New Fakext malware targets Latin American banks

Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges […]

The post New Fakext malware targets Latin American banks appeared first on Security Intelligence.

Continue reading New Fakext malware targets Latin American banks

New CHAVECLOAK Banking Trojan Targets Brazilians via Malicious PDFs

By Deeba Ahmed
The CHAVECLOAK banking Trojan employs PDFs, ZIP downloads, DLL sideloading, and deceptive pop-ups to target Brazil’s unsuspecting banking users financial sector. 
This is a post from HackRead.com Read the original post: New CHAVECLOAK Ba… Continue reading New CHAVECLOAK Banking Trojan Targets Brazilians via Malicious PDFs

Infosys Data Breach Impacts 57,000 Bank of America Customers

By Waqas
Bank of America customers participating in deferred compensation plans are the main victims of this data breach.
This is a post from HackRead.com Read the original post: Infosys Data Breach Impacts 57,000 Bank of America Customers
Continue reading Infosys Data Breach Impacts 57,000 Bank of America Customers

CFPB’s Proposed Data Rules

In October, the Consumer Financial Protection Bureau (CFPB) proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. The rules put control of that data back in the hands of ordinary Americans, while at the same time undermining the data broker economy and increasing customer choice and competition. Beyond these economic effects, the rules have important data security benefits.

The CFPB’s rules align with a key security idea: the decoupling principle. By separating which companies see what parts of our data, and in what contexts, we can gain control over data about ourselves (improving privacy) and harden cloud infrastructure against hacks (improving security). Officials at the CFPB have described the new rules as an attempt to accelerate a shift toward “open banking,” and after an initial comment period on the new rules closed late last year, Rohit Chopra, the CFPB’s director, …

Continue reading CFPB’s Proposed Data Rules

PixPirate: The Brazilian financial malware you can’t see

Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a […]

The post PixPirate: The Brazilian financial malware you can’t see appeared first on Security Intelligence.

Continue reading PixPirate: The Brazilian financial malware you can’t see

Unravelling Retirement Banking Scams and How To Protect Yourself

By Uzair Amir
In the labyrinth of financial scams, one of the most insidious is the retirement banking scam. Imagine a…
This is a post from HackRead.com Read the original post: Unravelling Retirement Banking Scams and How To Protect Yourself
Continue reading Unravelling Retirement Banking Scams and How To Protect Yourself

PIN-Stealing Android Malware

This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN:

The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication.

The malware captures any PINs and passwords the victim enters to unlock their device and can later use them to unlock the device at will to perform malicious activities hidden from view.

Continue reading PIN-Stealing Android Malware

Prison for man who wiped bank’s data after being fired for accessing porn in the office

A man has been sentenced to 24 months in prison after being found guilty of hacking into his former employer’s network, and causing substantial damage.

Read more in my article on the Hot for Security blog. Continue reading Prison for man who wiped bank’s data after being fired for accessing porn in the office

Sekoia: Latest in the Financial Sector Cyber Threat Landscape

Phishing, infostealer malware, ransomware, supply chain attacks, data breaches and crypto-related attacks are among the top evolving threats in the financial sector, says Sekoia. Continue reading Sekoia: Latest in the Financial Sector Cyber Threat Landscape

World’s biggest bank hit by ransomware, forced to trade via USB stick

The US trading arm of the Industrial and Commercial Bank of China (ICBC) has been hit by a ransomware attack that reportedly forced it to handle trades via messengers carrying USB thumb drives across Manhattan.

Read more in my article on the Hot for… Continue reading World’s biggest bank hit by ransomware, forced to trade via USB stick