Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.
More than 12,000 messages have been sent to more than 400 companies as part of a phishing campaign targeting users of Bitcoin wallet Blockchain.info.
The National Bureau of Investigation (NBI) warned that the incident showcases the growing incidence of ATM skimming fraud.
The guidance is meant to help merchants and third parties better understand their roles and responsibilities in the payment security ecosystem.
Two hackers demonstrated how device vulnerabilities could allow attackers to access sensitive card data using multiple attack vectors.
Trusteer, an IBM company, said the new Citadel configuration was detected this month.
Symantec researchers found a new variant of the banking trojan.
On Tuesday, Trend Micro released a report detailing Operation Emmental, which targets victims in Austria, Switzerland, Sweden and Japan.
Bloomberg revealed that hackers used two zero-day flaws to breach NASDAQ's servers in 2010.
On Wednesday, Symantec released details on the malware's developed features.
Trusteer, an IBM company, revealed details on the bolware variants, which employ new tactics to manipulate web pages used for Boletos transactions.
Australia-based Bitcoins Reserve lost more than $62,000 after phishers began targeting bidders interested in the auction of 30,000 Bitcoins confiscated in the Silk Road takedown.
RSA has revealed the extent of bolware attacks in the country, which have remained a pervasive issue in the financial sector.
A point-of-sale and security systems vendor is notifying its customers, some of which are big restaurant chains, that its remote access service was breached.
The new Zeus variant employs AES-128 encryption as opposed to the older RC4 cipher used by other Zeus iterations.
Researchers with PhishLabs analyzed nearly 9,000 phishing kits and learned that financial groups and social networks are most targeted.
So far, the new variant has targeted 14 major banks in the country, Trusteer found.
After accessing operator mode on an ATM, two ninth graders in Canada promptly notified the machine's owner, the Bank of Montreal.
Chip technology can prevent criminals from producing counterfeit credit cards.
Researchers with IntelCrawler have uncovered "Nemanja," a point-of-sale malware that has infected nearly 1,500 devices and has compromised close to half a million payment cards.
Anyone needing cash in Poland soon will have access to ATMs that feature biometric security.
PhishLabs estimates that as many as 400 payment cards per day are compromised through the "vishing" attacks.
Nine men were sentenced this week, with the group's leader getting five-and-a-half years.
The bank also oversaw last year's "Waking Shark II" simulated cyber attacks throughout London.
According to the U.S. Government Accountability Office (GAO), SEC, among other lapses, failed to adequately oversee a contractor, which migrated its financial system to a new data center.
Disruption is expected; financial crime should be, too.
Jamie Dimon wrote that the bank will have spent more than $250 million annually by the end of the year on cyber security and faces increasingly complex and more dangerous" attacks.
The Federal Financial Institutions Examination Council (FFIEC) notified the industry on Wednesday.
Cryptocurrency mining malware has been discovered on DVRs that record footage taken by surveillance cameras.
The men, who are New York and Massachusetts residents, led "cash out" operations for an international scheme.
Coinbase responded to a researcher's claims that the San Francisco-based Bitcoin exchange is vulnerable to information disclosure, user enumeration, and lack of rate limitation for sending money requests.
Poor sales and a drop in income in the wake of a high-profile breach prompt Standards & Poor to downgrade Target's credit rating one level.
In a paper released on Wednesday, Swiss researchers suggest the transaction malleability Bitcoin flaw did not ruin Mt. Gox, despite what the Tokyo-based company announced.
At least two apps have been discovered on the official Google Play store that mine for cryptocurrencies, but overheating mobile devices and decreased performance may tip off Android users.
Similar to building a multi-layer security strategy for a business, before deciding what security controls should be implemented to protect Bitcoin transactions, we first need to identify the targets.
Criminals are using SMS messages to get cash out of ATMs, according to Symantec.
About 200,000 Mt. Gox Bitcoins have been recovered in an obsolete old-format wallet, bringing the total amount of the virtual currency allegedly pilfered down to 650,000 Bitcoins.
Researchers with FireEye have identified two phishing campaigns involving a remote administration tool known as WinSpy, that also comes packaged with an Android component known as GimmeRAT.
Three men on their way to scoring more than $15 million in a cyber crime scheme instead scored formal charges in New Jersey District Court for their alleged roles in the international conspiracy, according to an indictment.
