Banking – Page 20 – WindowsTechs.com

What Capital One’s cybersecurity team did (and did not) get right

Posted on August 2, 2019 by Greg Otto

There was no months-old, unpatched Apache flaw. A S3 bucket wasn’t publicly accessible to anyone with an internet connection. There was no effort to hide what happened behind the company’s bug bounty program. When taken at face value, the Capital One breach looks awfully similar to other massive security failures that have made national news in the past few years. But while people fixate on the amount of information taken, there are some in cybersecurity circles that see a silver lining in the way the bank has handled the incident. Multiple security experts told CyberScoop that while the incident is clearly severe and there are still questions that need to be answered, actions taken by the Virginia-based bank — who did not respond to CyberScoop’s request for comment — prevented this breach from becoming another example of extreme corporate cybersecurity negligence. “While it’s tempting to knock Capital One for this […]

The post What Capital One’s cybersecurity team did (and did not) get right appeared first on CyberScoop.

Continue reading What Capital One’s cybersecurity team did (and did not) get right→

Capital One is a cautionary tale for companies rushing to embrace new tech

Posted on July 31, 2019 by Jeff Stone

Capital One always said it wasn’t like other banks. While other financial giants cautiously waded into their own digital transformations, Capital One’s leadership has sought to differentiate the $28 billion bank by investing in technology meant to modernize their business. The bank has increased its number of technology staffers to 9,000 today from 2,500 in 2011, assigning employees to software engineering, artificial intelligence and building a digital chatbot to automate reminders to customers about when their bills are due or flag unusually large restaurant tips in case they want to rescind them, Rob Alexander, the bank’s chief information officer told the Wall Street Journal last year. Capital One also was different for its use of Amazon Web Services, a rarity in the financial services industry where most corporate heavyweights simply don’t trust third-parties to store their financial data. At Capital One, the use of AWS was to serve as proof of […]

The post Capital One is a cautionary tale for companies rushing to embrace new tech appeared first on CyberScoop.

Continue reading Capital One is a cautionary tale for companies rushing to embrace new tech→

Capital One data breach: 106m customers affected; suspected hacker arrested

Posted on July 30, 2019 by Uzair Amir

By Uzair Amir
The hacker behind the breach (Paige Adele Thompson) has been arrested after they bragged about hacking Capital One.
This is a post from HackRead.com Read the original post: Capital One data breach: 106m customers affected; suspected hacke… Continue reading Capital One data breach: 106m customers affected; suspected hacker arrested→

Capital One announces massive data breach; lone suspect arrested in Seattle

Posted on July 29, 2019 by Greg Otto

Financial giant Capital One announced a large data breach Monday, with the company saying that one person accessed personal information of approximately 100 million people in the United States and 6 million in Canada who had applied for or are currently considered users of the company’s credit cards. Additionally, the FBI arrested a woman in Washington state who is suspected of hacking into the company to obtain that information. Paige A. Thompson was arrested Monday and appeared in federal court in Seattle. According to the complaint, Thompson allegedly took wide swaths of personal information from Capital One’s cloud storage instances on March 22 and March 23. The company stored the data taken by Thompson on Amazon Web Services. The company says this information included names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth and self-reported income. The information ranged from 2005 to early 2019. Additionally, Capital One […]

The post Capital One announces massive data breach; lone suspect arrested in Seattle appeared first on CyberScoop.

Continue reading Capital One announces massive data breach; lone suspect arrested in Seattle→

Grasshopper’s Judith Erwin leaps into innovation banking

Posted on July 8, 2019 by Gregg Schoenberg

In the years following the financial crisis, de novo bank activity in the US slowed to a trickle. But as memories fade, the economy expands and the potential of tech-powered financial services marches forward, entrepreneurs have once again been asking the question, “Should I start a bank?” And by bank, I’m not referring to a […] Continue reading Grasshopper’s Judith Erwin leaps into innovation banking→

$3 million hack of Bangladesh ATMs was by Russian group called Silence, researchers say

