Dyre infections surge, variants spread through Windows exploit

Dyre infections surge, variants spread through Windows exploit

A pair of security firms observed an uptick in Dyre infections with new variants exploiting a vulnerability already patched by Microsoft.

NYSE provides additional info on recent trade-halting 'configuration issue'

NYSE provides additional info on recent trade-halting 'configuration issue'

NYSE began rolling out a software release, causing communication issues between customer gateways and trading units.

NYSE says trading halted due to 'technical issue,' not breach

NYSE says trading halted due to 'technical issue,' not breach

Reports indicated that trading in New York came to a half a little after 11:30 a.m.

More than 440K new Android malware strains found in Q1, study finds

More than 440K new Android malware strains found in Q1, study finds

Mobile malware jumped 6.4 percent from Q4 2015 to Q1 2015 with half of the malware being financially motivated, a G DATA study showed.

Firms track Dyre's rise to top financial malware threat

Firms track Dyre's rise to top financial malware threat

In the year following Gameover Zeus takedown efforts, Dyre has steadily emerged as the financial trojan of choice among cybercriminals.

Report: Security incidents in finance sector 300 percent more frequent than other industries

Report: Security incidents in finance sector 300 percent more frequent than other industries

Researchers with Websense said attackers target the financial services sector more than other industries for a simple reason: money.

Germany agrees to extradite Turkish hacker to U.S.

A Turkish man accused of stealing nearly $60 million in ATM heists and cyber attacks will be extradited to the U.S. after a custody battle.

49 arrested in Europe for phishing, MitM scheme that netted millions of euro

Europol arrested a total of 49 suspects Tuesday as the result of a joint investigation into a cybercrime gang that defrauded victims out of six million euro.

NYC man robbed at gunpoint for $1,100 in Bitcoin

A New York man was robbed at gunpoint for $1,100 worth of Bitcoin in a Craigslist deal gone bad.

Twin brothers arrested in Russia over suspected bank fraud operation

International law enforcement, with the help of security firm Group-IB, arrested alleged members of the criminal group in late May.

Information sharing at work

Information sharing at work

There's been quite a bit of lip service paid to the ages-old concept of information sharing, says Illena Armstrong, VP, editorial, SC Magazine..

Group arrested in Italy for fraud and money laundering in online scams

Italian Financial Police picked up more than 10 people who were purportedly part of an international criminal organization that laundered money from online scams.

Former GCHQ director tapped for Standard Chartered's risk committee

Former GCHQ director Sir Iain Lobban will be joining London-based Standard Chartered bank to prevent cybercrime.

RSA 2015: Experts talk investor interest in cybersecurity, regulatory changes on horizon

RSA 2015: Experts talk investor interest in cybersecurity, regulatory changes on horizon

An SEC commissioner's chief of staff and shareholder advocacy expert discussed complex disclosure expectations among investors.

Banking industry security protocol falters in third-party vendor contracts

Banking industry security protocol falters in third-party vendor contracts

The New York State Department of Financial Services issued an update on cyber security in the banking sector with concern to third-party service providers.

FighterPOS malware strikes over 100 terminals in Brazil, captures info for 22K cards

FighterPOS malware strikes over 100 terminals in Brazil, captures info for 22K cards

Trend Micro warns that the threat could spread, as the sole perpetrator of the attacks is selling the malware.

Banking threat Emotet expands target list, evades two-factor auth

Banking threat Emotet expands target list, evades two-factor auth

The malware, which is still spread through phishing emails, is now in its third iteration, Kaspersky Lab researchers revealed.

'NewPosThings' malware evolves, malicious traffic traced to airports

'NewPosThings' malware evolves, malicious traffic traced to airports

Trend Micro believes that point-of-sale malware attackers will increasingly target travelers.

Russia's FSB, Ministry of Internal Affairs tackle Tyupkin ATM threat

Russian authorities have ramped up efforts to locate criminals spreading ATM malware Tyupkin.

Federal Reserve Bank of New York creates cybersecurity team

Sarah Dahlgren, the New York Fed's head of supervision, announced that the bank had created a team dedicated to cybersecurity.

