Collaborate Disseminate
By Sudais
The malware campaign was discovered by Dr. Web detailing how hackers have been using Bolik banking trojan against unsuspected users. If there’s one reason for the distrust that consumers had in online marketplaces in the old days, it wa… Continue reading Hackers cloned NordVPN website to drop banking trojan
The European Central Bank (ECB), the central bank of the 19 European countries which have adopted the euro, has shut down a compromised website after it discovered that hackers had planted malware that stole information from newsletter subscribers.
Continue reading European Central Bank confirms website hack and data breach
There was no months-old, unpatched Apache flaw. A S3 bucket wasn’t publicly accessible to anyone with an internet connection. There was no effort to hide what happened behind the company’s bug bounty program. When taken at face value, the Capital One breach looks awfully similar to other massive security failures that have made national news in the past few years. But while people fixate on the amount of information taken, there are some in cybersecurity circles that see a silver lining in the way the bank has handled the incident. Multiple security experts told CyberScoop that while the incident is clearly severe and there are still questions that need to be answered, actions taken by the Virginia-based bank — who did not respond to CyberScoop’s request for comment — prevented this breach from becoming another example of extreme corporate cybersecurity negligence. “While it’s tempting to knock Capital One for this […]
The post What Capital One’s cybersecurity team did (and did not) get right appeared first on CyberScoop.
Continue reading What Capital One’s cybersecurity team did (and did not) get right
Capital One always said it wasn’t like other banks. While other financial giants cautiously waded into their own digital transformations, Capital One’s leadership has sought to differentiate the $28 billion bank by investing in technology meant to modernize their business. The bank has increased its number of technology staffers to 9,000 today from 2,500 in 2011, assigning employees to software engineering, artificial intelligence and building a digital chatbot to automate reminders to customers about when their bills are due or flag unusually large restaurant tips in case they want to rescind them, Rob Alexander, the bank’s chief information officer told the Wall Street Journal last year. Capital One also was different for its use of Amazon Web Services, a rarity in the financial services industry where most corporate heavyweights simply don’t trust third-parties to store their financial data. At Capital One, the use of AWS was to serve as proof of […]
The post Capital One is a cautionary tale for companies rushing to embrace new tech appeared first on CyberScoop.
Continue reading Capital One is a cautionary tale for companies rushing to embrace new tech
By Uzair Amir
The hacker behind the breach (Paige Adele Thompson) has been arrested after they bragged about hacking Capital One.
This is a post from HackRead.com Read the original post: Capital One data breach: 106m customers affected; suspected hacke… Continue reading Capital One data breach: 106m customers affected; suspected hacker arrested
Financial giant Capital One announced a large data breach Monday, with the company saying that one person accessed personal information of approximately 100 million people in the United States and 6 million in Canada who had applied for or are currently considered users of the company’s credit cards. Additionally, the FBI arrested a woman in Washington state who is suspected of hacking into the company to obtain that information. Paige A. Thompson was arrested Monday and appeared in federal court in Seattle. According to the complaint, Thompson allegedly took wide swaths of personal information from Capital One’s cloud storage instances on March 22 and March 23. The company stored the data taken by Thompson on Amazon Web Services. The company says this information included names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth and self-reported income. The information ranged from 2005 to early 2019. Additionally, Capital One […]
The post Capital One announces massive data breach; lone suspect arrested in Seattle appeared first on CyberScoop.
Continue reading Capital One announces massive data breach; lone suspect arrested in Seattle
In the years following the financial crisis, de novo bank activity in the US slowed to a trickle. But as memories fade, the economy expands and the potential of tech-powered financial services marches forward, entrepreneurs have once again been asking the question, “Should I start a bank?” And by bank, I’m not referring to a […] Continue reading Grasshopper’s Judith Erwin leaps into innovation banking
A small Russian hacking group should be considered the main suspect in a bank heist of $3 million in Bangladesh, according to research published Wednesday. The group, which researchers are calling “Silence,” appears to have softened up access controls on Dutch Bangla Bank ATMs before money mules made a series of cash withdrawals ending on May 31, according to Group-IB, an international security vendor with headquarters in Singapore. Infrastructure used in the past by Silence hackers communicated with external IPs from Dutch Bangla Bank in the months prior to the cash extractions, Group-IB said. By abusing access to the banking system, Silence could have removed withdrawal limits on the ATMs. The money mules were caught on security cameras. Local law enforcement officials previously said the crooks might be connected with Lazarus Group, a cybercrime organization linked to North Korea, according to local news reports. Lazarus is the same hacking team that was blamed for trying to steal nearly $1 […]
The post $3 million hack of Bangladesh ATMs was by Russian group called Silence, researchers say appeared first on CyberScoop.
If you have banking or e-commerce apps you haven’t opened in months, it’s a good time to make sure no one else is using them, either. Sixty-five percent of accounts that experience an account takeover attack — when an outsider logs in with a victim’s own username and password — have not been accessed by their true owner in more than 90 days, according to forthcoming research from DataVisor, a California-based startup specializing in fraud detection. When an account is dormant for awhile, it’s easier for a crook to use an unsophisticated method to get in, take what they want and get out before they’re caught. It typically works like this: Thieves gather usernames and passwords leaked in previous breaches of popular sites. Then they enter the information into automated tools, which submit those stolen credentials into dozens or hundreds of apps. Successful hits give attackers the means to steal money, use customer loyalty points or temporarily hijack […]
The post When your apps are dormant, you become a more likely target for crooks appeared first on CyberScoop.
Continue reading When your apps are dormant, you become a more likely target for crooks
Andreessen Horowitz <3 Latin American startups.
Latin America is the only region outside of the U.S. where the venture firm is routinely investing capital, and it just made another commitment, doubling down on its early-stage support for the point-o… Continue reading Colombian point-of-sale lender ADDI nabs $12.5 million from Andreessen Horowitz