Corcow Trojan manipulates currency rates

Corcow Trojan manipulates currency rates

A Russian-language banking Trojan has been found manipulating the ruble-dollar exchange rate

Kaspersky confirms return of Carbanak and two more banking APT groups

Kaspersky confirms return of Carbanak and two more banking APT groups

Kaspersky has confirmed the return of Carbanak as Carbanak 2.0 and uncovered two more groups working in the same style: Metel and GCMAN.

Dyre Trojan almost dead after 'takedown' by the Russians

Dyre Trojan almost dead after 'takedown' by the Russians

The feared Dyre banking Trojan has been almost killed off, following a reported raid by the Russian authorities on a Moscow film distribution company last November.

Cybercriminals increasingly launching APT-style attacks against banks, finds Kaspersky

Cybercriminals increasingly launching APT-style attacks against banks, finds Kaspersky

Kaspersky Lab revealed that cybercrime organizations are increasingly stealing funds from banks by employing many of same Advanced Persistent Threat tools and tactics that previously were only attributable to nation-states.

FireEye nabs automation and orchestration firm Invotas

FireEye nabs automation and orchestration firm Invotas

FireEye Inc. acquired Invotas International Corp., a cybersecurity company that focuses on security automation and orchestration.

Major banks to roll out ATMs that use smartphones for authentication

Major banks to roll out ATMs that use smartphones for authentication

Bank of America, Wells Fargo and JPMorgan Chase have announced plans to roll out ATMs that take smartphones as well as ATM cards.

HSBC UK online banking operations disrupted by DDoS attack

HSBC UK online banking operations disrupted by DDoS attack

HSBC UK this morning was the target of a DDoS attack that flooded the financial institution's systems with manufactured traffic, much to the dismay of online banking customers who were unable to access and manage their accounts.

Data Privacy Day: Chip card adoption growing, but problems linger

Data Privacy Day: Chip card adoption growing, but problems linger

The roll out of the EMV cards last fall was expected to bring a new level of data security to American consumers and retailers, but depending upon whom one speaks the cards have either been a boon or a bust.

PayPal's business site vulnerable to remote code execution

PayPal's business site vulnerable to remote code execution

Michael Stepankin, also known as Artsploit, has disclosed a major vulnerability in PayPal's business site, allowing remote code execution.

E&Y: Cyberthreats the No. 2 driver of forensic data analytics deployments

E&Y: Cyberthreats the No. 2 driver of forensic data analytics deployments

Businesses are expanding their use of forensic data analytics (FDA) to investigate and combat fraud, especially as fears of cyberattacks and internal data threats spike, according to an Ernst & Young report.

Survey says: Data breaches in other industries will damage financial institutions

Survey says: Data breaches in other industries will damage financial institutions

Respondents to a new survey from FICO unanimously agreed: Data breaches this year in other industries will damage financial institutions.

Kaspersky detects surge in 'Asacub' mobile banking trojan attacks

Kaspersky detects surge in 'Asacub' mobile banking trojan attacks

What was once a low-threat, basic spyware trojan has evolved into very powerful banking malware capable of giving hackers near-total control over one's Android device, warned Kaspersky Lab yesterday.

Social engineering scam targets SMBs with trojans, report warns

Social engineering scam targets SMBs with trojans, report warns

A crude but dangerous email-based social engineering scam has been targeting small-to-medium-size businesses in the U.S., U.K. and India since early 2015, the Symantec Security Response blog warned today.

Watch out! Trojan Tinba is back and it's after your money

Watch out! Trojan Tinba is back and it's after your money

F5 Networks has found a variation of the financial trojan Tinba in the wild which is now going after banks in Asia. It's been dubbed Tinbapore in recognition of its origins.

HSBC error leads to potential exposure of customer PII

HSBC error leads to potential exposure of customer PII

HSBC bank is informing some of its customers that their personal information, including Social Security and various bank account numbers, may have been exposed to a third party.

Marijuana stock driven high, then dumped, by spam campaign

Marijuana stock driven high, then dumped, by spam campaign

Symantec is investigating a pump and dump stock spam campaign that used the long-lived W.32 Waledac botnet to target a marijuana farming company possibly generating thousands in illegal profits.

'Key member' of DD4BC arrested in international crackdown

'Key member' of DD4BC arrested in international crackdown

The cyber-extortionist gang DD4BC has reportedly suffered a blow as one of the group's key members was arrested and another detained this week in a worldwide crackdown.

