Banking and Internet - Cyber Security Informer

China-based SMS Phishing Triad Pivots to Banks

Krebs on Security

APRIL 10, 2025

The site will then complain that the visitor’s bank needs to “verify” the transaction by sending a one-time code via SMS. In reality, the bank is sending that code to the mobile number on file for their customer because the fraudsters have just attempted to enroll that victim’s card details into a mobile wallet.

Phishing

Phishing Banking Mobile Retail

The Internet is Held Together With Spit & Baling Wire

Krebs on Security

NOVEMBER 26, 2021

A visualization of the Internet made using network routing data. Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. Image: Barrett Lyon, opte.org. Based in Monroe, La., Lumen Technologies Inc.

Internet

Internet Internet Authentication Telecommunications

Transacting in Person with Strangers from the Internet

Krebs on Security

SEPTEMBER 9, 2022

But when dealing with strangers from the Internet, there is always a risk that the person you’ve agreed to meet has other intentions. These safe trading places exist because sometimes in-person transactions from the Internet don’t end well for one or more parties involved. Nearly all U.S. Nearly all U.S.

Internet

Internet Internet Banking Surveillance

Cybercrime Rapper Sues Bank over Fraud Investigation

Krebs on Security

AUGUST 7, 2024

That story showed how Punchmade’s social media profiles promoted Punchmade-themed online stores selling bank account and payment card data. On June 26, Turner filed a pro se lawsuit against PNC Bank , alleging “unlawful discriminatory and tortuous action” after he was denied a wire transfer in the amount of $75,000.

Banking

Banking Cybercrime Accountability Retail

Crooks bank on Microsoft’s search engine to phish customers

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. One thing we noticed on the phishing page after the first screen, was a message claiming that the internet connection was poor. We have reported the fraudulent sites to Microsoft already.

Engineering

Engineering Phishing Banking Authentication

Zanubis in motion: Tracing the active evolution of the Android banking malware

SecureList

MAY 28, 2025

Introduction Zanubis is a banking Trojan for Android that emerged in mid-2022. Since its inception, it has targeted banks and financial entities in Peru, before expanding its objectives to virtual cards and crypto wallets. The malware operated as an overlay-based banking Trojan that abused Android’s accessibility service.

Banking

Banking Malware Energy and Utilities Encryption

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

BEARHOST prides itself on the ability to evade blocking by Spamhaus , an organization that many Internet service providers around the world rely on to help identify and block sources of malware and spam. Kaspersky did not respond to repeated requests for comment. It remains unclear why Kaspersky is providing transit to Prospero.

Malware

Malware Antivirus Software DDOS

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Krebs on Security

OCTOBER 17, 2024

Prosecutors say Anonymous Sudan offered a “Limited Internet Shutdown Package,” which would enable customers to shut down internet service providers in specified countries for $500 (USD) an hour. An indictment in the Central District of California notes the duo even swamped the websites of the FBI and the Department of State.

DDOS

DDOS Government Internet Internet

Threats in space (or rather, on Earth): internet-exposed GNSS receivers

SecureList

NOVEMBER 13, 2024

These systems are used for positioning, navigation and timing (PNT) by a wide range of industries: agriculture, finance, transportation, mobile communications, banking and others. Internet-exposed GNSS receivers and attacks on them In 2023, at least two black hat groups conducted multiple attacks against GNSS receivers.

Internet

Internet Internet Mobile Telecommunications

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

Krebs on Security

MAY 29, 2025

A graphic from the FBI explaining how Funnull generated a slew of new domains on a regular basis and mapped them to Internet addresses on U.S. cloud providers. What’s more, funneling their bad traffic so that it appears to be coming out of U.S.

Scams

Scams Internet Internet Cybercrime

Web 3.0 Requires Data Integrity

Schneier on Security

APRIL 3, 2025

The CIA triad has evolved with the Internet. the Internet of today. For example, the 5G communications revolution isn’t just about faster access to videos; it’s about Internet-connected things talking to other Internet-connected things without our intervention. The first iteration of the Web—Web 1.0

Artificial Intelligence

Artificial Intelligence Architecture Internet Internet

Android banking trojans: How they steal passwords and drain bank accounts

Malwarebytes

FEBRUARY 27, 2024

For the most popular operating system in the world—which is Android and it isn’t even a contest —there’s a sneaky cyberthreat that can empty out a person’s bank accounts to fill the illicit coffers of cybercriminals. What are Android banking trojans? Take the SharkBot banking trojan, which Malwarebytes detects and stops.