Fraudsters use Neverquest trojan to target Canadian banks

In this campaign, the banking trojan, also known as Vawtrak, was spread via drive-by download.

U.S. representatives form payment technology caucus

Members of the U.S. House of Representatives have announced that they have joined together to form a bipartisan caucus to investigate payment technologies.

New Dridex variant spotted in tax rebate phish

New Dridex variant spotted in tax rebate phish

The variant takes new measures to avoid VM detection, PhishMe researchers found

Infections caused by prevalent financial trojans dropped 53 percent last year

Infections caused by prevalent financial trojans dropped 53 percent last year

But the U.S. still remains the top country in detections, a Symantec report found.

Debate: The financial industry really is better at cybersecurity than other industries.

Experts debate whether the financial industry has a leg up in terms of their cybersecurity strategy when compared to other industries.

Analysts find link between POS malware and Carbanak gang

Trend Micro says attacks, where signed POS malware was used, are tied to the APT group Carbanak.

Neverquest botnet furthers crimeware-as-a-service biz for fraudsters

Neverquest botnet furthers crimeware-as-a-service biz for fraudsters

Neverquest, also known as Vawtrak, is data stealing malware that targets banking information.

Researchers present method to 'deanonymize' Bitcoin users

Researchers present method to 'deanonymize' Bitcoin users

Three researchers with the University of Luxembourg have generated a method to expose Bitcoin users that has the potential to work more than half of the time.

Financial institutions plan to spend billions more on security in coming years

PricewaterhouseCoopers surveyed more than 700 financial service companies and found that they plan to bulk up their cybersecurity efforts in the coming years.

Mobile fraud report notes reliance on OTPs as top concern

Mobile fraud report notes reliance on OTPs as top concern

One-time passwords (OTPs) sent via SMS are increasingly the target of Android malware, the report by Javelin revealed.

Cousin of Bugat trojan, 'Dridex,' spreads using macros

Cousin of Bugat trojan, 'Dridex,' spreads using macros

Trend Micro detailed the variant and attackers' delivery techniques.

Major banks team up to fund Soltra Edge threat sharing tool

FS-ISAC teamed up with the Depository Trust & Clearing Corp on the Soltra Edge platform which will deliver information on breaches and threats to the financial sector.

'Cash out' crew member sentenced to 21 months in prison

Robert Dubuc hacked into various financial accounts and used them to divest money to other accounts and buy pre-paid debit cards.

Hacker sentenced to 30 months in prison and $300k restitution

Hacker sentenced to 30 months in prison and $300k restitution

Lamar Taylor was sentenced in New Jersey this past week for allegedly participating in a cybercrime scheme that accounted for more than $15 million.

TD Bank reaches $850K breach settlement with states

The settlement brings some resolve to the 2012 breach, where the bank lost unencrypted backup tapes.

Hackers targeted Chase Corporate Challenge site to find infiltration route

The Corporate Challenge site was one of many avenues tested by persistent attackers, reports reveal.

JPMorgan hackers targeted 13 firms, including Fidelity, report reveals

Fidelity claims, however, that no customer data appears to have been stolen.

Bond insurer MBIA investigates potential breach of client data

MBIA says clients of its subsidiary, Cutwater Asset Management, were impacted.

ATM malware 'Tyupkin' found on over 50 machines in Europe, spreads to U.S.

ATM malware 'Tyupkin' found on over 50 machines in Europe, spreads to U.S.

The malware allowed criminals, with physical access to ATMs, to steal millions, Kaspersky revealed.

Report: After Chase disclosure, bank regulator rallies execs to shore up defenses

Report: After Chase disclosure, bank regulator rallies execs to shore up defenses

As the extent of the Chase breach surfaces, experts urge financial institutions to prepare for continued attacks or face impending consequences.

U.S. Bank ordered to refund $48M to customers

A Consumer Financial Protection Bureau campaign to curb deceptive banking activities has resulted in U.S. Bank being ordered to refund $48 million.

Citadel used in APT attacks against petrochemical firms

Citadel used in APT attacks against petrochemical firms

In an interesting twist, financial malware Citadel was used to infect firms outside of the finance sector via APT attacks, Trusteer found.