SlemBunk trying to become a slam dunk banking trojan: FireEye

SlemBunk trying to become a slam dunk banking trojan: FireEye

The recently discovered mobile-banking trojan SlemBunk is proving more resilient than first thought and is actively being used in several on-going campaigns.

Payment card data attacks worry over half of UK and US businesses

Payment card data attacks worry over half of UK and US businesses

Well over half (60 percent) of US and 52 percent of UK enterprises feel that an attack on payment card data is likely or more than likely.

Eight arrested in eastern Europe over ATM malware attacks

Eight arrested in eastern Europe over ATM malware attacks

Europol has announced the takedown of an international criminal group believed to be behind a series of ATM malware attacks dating back to at least 2014.

UK high-street banks accused of "shockingly bad" online security

UK high-street banks accused of "shockingly bad" online security

Security you can bank on? Not quite, according to inquiries by Mike Kemp, co-founder of Xiphos Research, who found that outdated SSL security is the norm.

Quincy Credit Union hit by ATM skimming scam

Quincy Credit Union hit by ATM skimming scam

The Quincy Credit Union may have had up to 700 customers victimized by an ATM skimming scam that took place earlier this month.

Extradited Ukrainian indicted in cyber money laundering scheme

Extradited Ukrainian indicted in cyber money laundering scheme

Ukrainian national Viktor Chostak will face charges related to a 25-count indictment in a Charlotte, NC federal court after being extradited from Poland.

Morgan Stanley adviser sentenced for hacking firm's network

Morgan Stanley adviser sentenced for hacking firm's network

A former financial adviser at Morgan Stanley received a sentence of three year's probation for his illegal accessing of the firm's confidential client data.

Phishing campaign targets HSBC customers

Phishing campaign targets HSBC customers

Customers of HSBC are being sent phony emails "warning" them their account is locked.

Gyft resets some customer passwords following breach

Gyft resets some customer passwords following breach

Passwords have been reset for a number of Gyft users as a precaution after account data was reported for sale.

News Alert: Australian police raid home of alleged bitcoin creator

News Alert: Australian police raid home of alleged bitcoin creator

The mysterious founder of bitcoin may have been unmasked following a tip-off from a security researcher and an investigation by two separate media outlets.

A third of UK finance industry logins risks customer data

A third of UK finance industry logins risks customer data

Many industry personnel are not assigned unique login and password details resulting in the risk of customer's personal and financial data.

Survey: Americans come in second for cyber banking safety

Survey: Americans come in second for cyber banking safety

An ESET survey on online banking habits found that Americans could be more secure with our online banking.

Moody's: Cyber risks will impact credit ratings

Moody's: Cyber risks will impact credit ratings

Moody's will begin to place more weight on considerations related to cyber risks when issuing credit ratings, the agency announced in a report.

FDIC offers additional cybersecurity resources

FDIC offers additional cybersecurity resources

New online educational tools to assist bank executives in defending against cybercrime have been added to the website of the FDIC.

EU to expand controls on virtual currencies to fight terrorism

EU to expand controls on virtual currencies to fight terrorism

The EU is looking to crack down on anonymous currency exchanges that could be used by terrorist.

Blackstone CISO's remediation plan: Fix everything

Blackstone CISO's remediation plan: Fix everything

In an environment in which cyber professionals are overwhelmed by rapidly changing security threats, industry pros generally agree that a remediation plan must involve difficult decisions about the security issues that companies are willing to accept the risk rather than take action.

New banking malware variant ready to profit from holiday rush

A new variant of the notorious banking trojan Dyreza has been detected by researchers at Heimdal Security.

Despite intro of chips, credit card fraud still a risk, FBI

Despite intro of chips, credit card fraud still a risk, FBI

It's not the chip cards themselves but the slow adoption of the platform in the U.S. that is leaving consumers vulnerable to credit card fraud, an FBI representative said recently.

FireEye CEO blames losses on China cybertreaty, competitors dispute drop in China's hacking activities

Publicly listed FireEye Inc. missed its projected quarterly earnings and during an earnings call CEO Dave DeWalt attributed the disappointing results in part to the U.S.-China cybertreaty announced during Chinese President Xi Jinping's U.S. visit in September.

Financial agency warns of increased ransomware attacks

Financial agency warns of increased ransomware attacks

Regulatory agencies in the U.S. are increasingly concerned by ransomware attacks against financial institutions. The Federal Financial Institutions Examination Council (FFIEC) published a statement warning financial institutions of an uptick in the "frequency and severity of cyber attacks involving extortion."

