Federal watchdog says SEC security issues put financial data at risk

Federal watchdog says SEC security issues put financial data at risk

According to the U.S. Government Accountability Office (GAO), SEC, among other lapses, failed to adequately oversee a contractor, which migrated its financial system to a new data center.

The cool factor: New tech in banking has an edge

The cool factor: New tech in banking has an edge

Disruption is expected; financial crime should be, too.

JPMorgan Chase CEO details company's cyber threats in annual letter

Jamie Dimon wrote that the bank will have spent more than $250 million annually by the end of the year on cyber security and faces increasingly complex and more dangerous" attacks.

Regulator alerts banks of mounting ATM attacks, DDoS threat

The Federal Financial Institutions Examination Council (FFIEC) notified the industry on Wednesday.

Cryptocurrency mining malware discovered on surveillance DVRs

Cryptocurrency mining malware discovered on surveillance DVRs

Cryptocurrency mining malware has been discovered on DVRs that record footage taken by surveillance cameras.

Two men plead guilty to role in worldwide hacking operation

Two men plead guilty to role in worldwide hacking operation

The men, who are New York and Massachusetts residents, led "cash out" operations for an international scheme.

Coinbase responds to information disclosure, user enumeration, other concerns

Coinbase responds to information disclosure, user enumeration, other concerns

Coinbase responded to a researcher's claims that the San Francisco-based Bitcoin exchange is vulnerable to information disclosure, user enumeration, and lack of rate limitation for sending money requests.

S&P lowers Target's credit rating following breach

Poor sales and a drop in income in the wake of a high-profile breach prompt Standards & Poor to downgrade Target's credit rating one level.

Experts suggest transaction malleability did not ruin Mt. Gox

Experts suggest transaction malleability did not ruin Mt. Gox

In a paper released on Wednesday, Swiss researchers suggest the transaction malleability Bitcoin flaw did not ruin Mt. Gox, despite what the Tokyo-based company announced.

Cryptocurrency-mining apps discovered on Google Play store

At least two apps have been discovered on the official Google Play store that mine for cryptocurrencies, but overheating mobile devices and decreased performance may tip off Android users.

Building security around Bitcoin

Building security around Bitcoin

Similar to building a multi-layer security strategy for a business, before deciding what security controls should be implemented to protect Bitcoin transactions, we first need to identify the targets.

Attackers get cash out of ATMs by sending SMS messages

Attackers get cash out of ATMs by sending SMS messages

Criminals are using SMS messages to get cash out of ATMs, according to Symantec.

About 200,000 Mt. Gox Bitcoins, $115 million, found in old-format wallet

About 200,000 Mt. Gox Bitcoins have been recovered in an obsolete old-format wallet, bringing the total amount of the virtual currency allegedly pilfered down to 650,000 Bitcoins.

$30 RAT, WinSpy, involved in two phishing campaigns

$30 RAT, WinSpy, involved in two phishing campaigns

Researchers with FireEye have identified two phishing campaigns involving a remote administration tool known as WinSpy, that also comes packaged with an Android component known as GimmeRAT.

Three fraudsters indicted for roles in global cyber crime scheme

Three fraudsters indicted for roles in global cyber crime scheme

Three men on their way to scoring more than $15 million in a cyber crime scheme instead scored formal charges in New Jersey District Court for their alleged roles in the international conspiracy, according to an indictment.

Transaction malleability Bitcoin flaw may have ruined Mt. Gox

Transaction malleability Bitcoin flaw may have ruined Mt. Gox

Mt. Gox bankruptcy documents filed in the U.S. on Sunday refer to a Bitcoin flaw known as transaction malleability, which may have caused the Tokyo-based company to lose half a billion dollars in the virtual currency.

Mt. Gox hit by DDoS attacks before massive theft, 150,000 per second

Mt. Gox hit by DDoS attacks before massive theft, 150,000 per second

Massive distributed denial-of-service attacks plagued Mt. Gox in early February, not long before the former world's biggest Bitcoin exchange was hit by an alleged separate attack that bankrupted the company, according to a report.

Zeus-in-the-mobile variant uses security firm's name to gain victims' trust

Zeus-in-the-mobile variant uses security firm's name to gain victims' trust

Android users are tricked into installing a spurious "security" app, which allows fraudsters to bypass one-time password authentication for online banking.