Mt. Gox bankruptcy documents filed in the U.S. on Sunday refer to a Bitcoin flaw known as transaction malleability, which may have caused the Tokyo-based company to lose half a billion dollars in the virtual currency.
Massive distributed denial-of-service attacks plagued Mt. Gox in early February, not long before the former world's biggest Bitcoin exchange was hit by an alleged separate attack that bankrupted the company, according to a report.
Android users are tricked into installing a spurious "security" app, which allows fraudsters to bypass one-time password authentication for online banking.
An attempted intrusion is still being investigated, but Texas-based Sally Beauty has no evidence to suggest that 282,000 payment cards found in an online underground crime market were pilfered from the worldwide retailer.
On the same day that an attacker stole 896 bitcoins from Bitcoin bank Flexcoin, an individual allegedly posted the Mt. Gox code on Pastebin.
We've all been breached, but there are steps we can take to evolve the system, says security strategist Dan Srebnick.
From October 2012 to February 2013, Lauri Love allegedly worked with other hackers to steal and publicly distribute personal information housed on the Federal Reserve network.
Mt. Gox announced on Friday that it has filed for bankruptcy protection in Japan after hackers took advantage of weaknesses in its computer systems to purloin hundreds of thousands of bitcoins.
YouTube's ad network was compromised to host the Styx exploit kit, researchers found.
The malware is based on the leaked code of Zeus and RAM-scraping malware.
Officials are investigating an 11-minute video posted on YouTube that shows new information attackers may have obtained after hacking websites and internal systems belonging to Las Vegas Sands Corp.
The associations will explore options for improved information sharing and implementation of card security technology.
CERT Polska researchers have observed attackers using DNS redirection attacks - made possible due to vulnerabilities in home routers - to effectively access online banking accounts in Poland.
The San Francisco Airport - South San Francisco Embassy Suites hotel is notifying an undisclosed number of guests that their payment card information may be at risk after skimming devices were discovered on two computers.
At least 4,500 payment cards have been compromised in the United States and Canada by a new point-of-sale malware, JackPOS, that is based on Alina, according to researchers with cyber intelligence company IntelCrawler.
Researchers with cyber intelligence company IntelCrawler have discovered a new point-of-sale malware known as JackPOS, which is said to have code similar to the RAM-scraping POS malware known as Alina.
Target announced last week that hackers compromised its systems using credentials stolen from a third party vendor and, on Thursday, Fazio Mechanical confirmed that it was the victim of an attack.
Executives with Target and Neiman Marcus were among the individuals who testified before the Senate Judiciary Committee on Tuesday.
The Bank of England has released the results of Waking Shark II, a Nov. 12, 2013, four-hour simulated cyber attack in London involving hundreds of financial institutions that was designed to test the city's cyber security readiness.
The Gameover variant of the nefarious Zeus banking trojan has recently been observed sneaking past defenses as an encrypted EXE file, according to researchers with Malcovery.
White Lodging Services Corporation is investigating a suspected breach of its point-of-sale systems, the Indiana-based hotel management company announced on Monday.
The benefits of cryptocurrency for consumers are well known, but there are also some downsides that must be addressed.
A worldwide point-of-sale malware operation involving a relatively new trojan - called ChewBacca - has impacted dozens of retailers in the U.S., according to RSA researchers.
Stolen vendor credentials is what led to a massive malware attack on Target's point-of-sale machines, ultimately resulting in the theft of 40 million payment cards, among other information.
Apple CEO Tim Cook addressed using the Touch ID to expand the mobile payments market on Monday, a move that could allow consumers to make a wider variety of purchases by simply scanning a fingertip.
After Target and Neiman Marcus, Michaels Stores is the next in a line of U.S. retailers to reveal that it is investigating a possible security breach that may have resulted in the compromise of customer payment cards.
IntelCrawler concluded on Sunday that 23-year-old Rinat Shibaev - not 17-year-old Sergey Taraspov, as the company previously reported - is the writer of the malware that infected Target's point-of-sale systems.
At the border of U.S. and Mexico, two individuals were arrested in connection with the late-2013 Target breach.