JPMorgan Chase CSO reportedly reassigned following data breach

JPMorgan Chase CSO reportedly reassigned following data breach

JPMorgan Chase & Co.'s CSO Jim Cummings reportedly was reassigned to a new position within the bank following the company's major data breach this past year.

Banks warn Apple Pay users against storing family members' fingerprints on iPhones

Banks warn Apple Pay users against storing family members' fingerprints on iPhones

Banks are warning Apple Pay users against storing other people's fingerprints on their iPhones, with a threat that would void terms & conditions agreements.

Diebold creates iris-scanning ATM, no card required

Diebold creates iris-scanning ATM, no card required

A new ATM will be able to grant customers permission to withdraw money through a scan of their irises or a QR code on their smartphones.

Thales picks up Vormetric for $400M

Thales picks up Vormetric for $400M

Internet security specialist Thales has signed a definitive agreement to acquire the data security firm Vormetric for $400 million.

Trend Micro snaps up TippingPoint for $300M, integration plans ahead

Trend Micro snaps up TippingPoint for $300M, integration plans ahead

Trend Micro has inked a deal to acquire Hewlett-Packard's TippingPoint network security segment for about $300 million and will operate the unit independently with plans to eventually fully integrate it into the parent company at a later date.

Dow Jones targeted by Russian hackers for trading information

A group of Russian hackers are reported to have hacked Dow Jones & Co. servers in pursuit of embargoed market-moving information more than a year ago.

Zero-Day in Magento plug-in could allow attacker to steal data

Zero-Day in Magento plug-in could allow attacker to steal data

Zero-Day exploit in popular e-commerce platform Magento plug-in could allow attacker to steal payment card data.

Internet Crime Complaint Center builds on former FBI warning on EMV chip fraud

Internet Crime Complaint Center builds on former FBI warning on EMV chip fraud

The Internet Crime Complaint Center (IC3) issued a warning on Tuesday that reminded credit card users that the use of EMV chips doesn't prevent against fraud.

U.S. Marshals to auction about 44K Bitcoin seized from Silk Road founder

U.S. Marshals to auction about 44K Bitcoin seized from Silk Road founder

U.S. Marshals will auction about 44,341 Bitcoins that were seized from Silk Road operator Ross Ulbricht.

Banking Trojan targeting German PayPal users

Banking Trojan targeting German PayPal users

A vicious phishing attack is currently running rife in Germany targeting PayPal users, trying to get them to download what on the surface looks like the official PayPal app, but is actually a banking trojan.

Australian banks oppose bitcoin exchanges

Australian banks oppose bitcoin exchanges

Australian businesses are turning away from bitcoin since Australian banks made the move last month to close 13 of the country's 17 bitcoin exchanges' accounts.

Payment processing company tests facial recognition camera as fraud preventative

Payment processing company tests facial recognition camera as fraud preventative

Worldpay, a payment processing technology company, said it's researching using facial recognition in stores around the UK as a card fraud preventative measure.

Feds raid digital currency firm accused of swindling $32 million

Feds raid digital currency firm accused of swindling $32 million

Federal authorities raided the offices of a digital currency firm accused of swindling investors out of more than $32 million.

Only a matter of time before cyber-attack hits broader finance

Only a matter of time before cyber-attack hits broader finance

Ireland's Central Bank's deputy governor, Cyril Roux, has warned that it may only be a matter of time before a cyber-attack builds a problem that descends across the broader financial industry.

Shifu trojan now targeting U.K. banks

The banking trojan Shifu is targeting 18 banks and wealth management firms in the U.K.

First cyber-security fund floated on London Stock Exchange

First cyber-security fund floated on London Stock Exchange

The London Stock Exchange has floated a cyber-security Exchange Traded Fund (ETF) this week, marking the first time a fund of this kind has found its way on to the LSE.

Crypto-currency processor BitPay scammed out of 5000 bitcoins

Crypto-currency processor BitPay scammed out of 5000 bitcoins

A processor of crypto-currency has been the most recent victim in a massive hacking campaign which has seen the company lose 5000 bitcoins, currently valued at over a million pounds.

Banks team up to improve distributed/shared ledger technology

Banks team up to improve distributed/shared ledger technology

Nine financial institutions have formed an international coalition, in conjunction with the financial technology firm R3, to create and deliver advanced distributed/shared ledger technologies to global financial markets.

