The botnet is reportedly behind the compromise of more than 20,000 payment cards in recent months.
After recently impacting banks in South Africa, the malware is now infecting point-of-sale systems throughout the globe, including those in the U.S., a security firm found.
Sheep Marketplace, an illicit drug bazaar available over the Tor network, shut down last weekend after millions in bitcoins were plundered from the website.
The system crash reportedly kept bank customers from withdrawing money from ATMs and from carrying out mobile and online transactions.
Like no other year before it, 2013 illustrated for the entire globe just how essential cyber security is to business endurance, economic durability and personal rights to privacy.
The Bitcoin community has banded together to offer a crowd-funded $10,000 bounty for whoever fixes a Mac OS X Bitcoin LevelDB data corruption issue.
Last week hackers stole 1,295 Bitcoins - more than a million dollars - from Denmark-based Bitcoin exchange BIPS.
Although it has yet to be discovered in the wild, researchers have uncovered a sneaky piece of financial malware, known as i2Ninja, being sold on a Russian cyber crime forum.
A penetration testing firm analyzed publicly reported compromises over the last 10 years.
Canada's banking regulator has issued a set of cyber security guidelines for financial institutions, warning that banks must be on the lookout for online fraudsters.
The planned event, called "Waking Shark II," marks the second year the city of London had participated in the security preparedness exercises.
Inputs.io was left unable to pay an undisclosed number of user balances after the free Bitcoin eWallet service was hacked on Thursday and relieved of 4,100 Bitcoin. That translates to about $1.1 million.
Four Romanian nationals have been arrested and charged with targeting ticket vending machines of MTA Long Island Rail Road in a classic skimming operation.
By early 2014, the alliance plans to release an open standard that would shrink users' dependency on password and PIN authentication.
This month's new briefs include insight on the PCI Security Standards Council, DDoS attacks aimed at financial institutions, and more.
An attempted bank burglary has been linked to an April cyber heist on Barclays bank in London where £1.3 million was stolen.
Though victims are primarily in Europe, the list of 24 financial institutions being targeted includes several U.S. banks.
Electronic skimming devices have been circulating for years with varied success, but modified portable and wireless point-of-sale devices are now making it easier than ever for crooks to steal card numbers.
A 19-year-old Argentinean man was arrested and charged with running a botnet that stole funds from gaming and money transfer sites.
Authorities have identified an attacker suspected of carrying out a sophisticated hack against Vodafone Germany, compromising personal information for nearly two million of the mobile phone company's customers.
The Hesperbot trojan has been distributed via sophisticated phishing emails impacting online banking customers in the Czech Republic, Turkey and Portugal.
Criminals have begun targeting the central switch at banks that controls wire transfers to gain access to their choice of accounts, resulting in a far larger payoff than if they merely targeted individual accounts.
The council released a highlight of potential new requirements and guidance to the PCI Data Security Standard and Payment Application Data Security Standard, both due out in November.
Researchers at RSA expect the malware's developers to add a suite of features that in the near future will make it a "full-blown" banking trojan.
Due to DDoS attacks, some customers may have trouble accessing their online accounts.
After attackers planted a remote access trojan on Calif.-based Efficient Services Escrow Group's systems, they carried out a cyber heist that led to the firm's shutdown.
Four Russians and a Ukrainian are charged for their role in the operation, which included help from Heartland and TJX hacker mastermind Albert Gonzalez, who began serving a 20-year prison sentence in 2010.
Fraudsters may take up a new banking trojan as a replacement for older financial malware like Zeus, SpyEye and the Citadel, RSA researchers say.
Security experts say the fledgling e-currency has its upsides for online trading, but the true extent of its payoff for online criminals is yet to be seen.
Saboteurs have included HMTL injection scripts in the trojan, which shows fake web pages in various languages depending on the victims' location.
The store for black market buyers and sellers, discovered by AlienVault Labs, is a prime example of the continued commercialization of online crime rings.
Now that the cat is out of the bag, members of the Carberp gang may be looking to move on to a new business, researchers say.
The incidence of hosting phishing sites has decreased over the past year, but attackers still are finding Canada to be fertile ground to launch attacks, according to an annual report by Websense.
The alleged leaders were based in Vietnam, but sold card credit data of victims throughout the world.
The developer of the trojan, which includes rootkit functionality, is still adding features to the malware to make it more attractive to buyers.
Security experts hope information gleaned by this probe into two affected processors could protect others in the financial industry.
For their role in a brazen heist, eight New York-area individuals are accused of withdrawing around $2 million in one day from hacked prepaid debit card accounts. Globally, the crime ring was responsible for stealing around $45 million.
The trojan carries out a one-time password scam. Researchers who studied the new malware strain, affecting U.K. bank customers, said they are fascinated by the attention to detail the fraudsters applied to the ruse.
Despite the arrests of Gozi ringleaders, the banking trojan still persists and is behind thousands of new infections in the United States.