The attack on Neiman Marcus point-of-sale systems dates back to July 2013 and the threat was not completely mitigated until Sunday, unnamed people briefed on the retailer's investigation told the New York Times.
The operation that likely led to the infection of Target's point-of-sale systems is known as KAPTOXA, according to a release by iSIGHT Partners.
Researchers with cyber intelligence company IntelCrawler have identified a new point-of-sale (POS) malware, known as 'Decebal,' available for purchase on underground forums.
Malware found on the payment systems of Neiman Marcus led to the compromise of card data for an undisclosed number of shoppers, but PIN data is not at risk because the retailer does not use PIN pads in its stores.
A class-action complaint was filed against Neiman Marcus in the Eastern District of New York on Monday, just days after the major retailer announced that an undisclosed number of payment cards may have been stolen in a breach.
Target CEO Gregg Steinhafel confirmed in a CNBC interview on Monday that malware introduced on point-of-sale devices is what enabled thieves to steal 40 million cards and other personal information.
In addition to an earlier revelation that 40M cards were pilfered, the PII of up to 70 million individuals was also stolen, according to a Friday statement by Target.
A group of individuals communicating in underground forums are attempting to decrypt a 50GB dump of Triple DES encrypted PIN numbers believed to have been acquired in the massive 2013 attack on retail giant Target.
At the annual Chaos Communication Congress on Friday, German researchers demonstrated a new malware attack against ATM machines.
Three senators have asked that a congressional hearing on consumer data security be held as soon as possible.
A payment processor that handles transactions for Target denied being impacted in an attack on the retail giant's point-of-sale devices.
Hundreds of thousands of gamblers who used credit and debit cards at casinos owned by Affinity Gaming may have had their accounts compromised in a potentially months-long attack on the company's payment systems.
Credit and debit cards and CVV codes stolen by hackers in the holiday Target breach have begun showing up in underground marketplaces.
Retail giant Target has yet to announce exactly how attackers compromised its point-of-sale devices, but researchers and security experts have already begun weighing in on the implications of such a colossal breach.
Unemployment insurance recipients in several states have been affected in a breach of JPMorgan Chase disclosed in early December.
The retailer announced that it had become the target of a more than two-week-long attack that may have compromised 40 million credit and debit cards.
Brazilian authorities removed the front of a sham ATM in São Paulo and uncovered the real one behind it, as well as a new take on a classic skimming operation.
The number of infected computers in the U.S. outpaced, by far, infections in other countries, a security firm found.
The Denmark Financial Supervisory Authority announced on Tuesday that virtual currency is not covered by existing financial regulations.
The botnet is reportedly behind the compromise of more than 20,000 payment cards in recent months.
After recently impacting banks in South Africa, the malware is now infecting point-of-sale systems throughout the globe, including those in the U.S., a security firm found.
Sheep Marketplace, an illicit drug bazaar available over the Tor network, shut down last weekend after millions in bitcoins were plundered from the website.
The system crash reportedly kept bank customers from withdrawing money from ATMs and from carrying out mobile and online transactions.
Like no other year before it, 2013 illustrated for the entire globe just how essential cyber security is to business endurance, economic durability and personal rights to privacy.
The Bitcoin community has banded together to offer a crowd-funded $10,000 bounty for whoever fixes a Mac OS X Bitcoin LevelDB data corruption issue.
Last week hackers stole 1,295 Bitcoins - more than a million dollars - from Denmark-based Bitcoin exchange BIPS.
Although it has yet to be discovered in the wild, researchers have uncovered a sneaky piece of financial malware, known as i2Ninja, being sold on a Russian cyber crime forum.
A penetration testing firm analyzed publicly reported compromises over the last 10 years.
Canada's banking regulator has issued a set of cyber security guidelines for financial institutions, warning that banks must be on the lookout for online fraudsters.
The planned event, called "Waking Shark II," marks the second year the city of London had participated in the security preparedness exercises.
Inputs.io was left unable to pay an undisclosed number of user balances after the free Bitcoin eWallet service was hacked on Thursday and relieved of 4,100 Bitcoin. That translates to about $1.1 million.
Four Romanian nationals have been arrested and charged with targeting ticket vending machines of MTA Long Island Rail Road in a classic skimming operation.
By early 2014, the alliance plans to release an open standard that would shrink users' dependency on password and PIN authentication.