Sally Beauty investigates breach, no evidence of stolen payment cards

An attempted intrusion is still being investigated, but Texas-based Sally Beauty has no evidence to suggest that 282,000 payment cards found in an online underground crime market were pilfered from the worldwide retailer.

Flexcoin hacked, Mt. Gox code leaks, but Bitcoin demand still grows

Flexcoin hacked, Mt. Gox code leaks, but Bitcoin demand still grows

On the same day that an attacker stole 896 bitcoins from Bitcoin bank Flexcoin, an individual allegedly posted the Mt. Gox code on Pastebin.

Time for a charge card overhaul

Time for a charge card overhaul

We've all been breached, but there are steps we can take to evolve the system, says security strategist Dan Srebnick.

Man charged with using SQL injection to access Federal Reserve data

From October 2012 to February 2013, Lauri Love allegedly worked with other hackers to steal and publicly distribute personal information housed on the Federal Reserve network.

Tokyo-based Bitcoin exchange Mt. Gox files for bankruptcy protection

Mt. Gox announced on Friday that it has filed for bankruptcy protection in Japan after hackers took advantage of weaknesses in its computer systems to purloin hundreds of thousands of bitcoins.

Poisoned YouTube ads serve Caphaw banking trojan

Poisoned YouTube ads serve Caphaw banking trojan

YouTube's ad network was compromised to host the Styx exploit kit, researchers found.

Firm detects Zeus variant targeting POS terminals

Firm detects Zeus variant targeting POS terminals

The malware is based on the leaked code of Zeus and RAM-scraping malware.

Video shows more info was stolen in Las Vegas Sands attack

Officials are investigating an 11-minute video posted on YouTube that shows new information attackers may have obtained after hacking websites and internal systems belonging to Las Vegas Sands Corp.

Trade groups from finance, retail sectors team for security initiative

The associations will explore options for improved information sharing and implementation of card security technology.

Vulnerabilities in home routers used for compromising bank accounts

Vulnerabilities in home routers used for compromising bank accounts

CERT Polska researchers have observed attackers using DNS redirection attacks - made possible due to vulnerabilities in home routers - to effectively access online banking accounts in Poland.

Two skimming devices found on California hotel computers

The San Francisco Airport - South San Francisco Embassy Suites hotel is notifying an undisclosed number of guests that their payment card information may be at risk after skimming devices were discovered on two computers.

At least 4,500 payment cards compromised by JackPOS malware in U.S. and Canada

At least 4,500 payment cards compromised by JackPOS malware in U.S. and Canada

At least 4,500 payment cards have been compromised in the United States and Canada by a new point-of-sale malware, JackPOS, that is based on Alina, according to researchers with cyber intelligence company IntelCrawler.

Researchers discover new point-of-sale malware, JackPOS

Researchers with cyber intelligence company IntelCrawler have discovered a new point-of-sale malware known as JackPOS, which is said to have code similar to the RAM-scraping POS malware known as Alina.

Target vendor, Fazio Mechanical, confirms being victim of attack

Target vendor, Fazio Mechanical, confirms being victim of attack

Target announced last week that hackers compromised its systems using credentials stolen from a third party vendor and, on Thursday, Fazio Mechanical confirmed that it was the victim of an attack.

Retailers testify before Senate Judiciary Committee, push chip cards

Executives with Target and Neiman Marcus were among the individuals who testified before the Senate Judiciary Committee on Tuesday.

Report highlights results of Waking Shark II simulated cyber attack

The Bank of England has released the results of Waking Shark II, a Nov. 12, 2013, four-hour simulated cyber attack in London involving hundreds of financial institutions that was designed to test the city's cyber security readiness.

Gameover variant of Zeus trojan slips by security as encrypted file

Gameover variant of Zeus trojan slips by security as encrypted file

The Gameover variant of the nefarious Zeus banking trojan has recently been observed sneaking past defenses as an encrypted EXE file, according to researchers with Malcovery.

White Lodging investigates suspected nine-month-long POS attack

White Lodging Services Corporation is investigating a suspected breach of its point-of-sale systems, the Indiana-based hotel management company announced on Monday.

Bitcoin payments pose security challenges for brick and mortar merchants

The benefits of cryptocurrency for consumers are well known, but there are also some downsides that must be addressed.

Dozens of U.S. retailers impacted in global POS malware campaign

A worldwide point-of-sale malware operation involving a relatively new trojan - called ChewBacca - has impacted dozens of retailers in the U.S., according to RSA researchers.