UK firms hit as Dridex criminals target 385 million emails

GCHQ has reportedly helped warn a large number of intended victims in UK-based banks, government agencies and other corporates being targeted with the Dridex Trojan.

IBM: CoreBot now ready for front line use as banking Trojan

IBM: CoreBot now ready for front line use as banking Trojan

IBM's X-Force research team has reported that the recently discovered CoreBot malware has lived up to its earlier warnings quickly transforming into a full-fledged banking Trojan that is active in the wild.

Barclays first bank to accept bitcoin

Barclays first bank to accept bitcoin

After conducting London-based tests on bitcoin, Barclays will let people begin to make charitable contributions using the virtual currency.

Dyre infections surge, variants spread through Windows exploit

Dyre infections surge, variants spread through Windows exploit

A pair of security firms observed an uptick in Dyre infections with new variants exploiting a vulnerability already patched by Microsoft.

NYSE provides additional info on recent trade-halting 'configuration issue'

NYSE provides additional info on recent trade-halting 'configuration issue'

NYSE began rolling out a software release, causing communication issues between customer gateways and trading units.

NYSE says trading halted due to 'technical issue,' not breach

NYSE says trading halted due to 'technical issue,' not breach

Reports indicated that trading in New York came to a half a little after 11:30 a.m.

More than 440K new Android malware strains found in Q1, study finds

More than 440K new Android malware strains found in Q1, study finds

Mobile malware jumped 6.4 percent from Q4 2015 to Q1 2015 with half of the malware being financially motivated, a G DATA study showed.

Firms track Dyre's rise to top financial malware threat

Firms track Dyre's rise to top financial malware threat

In the year following Gameover Zeus takedown efforts, Dyre has steadily emerged as the financial trojan of choice among cybercriminals.

Report: Security incidents in finance sector 300 percent more frequent than other industries

Report: Security incidents in finance sector 300 percent more frequent than other industries

Researchers with Websense said attackers target the financial services sector more than other industries for a simple reason: money.

Germany agrees to extradite Turkish hacker to U.S.

A Turkish man accused of stealing nearly $60 million in ATM heists and cyber attacks will be extradited to the U.S. after a custody battle.

49 arrested in Europe for phishing, MitM scheme that netted millions of euro

Europol arrested a total of 49 suspects Tuesday as the result of a joint investigation into a cybercrime gang that defrauded victims out of six million euro.

NYC man robbed at gunpoint for $1,100 in Bitcoin

A New York man was robbed at gunpoint for $1,100 worth of Bitcoin in a Craigslist deal gone bad.

Twin brothers arrested in Russia over suspected bank fraud operation

International law enforcement, with the help of security firm Group-IB, arrested alleged members of the criminal group in late May.

Information sharing at work

Information sharing at work

There's been quite a bit of lip service paid to the ages-old concept of information sharing, says Illena Armstrong, VP, editorial, SC Magazine..

Group arrested in Italy for fraud and money laundering in online scams

Italian Financial Police picked up more than 10 people who were purportedly part of an international criminal organization that laundered money from online scams.

Former GCHQ director tapped for Standard Chartered's risk committee

Former GCHQ director Sir Iain Lobban will be joining London-based Standard Chartered bank to prevent cybercrime.

RSA 2015: Experts talk investor interest in cybersecurity, regulatory changes on horizon

RSA 2015: Experts talk investor interest in cybersecurity, regulatory changes on horizon

An SEC commissioner's chief of staff and shareholder advocacy expert discussed complex disclosure expectations among investors.

Banking industry security protocol falters in third-party vendor contracts

Banking industry security protocol falters in third-party vendor contracts

The New York State Department of Financial Services issued an update on cyber security in the banking sector with concern to third-party service providers.

FighterPOS malware strikes over 100 terminals in Brazil, captures info for 22K cards

FighterPOS malware strikes over 100 terminals in Brazil, captures info for 22K cards

Trend Micro warns that the threat could spread, as the sole perpetrator of the attacks is selling the malware.

Banking threat Emotet expands target list, evades two-factor auth

Banking threat Emotet expands target list, evades two-factor auth

The malware, which is still spread through phishing emails, is now in its third iteration, Kaspersky Lab researchers revealed.

'NewPosThings' malware evolves, malicious traffic traced to airports

'NewPosThings' malware evolves, malicious traffic traced to airports

Trend Micro believes that point-of-sale malware attackers will increasingly target travelers.