Nigerian police search for ringleader in major bank heist

The suspect, Godswill Oyegwa Uyoyou, conspired with others to hack bank systems and divert 6.28 billion Naira to mule accounts.

JPMorgan Chase might struggle to patch vulnerabilities quickly enough

This summer's attack on the bank's network might have helped hackers detect subtle vulnerabilities they could exploit in the future.

Merchant Financial Cybersecurity Partnership hosts security summit

The "Cybersecurity: Protecting the Payments Systems" summit will encourage coordination between all cybersecurity and industry entities.

'KorBanker' steals SMS messages, takes authentication codes in the process

'KorBanker' steals SMS messages, takes authentication codes in the process

Android devices in Korea have primarily been impacted by the malware.

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Phishing campaign targeting users of Bitcoin wallet Blockchain.info

More than 12,000 messages have been sent to more than 400 companies as part of a phishing campaign targeting users of Bitcoin wallet Blockchain.info.

Skimming con drains pension of retired officer in Philippines

The National Bureau of Investigation (NBI) warned that the incident showcases the growing incidence of ATM skimming fraud.

PCI council releases third-party security assurance guidance

PCI council releases third-party security assurance guidance

The guidance is meant to help merchants and third parties better understand their roles and responsibilities in the payment security ecosystem.

Black Hat: Hackers execute code on mobile POS devices, play their version of Flappy Bird

Black Hat: Hackers execute code on mobile POS devices, play their version of Flappy Bird

Two hackers demonstrated how device vulnerabilities could allow attackers to access sensitive card data using multiple attack vectors.

Latest Citadel trick allows RDP access after malware's removal

Latest Citadel trick allows RDP access after malware's removal

Trusteer, an IBM company, said the new Citadel configuration was detected this month.

Neverquest trojan targets regional banks in Japan

Symantec researchers found a new variant of the banking trojan.

Op Emmental spoofs bank sites, uses Android malware to maintain account access

Op Emmental spoofs bank sites, uses Android malware to maintain account access

On Tuesday, Trend Micro released a report detailing Operation Emmental, which targets victims in Austria, Switzerland, Sweden and Japan.

Report: Zero-day attack used in 2010 NASDAQ breach

Bloomberg revealed that hackers used two zero-day flaws to breach NASDAQ's servers in 2010.

'Neverquest' banking trojan evolves as U.S. attacks continue

On Wednesday, Symantec released details on the malware's developed features.

Two new Boleto malware families discovered

Two new Boleto malware families discovered

Trusteer, an IBM company, revealed details on the bolware variants, which employ new tactics to manipulate web pages used for Boletos transactions.

Phishers target Silk Road Bitcoin bidders, more than $62K stolen from Australian firm

Australia-based Bitcoins Reserve lost more than $62,000 after phishers began targeting bidders interested in the auction of 30,000 Bitcoins confiscated in the Silk Road takedown.

Brazilian 'bolware' gang targeted $3.75B in transactions, RSA finds

Brazilian 'bolware' gang targeted $3.75B in transactions, RSA finds

RSA has revealed the extent of bolware attacks in the country, which have remained a pervasive issue in the financial sector.

POS vendor notifies restaurants of possible payment card breach

A point-of-sale and security systems vendor is notifying its customers, some of which are big restaurant chains, that its remote access service was breached.

'Lite Zeus' has fewer tricks, but updated encryption

'Lite Zeus' has fewer tricks, but updated encryption

The new Zeus variant employs AES-128 encryption as opposed to the older RC4 cipher used by other Zeus iterations.

Banks, payment services and social networks most targeted by phishing kits

Researchers with PhishLabs analyzed nearly 9,000 phishing kits and learned that financial groups and social networks are most targeted.

Zeus variant 'Maple' targets financial data of Canadian users

So far, the new variant has targeted 14 major banks in the country, Trusteer found.

Two 14-year-old students hack Bank of Montreal ATM during lunch break

After accessing operator mode on an ATM, two ninth graders in Canada promptly notified the machine's owner, the Bank of Montreal.