Hackers accessed Target systems using stolen vendor credentials

Stolen vendor credentials is what led to a massive malware attack on Target's point-of-sale machines, ultimately resulting in the theft of 40 million payment cards, among other information.

Expanded Apple Touch ID payments can succeed, expert suggests

Expanded Apple Touch ID payments can succeed, expert suggests

Apple CEO Tim Cook addressed using the Touch ID to expand the mobile payments market on Monday, a move that could allow consumers to make a wider variety of purchases by simply scanning a fingertip.

Michaels Stores investigates possible payment card breach

After Target and Neiman Marcus, Michaels Stores is the next in a line of U.S. retailers to reveal that it is investigating a possible security breach that may have resulted in the compromise of customer payment cards.

Russian man claims he wrote Target POS malware as a security program

IntelCrawler concluded on Sunday that 23-year-old Rinat Shibaev - not 17-year-old Sergey Taraspov, as the company previously reported - is the writer of the malware that infected Target's point-of-sale systems.

Texas police arrest two in connection with Target breach

Texas police arrest two in connection with Target breach

At the border of U.S. and Mexico, two individuals were arrested in connection with the late-2013 Target breach.

Neiman Marcus breach dates back to July 2013, according to report

The attack on Neiman Marcus point-of-sale systems dates back to July 2013 and the threat was not completely mitigated until Sunday, unnamed people briefed on the retailer's investigation told the New York Times.

Report indicates KAPTOXA operation led to massive retailer breaches

Report indicates KAPTOXA operation led to massive retailer breaches

The operation that likely led to the infection of Target's point-of-sale systems is known as KAPTOXA, according to a release by iSIGHT Partners.

Researchers discover a point-of-sale malware written in VBScript

Researchers with cyber intelligence company IntelCrawler have identified a new point-of-sale (POS) malware, known as 'Decebal,' available for purchase on underground forums.

Neiman Marcus CEO says PIN data not accessed in card breach

Neiman Marcus CEO says PIN data not accessed in card breach

Malware found on the payment systems of Neiman Marcus led to the compromise of card data for an undisclosed number of shoppers, but PIN data is not at risk because the retailer does not use PIN pads in its stores.

Complaint filed against Neiman Marcus, slams breach response

A class-action complaint was filed against Neiman Marcus in the Eastern District of New York on Monday, just days after the major retailer announced that an undisclosed number of payment cards may have been stolen in a breach.

Target CEO confirms malware on POS machines, talks chip cards

Target CEO confirms malware on POS machines, talks chip cards

Target CEO Gregg Steinhafel confirmed in a CNBC interview on Monday that malware introduced on point-of-sale devices is what enabled thieves to steal 40 million cards and other personal information.

Separate info on 70M stolen in Target breach

Separate info on 70M stolen in Target breach

In addition to an earlier revelation that 40M cards were pilfered, the PII of up to 70 million individuals was also stolen, according to a Friday statement by Target.

Hackers seek to decrypt PIN codes likely stolen in Target breach

Hackers seek to decrypt PIN codes likely stolen in Target breach

A group of individuals communicating in underground forums are attempting to decrypt a 50GB dump of Triple DES encrypted PIN numbers believed to have been acquired in the massive 2013 attack on retail giant Target.

Crooks steal money from ATMs using USB drives, experts weigh in

At the annual Chaos Communication Congress on Friday, German researchers demonstrated a new malware attack against ATM machines.

In light of Target breach, senators push for hearing on consumer data security

Three senators have asked that a congressional hearing on consumer data security be held as soon as possible.

A Target payment processor denies being impacted in 40M card breach

A payment processor that handles transactions for Target denied being impacted in an attack on the retail giant's point-of-sale devices.

Hundreds of thousands of card numbers stolen in casino company breach

Hundreds of thousands of card numbers stolen in casino company breach

Hundreds of thousands of gamblers who used credit and debit cards at casinos owned by Affinity Gaming may have had their accounts compromised in a potentially months-long attack on the company's payment systems.

Cards pilfered in Target breach for sale in underground markets

Cards pilfered in Target breach for sale in underground markets

Credit and debit cards and CVV codes stolen by hackers in the holiday Target breach have begun showing up in underground marketplaces.