Banking

Banking Passwords Accountability Malware

Deepfake Video of Central Bank Governor and Journalist Promotes Fraudulent Investment Opportunity

Joseph Steinberg

SEPTEMBER 5, 2024

Reinesch and Zenners, the two people seen in the video, however, never discussed such a project, because the central bank has no so project; “the project” in question is nothing more than a scam created by criminals.

Banking

Banking Scams Artificial Intelligence Cryptocurrency

RSAC Fireside Chat: X9 PKI emerges to help financial sector interoperate, get ready for ‘Q-Day’

The Last Watchdog

APRIL 24, 2025

Related: PKI and the IoT cloud One quiet but consequential development now taking root in the financial sector could prove pivotal: the emergence of a dedicated Public Key Infrastructure (PKI) framework, tailored to banks and payment networks, guided by the Accredited Standards Committee X9 (ASC X9), and being rolled out by DigiCert.

Banking

Banking Internet Internet IoT

Ukraine’s cyber operation shut down the ATM services of major Russian banks

Security Affairs

JULY 27, 2024

Ukraine launched a massive cyber operation that shut down the ATM services of the biggest Russian banks on July 27, reported the Kyiv Post. Ukraine has launched a massive cyberattack against ATMs of Russian banks, the cyber operation began on July 23. reported the KyivPost.

Banking

Banking Mobile Hacking Internet

Benchmarks Q&A: What the finance sector’s new X9 PKI standard signals for other industries

The Last Watchdog

MAY 6, 2025

As organizations brace for the rising tide of machine identities and prepare for a post-quantum cryptographic era, a quiet but crucial shift is underway in the financial sector: the deployment of a new, private PKI standard designed specifically to meet bankings complex operational and compliance needs.

Healthcare

Healthcare Banking Internet Internet

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

Security Affairs

MAY 28, 2025

DomainTools noted that the fake Bitdefender site also overlaps in timing and infrastructure with other phishing domains impersonating banks and IT services, including sites used to steal logins for Microsoft and the Royal Bank of Canada. ” concludes the report that also provides Indicators of compromise.

Antivirus

Antivirus Malware Banking Passwords

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

OCTOBER 28, 2024

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. that provides voice, video, data, and Internet telecommunications to consumers in France. Free S.A.S. is a French telecommunications company, subsidiary of Iliad S.A. million IBAN details.

Cyber Attacks

Cyber Attacks Telecommunications Data breaches Banking

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. Bank customers. Bank customers.

Malware

Malware Banking Phishing DDOS

New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments

Krebs on Security

APRIL 10, 2020

Most who are eligible for payments can expect to have funds direct-deposited into the same bank accounts listed on previous years’ tax filings sometime next week. Today, the Internal Revenue Service (IRS) stood up a site to collect bank account information from the many Americans who don’t usually file a tax return.

Computers and Electronics

Computers and Electronics Banking Accountability Scams

Report: Recent 10x Increase in Cyberattacks on Ukraine

Krebs on Security

MARCH 11, 2022

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians.

DNS

DNS Internet Internet Phishing

A week in security (October 7 – October 13)

Malwarebytes

OCTOBER 14, 2024

Last week on Malwarebytes Labs: Modern TVs have “unprecedented capabilities for surveillance and manipulation,” group reveals Internet Archive suffers data breach and DDoS Google Search user interface: A/B testing shows security concerns remain AI girlfriend site breached, user fantasies stolen MoneyGram confirms customer data breach Exposing (..)

Data breaches

Data breaches Surveillance Insurance DDOS

Why Take9 Won’t Improve Cybersecurity

Schneier on Security

MAY 30, 2025

It’s a folk belief, all over the Internet but with no actual research behind it—like the five-second rule when you drop food on the floor. It presumes people have the cognitive tools to understand the myriad potential attacks and figure out which one of the thousands of Internet actions they take is harmful.

Cybersecurity

Cybersecurity Scams Security Awareness Phishing

What Damage Can Happen If Data Leaks When Quantum Computing Breaks Today’s Encryption

Joseph Steinberg

JANUARY 19, 2022

That’s right, the photos that you just sent your significant other over WhatsApp, the results of your recent bloodwork, and your bank statements that accessed over the weekend could all leak. People and organizations around the globe rely on encryption as the primary method of keeping data secure when transmitted across the Internet.

Encryption

Encryption Backups Banking Internet

Learning from Troy Hunt’s Sneaky Phish

Adam Shostack

APRIL 5, 2025

I do this for banks, and send them to a folder named for the bank. As an aside, the old internet of protocols meant people created new tools to interface with them as a matter of course. Maybe some jerk will see this, and think all of Adams custom addresses are vendor and three digits and says, hah, Ill send to all of those!

