Ransomware Passwords

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Once they’re in, they can grab your emails, usernames, passwords, and more. They might even lock you out of your own accounts by resetting your passwords.

DNS

DNS VPN Encryption Passwords

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud.

Password Management

Password Management Cryptocurrency Passwords Authentication

Ecuador’s Banco Pichincha has yet to recover after recent cyberattack

Security Affairs

OCTOBER 17, 2021

The customers of Banco Pichincha, the largest bank in Ecuador, are still experiencing service disruptions after a massive cyberattack hit the financial organization early this week. The cyberattack took place over the last weekend and forced the bank to shut down a large part of its computer network in response to the incident.

Banking

Banking InfoSec Cyber Attacks Cybercrime

Millions of GoDaddy customer data compromised in breach

Malwarebytes

NOVEMBER 23, 2021

million active and inactive customer data, including email addresses, original WordPress admin passwords, Secure File Transfer Protocol (sFTP) and database credentials, and SSL private keys. According to initial investigations, the intruder used a compromised password to access legacy code in GoDaddy’s environment to steal data.

Passwords

Passwords Accountability CISO Banking

AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web

Security Affairs

FEBRUARY 4, 2024

Some users may not have changed their password, or this process might still be ongoing. Per a public statement from AnyDesk on February 2, 2024, “ as a precaution, we (AnyDesk) are revoking all passwords to our web portal, my.anydesk.com, and we recommend that users change their passwords if the same credentials are used elsewhere.

Scams

Scams Passwords Phishing Accountability

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

Enforce strong passwords and implement multi-factor authentication (MFA) — by educating users about using a unique password for each account and enforcing higher security for privileged accounts (administrators, root). Therefore, educating your employees about the importance of security to your network is critical.

Cybersecurity

Cybersecurity Cybercrime Education Government

Experts warn of JinxLoader loader used to spread Formbook and XLoader

Security Affairs

JANUARY 2, 2024

The content of the messages attempted to trick the recipients into opening a password-protected RAR archive. Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud. net on 2023-04-30.

Malware

Malware Passwords Cryptocurrency Hacking

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

Security Affairs

JANUARY 3, 2024

Resecurity has uncovered a cybercriminal faction known as “ GXC Team “, who specializes in crafting tools for online banking theft, ecommerce deception, and internet scams. Upon detection, it alters the banking information of the intended recipient (like the victim’s supplier) to details specified by the perpetrator.

Artificial Intelligence

Artificial Intelligence Banking Scams Cybercrime

Toyota Financial Services discloses a data breach

Security Affairs

DECEMBER 11, 2023

The company told them that threat actors gained access to full names, residence addresses, contract information, lease-purchase details, and IBAN (International Bank Account Number). Toyota Financial Services warns its German customers to remain vigilant and contact their bank to take additional security precautions.

Financial Services

Financial Services Data breaches Identity Theft Banking

VF Corp December data breach impacts 35 million customers

Security Affairs

JANUARY 19, 2024

. “However, VF does not collect or retain in its IT systems any consumer social security numbers, bank account information or payment card information as part of its direct-to-consumer practices, and, while the investigation remains ongoing, VF has not detected any evidence to date that any consumer passwords were acquired by the threat actor.”

Data breaches

Data breaches Retail Insurance Passwords

Data Breach at Britain JD Sports leaks 10 million customers

CyberSecurity Insiders

JANUARY 30, 2023

Accessed information includes data related to phone numbers, email accounts, addresses, names, the location where the order was delivered, and the final 4 digits of bank cards. JD Sports has assured that hackers accessed no passwords related to their accounts and issued an apology for failing to protect the customer info.

Data breaches

Data breaches Retail Identity Theft Social Engineering

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

Security Affairs

SEPTEMBER 15, 2022

Threat actors used employees’ publicly-available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and obtain access to files, healthcare portals, payment information, and websites. million payments. The attacker stole $3.1 million with this attack.

Healthcare

Healthcare Social Engineering Accountability Passwords

Law enforcement operation dismantled phishing-as-a-service platform LabHost

Security Affairs

APRIL 18, 2024

. “Australian offenders are allegedly among 10,000 cybercriminals globally who have used the platform, known as LabHost, to trick victims into providing their personal information, such as online banking logins, credit card details and passwords, through persistent phishing attacks sent via texts and emails.”

Phishing

Phishing Cybercrime Passwords Banking

Microsoft warns of multi-stage AiTM phishing and BEC attacks

Security Affairs

JUNE 11, 2023

Microsoft researchers warn of banking adversary-in-the-middle (AitM) phishing and BEC attacks targeting banking and financial organizations. Microsoft discovered multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attacks against banking and financial services organizations.

Phishing

Phishing Banking Financial Services Authentication

Morgan Stanley discloses data breach after the hack of a third-party vendor

Security Affairs

JULY 8, 2021

The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. The company pointed out that exposed files did not contain passwords that could be used to access financial accounts. ” reads the letter.