Experts discuss implications of massive Target breach

Retail giant Target has yet to announce exactly how attackers compromised its point-of-sale devices, but researchers and security experts have already begun weighing in on the implications of such a colossal breach.

Unemployment recipients hit hard in JPMorgan Chase breach

Unemployment insurance recipients in several states have been affected in a breach of JPMorgan Chase disclosed in early December.

POS attack enabled hackers to steal 40M card numbers from Target, researchers say

POS attack enabled hackers to steal 40M card numbers from Target, researchers say

The retailer announced that it had become the target of a more than two-week-long attack that may have compromised 40 million credit and debit cards.

Brazilian authorities discover real ATM behind fake one

Brazilian authorities removed the front of a sham ATM in São Paulo and uncovered the real one behind it, as well as a new take on a classic skimming operation.

Report: In 2013, more than one million U.S. computers were infected with banking trojans

The number of infected computers in the U.S. outpaced, by far, infections in other countries, a security firm found.

Virtual currency not covered by financial regulations in Denmark

The Denmark Financial Supervisory Authority announced on Tuesday that virtual currency is not covered by existing financial regulations.

POS botnet discovered using Dexter variant

The botnet is reportedly behind the compromise of more than 20,000 payment cards in recent months.

In new campaign, Dexter point-of-sale malware strikes U.S. and abroad

In new campaign, Dexter point-of-sale malware strikes U.S. and abroad

After recently impacting banks in South Africa, the malware is now infecting point-of-sale systems throughout the globe, including those in the U.S., a security firm found.

Bitcoin theft takes down narcotics bazaar, some claim inside job

Sheep Marketplace, an illicit drug bazaar available over the Tor network, shut down last weekend after millions in bitcoins were plundered from the website.

Funds of RBS customers unavailable during Cyber Monday glitch

The system crash reportedly kept bank customers from withdrawing money from ATMs and from carrying out mobile and online transactions.

In search of some cheer

In search of some cheer

Like no other year before it, 2013 illustrated for the entire globe just how essential cyber security is to business endurance, economic durability and personal rights to privacy.

Bitcoin community offers up $10K bug bounty

Bitcoin community offers up $10K bug bounty

The Bitcoin community has banded together to offer a crowd-funded $10,000 bounty for whoever fixes a Mac OS X Bitcoin LevelDB data corruption issue.

More than a million dollars in Bitcoins stolen by hackers

Last week hackers stole 1,295 Bitcoins - more than a million dollars - from Denmark-based Bitcoin exchange BIPS.

Financial malware 'i2Ninja' being sold on Russian cyber crime forum

Although it has yet to be discovered in the wild, researchers have uncovered a sneaky piece of financial malware, known as i2Ninja, being sold on a Russian cyber crime forum.

Firm highlights top site attacks on world's biggest banks

A penetration testing firm analyzed publicly reported compromises over the last 10 years.

Canada's banking regulator schools firms on cyber security

Canada's banking regulator has issued a set of cyber security guidelines for financial institutions, warning that banks must be on the lookout for online fraudsters.

Simulated attacks give London banks a trial run in readiness

The planned event, called "Waking Shark II," marks the second year the city of London had participated in the security preparedness exercises.

Hackers steal more than a million dollars worth of Bitcoin

Inputs.io was left unable to pay an undisclosed number of user balances after the free Bitcoin eWallet service was hacked on Thursday and relieved of 4,100 Bitcoin. That translates to about $1.1 million.

Thousands of cards compromised in classic skimming operation

Four Romanian nationals have been arrested and charged with targeting ticket vending machines of MTA Long Island Rail Road in a classic skimming operation.

MasterCard joins FIDO Alliance march to standardize biometric auth, other password alternatives

MasterCard joins FIDO Alliance march to standardize biometric auth, other password alternatives

By early 2014, the alliance plans to release an open standard that would shrink users' dependency on password and PIN authentication.

News briefs: The latest on major DDoS and phishing attacks, and more

News briefs: The latest on major DDoS and phishing attacks, and more

This month's new briefs include insight on the PCI Security Standards Council, DDoS attacks aimed at financial institutions, and more.

KVM device used in widening plot to steal from London banks

An attempted bank burglary has been linked to an April cyber heist on Barclays bank in London where £1.3 million was stolen.

Latest Shylock trojan campaign target dozens of banks

Though victims are primarily in Europe, the list of 24 financial institutions being targeted includes several U.S. banks.