Phishing

Phishing Banking Internet Internet

Arrests in Tap-to-Pay Scheme Powered by Phishing

Krebs on Security

MARCH 21, 2025

The user simply waves their phone at a local payment terminal that accepts Apple or Google pay, and the app relays an NFC transaction over the Internet from a phone in China. A CBS News story on the Sacramento arrests said one of the suspects tried to use 42 separate bank cards, but that 32 were declined.

Phishing

Phishing Mobile Scams Banking

Is Your Computer Part of ‘The Largest Botnet Ever?’

Krebs on Security

MAY 29, 2024

.” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime. Cloud Router was previously called 911 S5.

VPN

VPN Government Cybercrime Internet

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Krebs on Security

MAY 16, 2020

A federal fraud investigator who spoke with KrebsOnSecurity on condition of anonymity said many states simply don’t have enough controls in place to detect patterns that might help better screen out fraudulent unemployment applications, such as looking for multiple applications involving the same Internet addresses and/or bank accounts.

Insurance

Insurance Banking Identity Theft Accountability

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

Krebs on Security

SEPTEMBER 16, 2021

man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. A jury in California today reached a guilty verdict in the trial of Matthew Gatrel , a St. Charles, Ill. The user interface for Downthem[.]org.

DDOS

DDOS DNS Internet Internet

Phone Farming for Ad Fraud

Schneier on Security

AUGUST 6, 2019

Interesting article on people using banks of smartphones to commit ad fraud for profit. No one knows how prevalent ad fraud is on the Internet. I believe it is surprisingly high -- here's an article that places losses between $6.5

Banking

Banking Internet Internet

Wire Fraud Scam Upgraded with Bitcoin

Schneier on Security

NOVEMBER 16, 2021

The FBI has issued a bulletin describing a bitcoin variant of a wire fraud scam : As the agency describes it, the scammer will contact their victim and somehow convince them that they need to send money, either with promises of love, further riches, or by impersonating an actual institution like a bank or utility company.

Scams

Scams Cryptocurrency Banking Internet

Cybersecurity Snapshot: WEF Offers AI Security Best Practices, as DORA Regulation Places Strict Cyber Rules on Banks

Security Boulevard

JANUARY 24, 2025

Plus, the EUs DORA cyber rules for banks go into effect. DORA establishes strict cybersecurity requirements for financial firms including banks , insurance companies and investment firms, as well as for third-parties that provide information and communications technology (ICT) products and services to financial sector organizations.

Banking

Banking Cybersecurity Ransomware Artificial Intelligence

Anker issues recall for popular power bank due to fire risk - stop using it now

Zero Day

JUNE 12, 2025

PT Anker/ZDNET The United States Consumer Product Safety Commission (CPSC) has issued a new recall for the Anker PowerCore 10000 power bank, model number A1263. "Anker has received 19 reports of fires and explosions" caused by its faulty power bank. Here's what you should do with yours.

Banking

Banking Risk Password Management Small Business

A Robot the Size of the World

Schneier on Security

DECEMBER 15, 2023

In 2016, I wrote about an Internet that affected the world in a direct, physical manner. This was the Internet of Things (IoT). The classical definition of a robot is something that senses, thinks, and acts—that’s today’s Internet. It was connected to your smartphone. It had actuators: Drones, autonomous cars.

Internet

Internet Internet IoT Banking

Treasury Sanctions Creators of 911 S5 Proxy Botnet

Krebs on Security

MAY 28, 2024

From 2015 to July 2022, 911 S5 sold access to hundreds of thousands of Microsoft Windows computers daily, as “proxies” that allowed customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States.

VPN

VPN Banking Cybercrime Internet

Scammer robs homebuyers of life savings in $20 million theft spree

Malwarebytes

NOVEMBER 14, 2024

As soon as the scammers spotted an email where someone was asked to make a payment as part of a real estate transaction, they would change the wiring instructions and let the victims deposit their payments into bank accounts associated with the criminals instead of the legitimate real estate transaction.

Accountability

Accountability Banking Internet Internet

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

Security Affairs

JANUARY 18, 2025

telecommunication and internet service providers. BeyondTrust provides Privileged Access Management and secure remote access, serving sectors like government, healthcare, banking, and energy. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co.,

Cybersecurity

Cybersecurity Telecommunications Government Healthcare

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

In the United States, when federal, state or local law enforcement agencies wish to obtain information about an account at a technology provider — such as the account’s email address, or what Internet addresses a specific cell phone account has used in the past — they must submit an official court-ordered warrant or subpoena.

