Collaborate Disseminate
A report says the EU will lose $64b per year once new 2FA rules go into effect, but we support Strong Customer Authentication (SCA) wholeheartedly. Continue reading Online shops fear 2FA at checkout will increase abandoned carts
Digital thieves who spent more than two months lurking inside the networks of an Eastern European bank last year used the same techniques as the infamous cybercriminal gang known as FIN7 or Carbanak, according to new research. Romanian security vendor Bitdefender said Tuesday its researchers have uncovered new details about a bank heist in which hackers patiently collected employee credentials and other data meant to help them access banking data and control ATM networks. These findings coincide with previous researchers’ suggestion that FIN7 is a relatively large group made of perhaps a dozen individuals who have been able to weather law enforcement pressure while updating their hacking tactics. The 2018 breach at the bank, which Bitdefender declined to identify, occurred as international authorities were taking action against alleged members of FIN7, an organized crime group that threat intelligence researchers may have stolen $1 billion. The group carried out the attack detailed in […]
The post Bank heist with FIN7 traits went down while leaders were on the run, research suggests appeared first on CyberScoop.
OpenFin, the company looking to provide the operating system for the financial services industry, has raised $17 million in funding through a Series C round led by Wells Fargo, with participation from Barclays and existing investors including Bain Capital Ventures, J.P. Morgan and Pivot Investment Partners. Previous investors in OpenFin also include DRW Venture Capital, […] Continue reading OpenFin raises $17 million for its OS for finance
A Pennsylvania credit union has sued fintech giant Fiserv for allegedly failing to address persistent vulnerabilities in the platform that powers its banking websites and online applications. In a lawsuit filed Friday, Bessemer System Federal Credit Union said that the web platform maintained by Fiserv, is “plagued with security vulnerabilities that affect the privacy of thousands of Bessemer’s members.” Those vulnerabilities were “based on baffling and amateurish security lapses,” the document alleges. The complaint describes Wisconsin-based Fiserv’s technology as the “lifeblood of Bessemer” in that it is used to run the website, generate statements and track deposits. But now, the credit union says it’s ditching Fiserv, a Fortune 500 company that says it has some 12,000 clients in over 80 countries. “To protect the credit union’s members, the credit union is replacing its core processing vendor and will be taking appropriate legal action against the vendor,” said Charles Nerko, a […]
The post Fintech giant Fiserv sued by Pa. credit union for ‘baffling security lapses’ appeared first on CyberScoop.
Continue reading Fintech giant Fiserv sued by Pa. credit union for ‘baffling security lapses’
The malware is behind billions in banking and credit-card losses. Continue reading Carbanak Source Code Unveils a Startlingly Complex Malware
During my recent conversation with Peter Kraus, which was supposed to be focused on Aperture and its launch of the Aperture New World Opportunities Fund, I couldn’t help veering off into tangents about the market in general. Below is Kraus’ take on the availability of alpha generation, the Fed, inflation vs. Amazon, housing, the cross-ownership […] Continue reading Peter Kraus dishes on the market
A new strain of malicious software affecting Android devices is capable of phishing credentials and automating bank transactions for more than 100 banks and 32 virtual currency apps, according to new research from security firm Group-IB. The malware, dubbed Gustuff, is aimed at top international banks including Bank of America, Wells Fargo, Chase, Capital One, and others, researchers found. It also is designed to steal from cryptocurrency apps like Bitcoin Wallet and Coinbase, and can phish usernames and passwords from PayPal, Western Union, Walmart, eBay and WhatsApp, according to researchers at Group-IB. The hacking tool infects victims with a text message, tricking them to provide access to the Android Accessibility function. That service enables Android phones to take action by default, such as increasing the size of an icon or reading text out loud. Once inside, Gustuff is then able to siphon funds from payment software called Automatic Transfer Service. Gustuff has been available on […]
The post Gustuff malware can steal from banking apps, then spread via contact lists appeared first on CyberScoop.
Continue reading Gustuff malware can steal from banking apps, then spread via contact lists
Atlanta-based Movius, a company that allows companies to assign a separate business number for voice calls and texting to any phone, today announced that it has raised a $45 million Series D round led by JPMorgan Chase, with participation from existing investors PointGuard Ventures, New Enterprise Associates and Anschutz Investment company. With this, the company […] Continue reading Movius raises $45M for its business communications service
A United Nations panel is corroborating threat intelligence that cybersecurity researchers have long reported: North Korea is using its formidable cyber capabilities to raise money in the face of sanctions. North Korean government-sponsored cyberattacks on financial institutions to illegally transfer funds “have become an important tool in the evasion of sanctions and have grown in sophistication and scale since 2016,” says the U.N. panel report, which was published late Monday. The report chronicles North Korea’s alleged attempts to circumvent sanctions using multiple methods, but the panel is increasingly taking note of the role of cyber operations in that endeavor. Hackers stole at least $882 million from cryptocurrency exchanges in 2017 and 2018, the report stated. Successful attacks on the Coincheck, Bitgrail and Zaif exchanges netted $534 million, $170 million and $60 million, respectively, according to the U.N. The panel also pinned the 2016 theft of $81 million from Bangladesh Bank on North […]
The post UN report accuses North Korea of hacking banks and crypto exchanges appeared first on CyberScoop.
Continue reading UN report accuses North Korea of hacking banks and crypto exchanges
A spike in payment-card fraud in Pakistan over the past six months now appears to involve a possible breach of at least one bank’s internal systems, according to researchers with New York-based threat intelligence company Gemini Advisory. Previous reports — including research by Moscow-based cybersecurity company Group-IB — had noted two major dumps of Pakistani payment-card data on the dark web market Joker’s Stash in October and November, as well as further sales in January of this year. Gemini Advisory says it now appears that the card-information dumps point to a more aggressive level of hacking beyond point-of-sale attacks. “While fraudsters generally acquire card and PIN data with card skimmers and cameras or overlays, the January 24 and January 30, 2019 breach included such data in large quantities pertaining to a single bank – Meezan Bank Ltd.,” Gemini Advisory says. “Gemini analysts therefore assess with moderate confidence that the compromised records posted […]
The post Latest Pakistan bank-card fraud looks like an actual breach, researchers say appeared first on CyberScoop.
Continue reading Latest Pakistan bank-card fraud looks like an actual breach, researchers say