Russia's FSB, Ministry of Internal Affairs tackle Tyupkin ATM threat

Russian authorities have ramped up efforts to locate criminals spreading ATM malware Tyupkin.

Federal Reserve Bank of New York creates cybersecurity team

Sarah Dahlgren, the New York Fed's head of supervision, announced that the bank had created a team dedicated to cybersecurity.

Fraudsters use Neverquest trojan to target Canadian banks

In this campaign, the banking trojan, also known as Vawtrak, was spread via drive-by download.

U.S. representatives form payment technology caucus

Members of the U.S. House of Representatives have announced that they have joined together to form a bipartisan caucus to investigate payment technologies.

New Dridex variant spotted in tax rebate phish

New Dridex variant spotted in tax rebate phish

The variant takes new measures to avoid VM detection, PhishMe researchers found

Infections caused by prevalent financial trojans dropped 53 percent last year

Infections caused by prevalent financial trojans dropped 53 percent last year

But the U.S. still remains the top country in detections, a Symantec report found.

Debate: The financial industry really is better at cybersecurity than other industries.

Experts debate whether the financial industry has a leg up in terms of their cybersecurity strategy when compared to other industries.

Analysts find link between POS malware and Carbanak gang

Trend Micro says attacks, where signed POS malware was used, are tied to the APT group Carbanak.

Neverquest botnet furthers crimeware-as-a-service biz for fraudsters

Neverquest botnet furthers crimeware-as-a-service biz for fraudsters

Neverquest, also known as Vawtrak, is data stealing malware that targets banking information.

Researchers present method to 'deanonymize' Bitcoin users

Researchers present method to 'deanonymize' Bitcoin users

Three researchers with the University of Luxembourg have generated a method to expose Bitcoin users that has the potential to work more than half of the time.

Financial institutions plan to spend billions more on security in coming years

PricewaterhouseCoopers surveyed more than 700 financial service companies and found that they plan to bulk up their cybersecurity efforts in the coming years.

Mobile fraud report notes reliance on OTPs as top concern

Mobile fraud report notes reliance on OTPs as top concern

One-time passwords (OTPs) sent via SMS are increasingly the target of Android malware, the report by Javelin revealed.

Cousin of Bugat trojan, 'Dridex,' spreads using macros

Cousin of Bugat trojan, 'Dridex,' spreads using macros

Trend Micro detailed the variant and attackers' delivery techniques.

Major banks team up to fund Soltra Edge threat sharing tool

FS-ISAC teamed up with the Depository Trust & Clearing Corp on the Soltra Edge platform which will deliver information on breaches and threats to the financial sector.

'Cash out' crew member sentenced to 21 months in prison

Robert Dubuc hacked into various financial accounts and used them to divest money to other accounts and buy pre-paid debit cards.

Hacker sentenced to 30 months in prison and $300k restitution

Hacker sentenced to 30 months in prison and $300k restitution

Lamar Taylor was sentenced in New Jersey this past week for allegedly participating in a cybercrime scheme that accounted for more than $15 million.

TD Bank reaches $850K breach settlement with states

The settlement brings some resolve to the 2012 breach, where the bank lost unencrypted backup tapes.

Hackers targeted Chase Corporate Challenge site to find infiltration route

The Corporate Challenge site was one of many avenues tested by persistent attackers, reports reveal.

JPMorgan hackers targeted 13 firms, including Fidelity, report reveals

Fidelity claims, however, that no customer data appears to have been stolen.

Bond insurer MBIA investigates potential breach of client data

MBIA says clients of its subsidiary, Cutwater Asset Management, were impacted.

ATM malware 'Tyupkin' found on over 50 machines in Europe, spreads to U.S.

ATM malware 'Tyupkin' found on over 50 machines in Europe, spreads to U.S.

The malware allowed criminals, with physical access to ATMs, to steal millions, Kaspersky revealed.

Report: After Chase disclosure, bank regulator rallies execs to shore up defenses

Report: After Chase disclosure, bank regulator rallies execs to shore up defenses

As the extent of the Chase breach surfaces, experts urge financial institutions to prepare for continued attacks or face impending consequences.

U.S. Bank ordered to refund $48M to customers

A Consumer Financial Protection Bureau campaign to curb deceptive banking activities has resulted in U.S. Bank being ordered to refund $48 million.

Citadel used in APT attacks against petrochemical firms

Citadel used in APT attacks against petrochemical firms

In an interesting twist, financial malware Citadel was used to infect firms outside of the finance sector via APT attacks, Trusteer found.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US