Posted on July 3, 2019 by Jeff Stone

A small Russian hacking group should be considered the main suspect in a bank heist of $3 million in Bangladesh, according to research published Wednesday. The group, which researchers are calling “Silence,” appears to have softened up access controls on Dutch Bangla Bank ATMs before money mules made a series of cash withdrawals ending on May 31, according to Group-IB, an international security vendor with headquarters in Singapore. Infrastructure used in the past by Silence hackers communicated with external IPs from Dutch Bangla Bank in the months prior to the cash extractions, Group-IB said. By abusing access to the banking system, Silence could have removed withdrawal limits on the ATMs. The money mules were caught on security cameras. Local law enforcement officials previously said the crooks might be connected with Lazarus Group, a cybercrime organization linked to North Korea, according to local news reports. Lazarus is the same hacking team that was blamed for trying to steal nearly $1 […]

The post $3 million hack of Bangladesh ATMs was by Russian group called Silence, researchers say appeared first on CyberScoop.

Continue reading $3 million hack of Bangladesh ATMs was by Russian group called Silence, researchers say→

When your apps are dormant, you become a more likely target for crooks

Posted on June 17, 2019 by Jeff Stone

If you have banking or e-commerce apps you haven’t opened in months, it’s a good time to make sure no one else is using them, either. Sixty-five percent of accounts that experience an account takeover attack — when an outsider logs in with a victim’s own username and password — have not been accessed by their true owner in more than 90 days, according to forthcoming research from DataVisor, a California-based startup specializing in fraud detection. When an account is dormant for awhile, it’s easier for a crook to use an unsophisticated method to get in, take what they want and get out before they’re caught. It typically works like this: Thieves gather usernames and passwords leaked in previous breaches of popular sites. Then they enter the information into automated tools, which submit those stolen credentials into dozens or hundreds of apps. Successful hits give attackers the means to steal money, use customer loyalty points or temporarily hijack […]

The post When your apps are dormant, you become a more likely target for crooks appeared first on CyberScoop.

Continue reading When your apps are dormant, you become a more likely target for crooks→

Colombian point-of-sale lender ADDI nabs $12.5 million from Andreessen Horowitz

Posted on June 11, 2019 by Jonathan Shieber

Andreessen Horowitz <3 Latin American startups.
Latin America is the only region outside of the U.S. where the venture firm is routinely investing capital, and it just made another commitment, doubling down on its early-stage support for the point-o… Continue reading Colombian point-of-sale lender ADDI nabs $12.5 million from Andreessen Horowitz→

Online shops fear 2FA at checkout will increase abandoned carts

Posted on June 10, 2019 by Lisa Vaas

A report says the EU will lose $64b per year once new 2FA rules go into effect, but we support Strong Customer Authentication (SCA) wholeheartedly. Continue reading Online shops fear 2FA at checkout will increase abandoned carts→

Bank heist with FIN7 traits went down while leaders were on the run, research suggests

Posted on June 4, 2019 by Jeff Stone

Digital thieves who spent more than two months lurking inside the networks of an Eastern European bank last year used the same techniques as the infamous cybercriminal gang known as FIN7 or Carbanak, according to new research. Romanian security vendor Bitdefender said Tuesday its researchers have uncovered new details about a bank heist in which hackers patiently collected employee credentials and other data meant to help them access banking data and control ATM networks. These findings coincide with previous researchers’ suggestion that FIN7 is a relatively large group made of perhaps a dozen individuals who have been able to weather law enforcement pressure while updating their hacking tactics. The 2018 breach at the bank, which Bitdefender declined to identify, occurred as international authorities were taking action against alleged members of FIN7, an organized crime group that threat intelligence researchers may have stolen $1 billion. The group carried out the attack detailed in […]

The post Bank heist with FIN7 traits went down while leaders were on the run, research suggests appeared first on CyberScoop.

Continue reading Bank heist with FIN7 traits went down while leaders were on the run, research suggests→