Skimming made easier with hacked portable card payment machines

Skimming made easier with hacked portable card payment machines

Electronic skimming devices have been circulating for years with varied success, but modified portable and wireless point-of-sale devices are now making it easier than ever for crooks to steal card numbers.

Teenager busted for running botnet that stole $50,000 a month

A 19-year-old Argentinean man was arrested and charged with running a botnet that stole funds from gaming and money transfer sites.

Millions in Germany have data compromised in Vodafone hack

Authorities have identified an attacker suspected of carrying out a sophisticated hack against Vodafone Germany, compromising personal information for nearly two million of the mobile phone company's customers.

Banking trojan now circulating overseas could soon reach U.S.

Banking trojan now circulating overseas could soon reach U.S.

The Hesperbot trojan has been distributed via sophisticated phishing emails impacting online banking customers in the Czech Republic, Turkey and Portugal.

Fraudsters target "wire payment switch" at banks to steal millions

Fraudsters target "wire payment switch" at banks to steal millions

Criminals have begun targeting the central switch at banks that controls wire transfers to gain access to their choice of accounts, resulting in a far larger payoff than if they merely targeted individual accounts.

PCI Council previews changes to data security standards

PCI Council previews changes to data security standards

The council released a highlight of potential new requirements and guidance to the PCI Data Security Standard and Payment Application Data Security Standard, both due out in November.

"Hand of Thief" trojan sniffs out banking credentials of Linux users

Researchers at RSA expect the malware's developers to add a suite of features that in the near future will make it a "full-blown" banking trojan.

Citizens Bank alerts customers of "DDoS disruption"

Due to DDoS attacks, some customers may have trouble accessing their online accounts.

$1.5M cyber heist causes escrow firm to close its doors

$1.5M cyber heist causes escrow firm to close its doors

After attackers planted a remote access trojan on Calif.-based Efficient Services Escrow Group's systems, they carried out a cyber heist that led to the firm's shutdown.

Five charged in hacking corporate networks to steal 160M card numbers

Four Russians and a Ukrainian are charged for their role in the operation, which included help from Heartland and TJX hacker mastermind Albert Gonzalez, who began serving a 20-year prison sentence in 2010.

Banking trojan KINS resembles architecture of Zeus, targets Windows users

Fraudsters may take up a new banking trojan as a replacement for older financial malware like Zeus, SpyEye and the Citadel, RSA researchers say.

With Liberty Reserve shuttered, will Bitcoin take its place?

Security experts say the fledgling e-currency has its upsides for online trading, but the true extent of its payoff for online criminals is yet to be seen.

New Citadel variant won't be lost in translation

Saboteurs have included HMTL injection scripts in the trojan, which shows fake web pages in various languages depending on the victims' location.

Criminals sell access to rooted servers via online shop

Criminals sell access to rooted servers via online shop

The store for black market buyers and sellers, discovered by AlienVault Labs, is a prime example of the continued commercialization of online crime rings.

Carberp source code for sale, extending availability of banking trojan

Now that the cat is out of the bag, members of the Carberp gang may be looking to move on to a new business, researchers say.

SC Congress Toronto: Nation continues as growing breeding ground for malware

The incidence of hosting phishing sites has decreased over the past year, but attackers still are finding Canada to be fertile ground to launch attacks, according to an annual report by Websense.

Police arrest "Mattfeuter" site operators, break up $200M carder racket

The alleged leaders were based in Vietnam, but sold card credit data of victims throughout the world.

"Beta Bot" marks the latest banking malware to hit the online underground

The developer of the trojan, which includes rootkit functionality, is still adding features to the malware to make it more attractive to buyers.

Indian computer authorities to investigate what led to $45 million ATM heist

Security experts hope information gleaned by this probe into two affected processors could protect others in the financial industry.

Feds: $45M drained from bank accounts in international cyber heist

Feds: $45M drained from bank accounts in international cyber heist

For their role in a brazen heist, eight New York-area individuals are accused of withdrawing around $2 million in one day from hacked prepaid debit card accounts. Globally, the crime ring was responsible for stealing around $45 million.

New Ramnit variant seeks to evade two-factor authentication

The trojan carries out a one-time password scam. Researchers who studied the new malware strain, affecting U.K. bank customers, said they are fascinated by the attention to detail the fraudsters applied to the ruse.

Sign up to our newsletters

POLL