New tech can better protect

New tech can better protect

Chip technology can prevent criminals from producing counterfeit credit cards.

'Nemanja' POS malware compromises 1,500 devices, half a million payment cards, worldwide

'Nemanja' POS malware compromises 1,500 devices, half a million payment cards, worldwide

Researchers with IntelCrawler have uncovered "Nemanja," a point-of-sale malware that has infected nearly 1,500 devices and has compromised close to half a million payment cards.

ATMs with biometric access to be deployed in Poland

Anyone needing cash in Poland soon will have access to ATMs that feature biometric security.

Phishing campaign uses VoIP to target dozens of banks, steal card data

Phishing campaign uses VoIP to target dozens of banks, steal card data

PhishLabs estimates that as many as 400 payment cards per day are compromised through the "vishing" attacks.

Cyber gang that stole $2 million from Barclays sentenced to 24 years

Nine men were sentenced this week, with the group's leader getting five-and-a-half years.

Report: Bank of England to helm pen-testing effort for UK's finance sector

The bank also oversaw last year's "Waking Shark II" simulated cyber attacks throughout London.

Federal watchdog says SEC security issues put financial data at risk

Federal watchdog says SEC security issues put financial data at risk

According to the U.S. Government Accountability Office (GAO), SEC, among other lapses, failed to adequately oversee a contractor, which migrated its financial system to a new data center.

The cool factor: New tech in banking has an edge

The cool factor: New tech in banking has an edge

Disruption is expected; financial crime should be, too.

JPMorgan Chase CEO details company's cyber threats in annual letter

Jamie Dimon wrote that the bank will have spent more than $250 million annually by the end of the year on cyber security and faces increasingly complex and more dangerous" attacks.

Regulator alerts banks of mounting ATM attacks, DDoS threat

The Federal Financial Institutions Examination Council (FFIEC) notified the industry on Wednesday.

Cryptocurrency mining malware discovered on surveillance DVRs

Cryptocurrency mining malware discovered on surveillance DVRs

Cryptocurrency mining malware has been discovered on DVRs that record footage taken by surveillance cameras.

Two men plead guilty to role in worldwide hacking operation

Two men plead guilty to role in worldwide hacking operation

The men, who are New York and Massachusetts residents, led "cash out" operations for an international scheme.

Coinbase responds to information disclosure, user enumeration, other concerns

Coinbase responds to information disclosure, user enumeration, other concerns

Coinbase responded to a researcher's claims that the San Francisco-based Bitcoin exchange is vulnerable to information disclosure, user enumeration, and lack of rate limitation for sending money requests.

S&P lowers Target's credit rating following breach

Poor sales and a drop in income in the wake of a high-profile breach prompt Standards & Poor to downgrade Target's credit rating one level.

Experts suggest transaction malleability did not ruin Mt. Gox

Experts suggest transaction malleability did not ruin Mt. Gox

In a paper released on Wednesday, Swiss researchers suggest the transaction malleability Bitcoin flaw did not ruin Mt. Gox, despite what the Tokyo-based company announced.

Cryptocurrency-mining apps discovered on Google Play store

At least two apps have been discovered on the official Google Play store that mine for cryptocurrencies, but overheating mobile devices and decreased performance may tip off Android users.

Building security around Bitcoin

Building security around Bitcoin

Similar to building a multi-layer security strategy for a business, before deciding what security controls should be implemented to protect Bitcoin transactions, we first need to identify the targets.

Attackers get cash out of ATMs by sending SMS messages

Attackers get cash out of ATMs by sending SMS messages

Criminals are using SMS messages to get cash out of ATMs, according to Symantec.

About 200,000 Mt. Gox Bitcoins, $115 million, found in old-format wallet

About 200,000 Mt. Gox Bitcoins have been recovered in an obsolete old-format wallet, bringing the total amount of the virtual currency allegedly pilfered down to 650,000 Bitcoins.

$30 RAT, WinSpy, involved in two phishing campaigns

$30 RAT, WinSpy, involved in two phishing campaigns

Researchers with FireEye have identified two phishing campaigns involving a remote administration tool known as WinSpy, that also comes packaged with an Android component known as GimmeRAT.