Hacking

Hacking Accountability Government Social Engineering

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Krebs on Security

APRIL 4, 2023

” Customers could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stolen credentials. “You can buy a bot with a real fingerprint, access to e-mail, social networks, bank accounts, payment systems!,” Image: KrebsOnSecurity.

Marketing

Marketing Cybercrime Passwords Banking

Internet Safety Month: Keep Your Online Experience Safe and Secure

Webroot

MAY 31, 2024

What is Internet Safety Month? Each June, the online safety community observes Internet Safety Month as a time to reflect on our digital habits and ensure we’re taking the best precautions to stay safe online. Review your bank and credit card statements regularly for any unauthorized transactions.

Internet

Internet Internet Identity Theft Passwords

Tech CEO Pleads to Wire Fraud in IP Address Scheme

Krebs on Security

NOVEMBER 17, 2021

The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol (IP) addresses from the nonprofit organization that leases the digital real estate to entities in North America. ”

Internet

Internet Internet VPN Marketing

Webroot SecureAnywhere Internet Security Ranks #1 Among 8 Competitors for Overall Performance

Webroot

SEPTEMBER 17, 2024

” For this report, the company conducted objective testing of nine endpoint security products, including Webroot® SecureAnywhere Internet Security with Antivirus. The post Webroot SecureAnywhere Internet Security Ranks #1 Among 8 Competitors for Overall Performance appeared first on Webroot Blog. PassMark® Software Party, Ltd.

Internet

Internet Internet Antivirus Banking

Credit Union Sues Fintech Giant Fiserv Over Security Claims

Krebs on Security

MAY 3, 2019

The credit union said the investigation that fueled the lawsuit was prompted by a 2018 KrebsOnSecurity report about glaring security weaknesses in a Fiserv platform that exposed personal and financial details of customers across hundreds of bank Web sites. Brookfield, Wisc.-based billion in earnings last year.

Banking

Banking Accountability Passwords Technology

Warning over free online file converters that actually install malware

Malwarebytes

MARCH 17, 2025

Financial information, like your banking credentials and crypto wallets. Report it to the Internet Crime Complaint Center. Other passwords and session tokens that could allow the scammers to bypass multi-factor authentication (MFA). Email addresses. Work with them to take the necessary steps to protect your identity and your accounts.

Malware

Malware Adware Education Phishing

China-based SMS Phishing Triad Pivots to Banks

The Internet is Held Together With Spit & Baling Wire

Trending Sources

Transacting in Person with Strangers from the Internet

Cybercrime Rapper Sues Bank over Fraud Investigation

Crooks bank on Microsoft’s search engine to phish customers

Zanubis in motion: Tracing the active evolution of the Android banking malware

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Threats in space (or rather, on Earth): internet-exposed GNSS receivers

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

Web 3.0 Requires Data Integrity

Android banking trojans: How they steal passwords and drain bank accounts

Deepfake Video of Central Bank Governor and Journalist Promotes Fraudulent Investment Opportunity

RSAC Fireside Chat: X9 PKI emerges to help financial sector interoperate, get ready for ‘Q-Day’

Ukraine’s cyber operation shut down the ATM services of major Russian banks

Benchmarks Q&A: What the finance sector’s new X9 PKI standard signals for other industries

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

France’s second-largest telecoms provider Free suffered a cyber attack

Disneyland Malware Team: It’s a Puny World After All

New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments

Report: Recent 10x Increase in Cyberattacks on Ukraine

A week in security (October 7 – October 13)

Why Take9 Won’t Improve Cybersecurity

What Damage Can Happen If Data Leaks When Quantum Computing Breaks Today’s Encryption

Learning from Troy Hunt’s Sneaky Phish

Arrests in Tap-to-Pay Scheme Powered by Phishing

Is Your Computer Part of ‘The Largest Botnet Ever?’

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

Phone Farming for Ad Fraud

Wire Fraud Scam Upgraded with Bitcoin

Cybersecurity Snapshot: WEF Offers AI Security Best Practices, as DORA Regulation Places Strict Cyber Rules on Banks

Anker issues recall for popular power bank due to fire risk - stop using it now

A Robot the Size of the World

Treasury Sanctions Creators of 911 S5 Proxy Botnet

Scammer robs homebuyers of life savings in $20 million theft spree

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

FBI: Spike in Hacked Police Emails, Fake Subpoenas

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Internet Safety Month: Keep Your Online Experience Safe and Secure

Tech CEO Pleads to Wire Fraud in IP Address Scheme

Webroot SecureAnywhere Internet Security Ranks #1 Among 8 Competitors for Overall Performance

Credit Union Sues Fintech Giant Fiserv Over Security Claims

Warning over free online file converters that actually install malware

Stay Connected