Law enforcement in Russian and Ukraine have dealt a major blow to a prolific banking malware operation.
Finance companies should adopt an approach of least privilege, which takes into account security and productivity by granting users only the rights necessary to carry out their jobs.
A representative of JPMorgan Chase has confirmed the website of the banking giant suffered a distributed denial-of-service attack Tuesday.
A group of hackers is dissatisfied with efforts to remove an anti-Muslim video from YouTube.
Two men have been indicted in Manhattan on charges they operated a nationwide ATM skimming ring that defrauded bank customers out of more than $3 million, the U.S. attorney's office has announced.
A hacktivist group said Tuesday it has suspended its online barrage against dozens of U.S. banks after one of the highest-viewed YouTube videos of "Innocence of Muslims" came down.
Financial institutions under the FFIEC's jurisdiction have 60 days to comment on proposed guidance designed to ensure they are managing their risk when using social media.
Gozi's creator, Nikita Kuzmin, pleaded guilty to computer intrusion and fraud charges, which could mean 95 years in prison.
Results from a new survey reveal that financial institutions are becoming more successful at reducing fraudulent transactions, as banks improve their protocols and technology and customers become more security conscious.
DDoS attacks against financial institutions in the U.S. may continue unless an anti-Muslim film is pulled offline, hacktivists allege. But a New York Times report said Iran is actually behind the bank website disruptions.
A hacktivist group claims it already has launched the second phase of DDoS strikes against U.S. banks.
The Office of the Comptroller of the Currency offered best practices and a compliance reminder for banks seeking to guard against DDoS attacks, which often signal that a bigger problem is happening behind the scenes.
An information-gathering trojan has successfully compromised servers at a number of U.S. financial institutions, according to researchers at security firm Symantec.
RSA researchers believe individuals behind the Carberp botnet are taking advantage of an opening in the marketplace, left by the withdrawing Citadel network.
McAfee has released new findings that incline its researchers to believe the trojan will be a "credible threat" for banks next year.
Judges now may be more apt to take side of small and midsize businesses, not their banks, thanks to a settlement that will allow a small Maine developer to recoup some of its losses from an account takeover.
The latest strain of banking trojan Shylock invokes a new method to circumvent the prying eyes of security researchers.
Comparable to the United States' Automated Clearing House (ACH) electronic payment system, SEPA is now being targeted by fraudsters looking for new ways to extort money.
Fraudsters tampered with the point-of-sales devices at a number of locations to steal customers' debit and credit card information.
The latest Citadel version allows botmasters to more easily deliver instructions to computers under their control.
Security researchers at RSA warned Thursday that a sophisticated plan is being hatched online to raid the bank accounts of customers at some 30 banks in the United States.
Atlanta-based payment processor Global Payments expects to take a hit of another $55 to $65 million related to a data breach it sustained earlier this year.
A new round of DDoS attacks against U.S. financial institutions are underway this week, and they may be related to an anti-Muslim film trailer that has sparked worldwide outrage.
An online collective citing opposition to banks and the arrests of fellow hacktivists has published one million stolen records.
A Chicago woman with roots in Nigeria was sentenced this week to 30 months in prison for playing a key role in extracting cash from the bank accounts of individuals whose prepaid payroll information was stolen in a massive 2008 breach.
Breached payment processor Global Payments announced Thursday that it has completed its investigation into the incident, and determined the clean-up and response will cost $84.4 million.
In a major victory for organizations that have sustained massive losses due to unauthorized transactions made by hackers, an appellate court has ruled in favor of a Maine construction company against its bank.
A jury in New Jersey has found a Georgia man guilty for his role in a fraud ring that cost financial companies some $1.5 million.
According to an amended complaint filed last week in U.S. District Court in Brooklyn, Microsoft has named two defendants in its Zeus civil lawsuit who previously were listed as "John Does." They currently are in prison.
Variants of the SpyEye and Zeus toolkits are being used in a global fraud ring to evade multifactor authentication and raid high-balance accounts.
A new attack method, automatic transfer system (ATS), is being used in conjunction with popular crimeware kits to create "man-in-the-browser" assaults on bank accounts.
Financially minded cyber criminals are attempting to hijack corporate bank accounts at increasing rates, but they are finding less luck in actually getting money out of them, a new study shows.
While Global Payments investigated the breach of its North American processing system, it turned up another intrusion, this one impacting merchants.
Fourteen people from South Florida have been charged in connection to a bank fraud ring in which the accounts of unsuspecting customers were accessed to transfer money.
A group of six has been charged in the latest scam to defraud bank customers through the use of skimming devices, a trend that has seen a noticeable uptick in arrests and prosecutions over the past year.
Traditional mafia groups are entering the cyber crime scene in Russia, which is leading to more centralization and professionalization -- and bigger profits.
A third defendant accused of participating in an ATM skimming spree that hit banks in Connecticut, Massachusetts and Rhode Island has pleaded guilty.