Three fraudsters indicted for roles in global cyber crime scheme

Three fraudsters indicted for roles in global cyber crime scheme

Three men on their way to scoring more than $15 million in a cyber crime scheme instead scored formal charges in New Jersey District Court for their alleged roles in the international conspiracy, according to an indictment.

Transaction malleability Bitcoin flaw may have ruined Mt. Gox

Transaction malleability Bitcoin flaw may have ruined Mt. Gox

Mt. Gox bankruptcy documents filed in the U.S. on Sunday refer to a Bitcoin flaw known as transaction malleability, which may have caused the Tokyo-based company to lose half a billion dollars in the virtual currency.

Mt. Gox hit by DDoS attacks before massive theft, 150,000 per second

Mt. Gox hit by DDoS attacks before massive theft, 150,000 per second

Massive distributed denial-of-service attacks plagued Mt. Gox in early February, not long before the former world's biggest Bitcoin exchange was hit by an alleged separate attack that bankrupted the company, according to a report.

Zeus-in-the-mobile variant uses security firm's name to gain victims' trust

Zeus-in-the-mobile variant uses security firm's name to gain victims' trust

Android users are tricked into installing a spurious "security" app, which allows fraudsters to bypass one-time password authentication for online banking.

Sally Beauty investigates breach, no evidence of stolen payment cards

An attempted intrusion is still being investigated, but Texas-based Sally Beauty has no evidence to suggest that 282,000 payment cards found in an online underground crime market were pilfered from the worldwide retailer.

Flexcoin hacked, Mt. Gox code leaks, but Bitcoin demand still grows

Flexcoin hacked, Mt. Gox code leaks, but Bitcoin demand still grows

On the same day that an attacker stole 896 bitcoins from Bitcoin bank Flexcoin, an individual allegedly posted the Mt. Gox code on Pastebin.

Time for a charge card overhaul

Time for a charge card overhaul

We've all been breached, but there are steps we can take to evolve the system, says security strategist Dan Srebnick.

Man charged with using SQL injection to access Federal Reserve data

From October 2012 to February 2013, Lauri Love allegedly worked with other hackers to steal and publicly distribute personal information housed on the Federal Reserve network.

Tokyo-based Bitcoin exchange Mt. Gox files for bankruptcy protection

Mt. Gox announced on Friday that it has filed for bankruptcy protection in Japan after hackers took advantage of weaknesses in its computer systems to purloin hundreds of thousands of bitcoins.

Poisoned YouTube ads serve Caphaw banking trojan

Poisoned YouTube ads serve Caphaw banking trojan

YouTube's ad network was compromised to host the Styx exploit kit, researchers found.

Firm detects Zeus variant targeting POS terminals

Firm detects Zeus variant targeting POS terminals

The malware is based on the leaked code of Zeus and RAM-scraping malware.

Video shows more info was stolen in Las Vegas Sands attack

Officials are investigating an 11-minute video posted on YouTube that shows new information attackers may have obtained after hacking websites and internal systems belonging to Las Vegas Sands Corp.

Trade groups from finance, retail sectors team for security initiative

The associations will explore options for improved information sharing and implementation of card security technology.

Vulnerabilities in home routers used for compromising bank accounts

Vulnerabilities in home routers used for compromising bank accounts

CERT Polska researchers have observed attackers using DNS redirection attacks - made possible due to vulnerabilities in home routers - to effectively access online banking accounts in Poland.

Two skimming devices found on California hotel computers

The San Francisco Airport - South San Francisco Embassy Suites hotel is notifying an undisclosed number of guests that their payment card information may be at risk after skimming devices were discovered on two computers.

At least 4,500 payment cards compromised by JackPOS malware in U.S. and Canada

At least 4,500 payment cards compromised by JackPOS malware in U.S. and Canada

At least 4,500 payment cards have been compromised in the United States and Canada by a new point-of-sale malware, JackPOS, that is based on Alina, according to researchers with cyber intelligence company IntelCrawler.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US