Data breaches

Data breaches Hacking Banking Financial Services

Omicron-themed phishing attacks spread Dridex and taunt with funeral helpline

Security Affairs

DECEMBER 25, 2021

The phishing messages use weaponized Word or Excel attachments to install the Dridex banking Trojan. The messages use a password-protected Excel attachment, the password is provided in the content of the message. The message attempts to trick the victims into enabling the macros to correctly view the content of the attachments.

Phishing

Phishing Passwords Banking Malware

A TrickBot malware developer sentenced to 64 months in prison

Security Affairs

JANUARY 26, 2024

Dunaev pleaded guilty on November 30, 2023, he admitted to conspiring to engage in computer fraud and identity theft, as well as conspiring to commit wire fraud and bank fraud. A for being a developer for the TrickBot gang since 2016. ” reads the press release published by DoJ. million via ransomware deployed by Trickbot.”

Malware

Malware Identity Theft Banking Ransomware

Russian streaming platform Start discloses a data breach impacting 7.5M users

Security Affairs

AUGUST 31, 2022

. “Specialists randomly checked random entries from the database through the password recovery function on the online cinema website: all logins turned out to be valid.” The company added that browsing history or passwords were not included in the stolen database. ” reads the data breach notice published on Telegram.

Data breaches

Data breaches Passwords Banking Media

EnergyAustralia Electricity company discloses security breach

Security Affairs

OCTOBER 21, 2022

EnergyAustralia pointed out that sensitive data, such as passwords, banking information, driver licences, or passports, were not compromised because they were not stored on the platform. “It added that impacted customers had been contacted by text and email on October 2 with a prompt to reset their passwords.”. .

Passwords

Passwords Small Business Banking Retail

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4 Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Spyware

Spyware Manufacturing Small Business Surveillance

Swarmshop – What goes around comes around: hackers leak other hackers’ data online

Security Affairs

APRIL 8, 2021

The database was posted on a different underground forum and contained 12,344 records of the card shop admins, sellers and buyers including their nicknames, hashed passwords, contact details, history of activity, and current balance. Cardshop users, however, were recommended to change the passwords shortly after the breach report came out.

Banking

Banking Insurance Passwords Accountability

Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web

Security Affairs

DECEMBER 5, 2022

Such malicious scenarios are purposely developed by fraudsters and used for online-banking theft and financial fraud. According to the experts from Resecurity, the identified “In The Box” marketplace may now proudly be called the largest and most significant catalyst for banking theft and fraud involving mobile devices.

Mobile

Mobile Malware Banking Retail

GUEST ESSAY: The key differences between ‘information privacy’ vs. ‘information security’

Anonymous claims to have hacked the Central Bank of Russia

Trending Sources

An initial access broker claims to have hacked Deutsche Bank

Santander: a data breach at a third-party provider impacted customers and employees

ShinyHunters is selling data of 30 million Santander customers

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

South Korean Woori Bank is accused of unauthorized use of customer data

Flubot Android banking Trojan spreads via fake security updates

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Swiss real estate agency Neho fails to put a password on its systems

5-star customer service: fraudsters launch massive campaign against Indonesia’s major banks on Twitter

Info stealers and how to protect against them

European Central Bank (ECB) discloses data breach in BIRD Newsletter

P&N Bank data breach may have impacted 100,000 West Australians

Gamblers’ data compromised after casino giant Strendus fails to set password

New phishing campaign targets bank customers with WSH RAT

Group-IB: More than 70% of Russian banks are not ready for cyberattacks

Cerberus, a new banking Trojan available as malware-as-a-service in the underground

Attunity data leak: Netflix, Ford, TD Bank data exposed by Open AWS Buckets

Not All MFA is Equal, and the Differences Matter a Lot

230K individuals impacted by a data breach suffered by Telco provider Tangerine

Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

New Version of Meduza Stealer Released in Dark Web

Ecuador’s Banco Pichincha has yet to recover after recent cyberattack

Millions of GoDaddy customer data compromised in breach

AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Experts warn of JinxLoader loader used to spread Formbook and XLoader

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

Toyota Financial Services discloses a data breach

VF Corp December data breach impacts 35 million customers

Data Breach at Britain JD Sports leaks 10 million customers

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

Law enforcement operation dismantled phishing-as-a-service platform LabHost

Microsoft warns of multi-stage AiTM phishing and BEC attacks

Morgan Stanley discloses data breach after the hack of a third-party vendor

Omicron-themed phishing attacks spread Dridex and taunt with funeral helpline

A TrickBot malware developer sentenced to 64 months in prison

Russian streaming platform Start discloses a data breach impacting 7.5M users

EnergyAustralia Electricity company discloses security breach

Security Affairs newsletter Round 377

Swarmshop – What goes around comes around: hackers leak other hackers’ data online

Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web

Stay Connected