Visa is advising its customers to be wary of phone scams in which fraudsters request their credit card information under the guise that they need it for "security reasons" in light of the major data breach that affected Global Payments, according to a Tuesday alert from Visa.
Global Payments, a major credit card processor based in Atlanta, is off Visa's approved list after it confirmed it was breached of some 1.5 million card numbers. The incident, however, is still shrouded in some mystery.
A 33-year-old Maryland man on Friday was sentenced to 5 1/2 years in prison for participating in an identity theft and credit card skimming scheme, according to the U.S. attorney's office in Alexandria, Va.
Banking trojan Zeus and its related families, which have looted a number of small and midsize businesses to the tune of millions, may be partially crippled after the latest Microsoft botnet enforcement effort.
Two men have been charged with applying a new take on ATM skimming fraud -- placing the data-stealing device on the card reader at the door, not on the actual cash machine.
The EMV standard, widely considered an effective way to curb counterfeit card fraud because it requires a microchip to be embedded in a credit or debit card or on a mobile device, is gradually picking up steam in the U.S.
The federal Securities and Exchange Commission has charged a Latvian man with participating in a scheme that manipulated the value of more than 100 New York Stock Exchange and Nasdaq stocks.
Visa has issued best practices that detail how retailers, card issuers and processors can upgrade their credit card transaction technology to a chip-based model, so to avoid burdensome complexity, cost and time to market.
A Romanian citizen, with an expired U.S. visa, has been arrested on charges of serving as the "installer" of skimming devices on some 40 ATMs in the New York City area.
A 21-year-old Connecticut woman on Tuesday pleaded guilty to participating in an ATM skimming operation between February and July, the U.S. attorney's office in Connecticut said.
The defendants were part of a coordinated operation that resulted in the theft of more than $2 million from JP Morgan Chase Bank, TD Bank, Citibank, Discover and American Express.
After more than two years of litigation, a U.S. District judge has dismissed nine of the 10 causes of action brought forth as part of a class-action lawsuit by nine banks.
A former bank executive has been sentenced to 33 months in prison for committing 84 fraudulent wire transfers that deposited $673,000 of UBS Securities funds into his personal accounts.
Two of the three men accused of swiping the debit card credentials of 1,490 ATM users in Manhattan remain behind bars. The other defendant is at large.
Attackers have been circulating a trojan via email messages with subjects such as "ACH payroll payment was not accepted by Central Trust and Savings Bank."
Cybercriminals typically ramp up their phishing efforts during the holiday season and following natural disasters, according to the American Bankers Association.
While TD Ameritrade maintains that no identity theft resulted because of a 2007 breach, it has decided to compensate customers "in the interest of helping ease" their concerns.
A couple from New York state is seeking class-action status for a lawsuit against Citigroup, alleging that the third-largest U.S. bank has "taken no steps" to protect victims in the wake of a massive data breach, according to reports. Citi admitted in June that 360,083 accounts - about 1.5 percent of its card customer base - were compromised in the attack, in which hackers infiltrated the online banking platform, Citi Account Online, and viewed customer account numbers and contact information.The plaintiffs, Kristina and Steven Orman of Northport, N.Y., filed the suit on Friday in response to fraudsters allegedly charging their credit cards and stealing money from their bank accounts.
The organized structure of a huge identity theft operation, based in New York, allowed members to make millions in profits.
A senior analyst at Countrywide Financial was ordered to pay $1.2 million in restitution after pleading guilty to his role in a scam to steal personal data of customers.
Despite fresh guidance and quicker fraud detection, the FBI actively is investigating more than 400 cases of corporate bank account takeovers, an official told federal lawmakers last week. Gordon Snow, the FBI's assistant director of the cyber division, told a House Financial Services subcommittee that these cases, in which criminals initiate unauthorized Automated Clearing House and wire transfers from seized accounts belonging to mostly small and midsize businesses, have resulted in the attempted theft of more than $225 million and actual losses of around $85 million. In his remarks, Snow also discussed risks related to ATM skimming, mobile banking and supply chain compromise.
Microsoft has introduced a "fairly major" update to its Malicious Software Removal Tool to detect and kill infections of the insidious and constantly morphing data-stealing malware family known as Zbot, or Zeus. Since the software giant first added detection for Zeus last October, hundreds of thousands of Windows PCs have been expunged of the threat, prominent in banking and e-commerce fraud. But as Zeus, which recently merged code bases with SpyEye, continues to acquire advanced evasion capabilities, Microsoft has had to fight "sneakiness with sneakiness," according to a blog post on Wednesday. The company introduced the update as part of its monthly security patches, released on Tuesday.
Researchers at Trend Micro say they have been hot on the tracks of a corporate hacker, and now they are turning over their findings to U.S. law enforcement.
As attackers have found a way to break traditional online banking security controls, recently issued guidelines offer some new advice for financial institutions.