Collaborate Disseminate
Short overview of year’s key events, analysis of forecasts for 2019 and our predictions about cyberthreats to financial institutions in 2020 Continue reading Cyberthreats to financial institutions 2020: Overview and predictions
Cybercriminals have gone on a spree in Brazil’s hospitality industry, infecting the networks of hotels and tourism companies with malware that steals credit card data, according to researchers at Kaspersky. All told, the hackers have struck hospitality organizations in eight states across Brazil, and 20 hotels in that country and others around the world, Kaspersky said last week. Active since 2015, the hackers have stepped up their activity this year. They are brazenly selling access to hotel networks they’ve breached to whoever is buying. Some Brazilian criminals tout the extracted credit card data “as high quality and reliable” because it came from a hotel administration system, the researchers wrote in a blog post. The breaches often begin with spearphishing emails in fluent Portuguese to hotel employees. Once clicked, the emails open up malware capable of capturing data that flows downstream during the reservation process from popular sites like Booking.com. The findings underscore Brazil’s longstanding struggles […]
The post For criminal hackers, Brazilian hotel networks appear to be easy targets appeared first on CyberScoop.
Continue reading For criminal hackers, Brazilian hotel networks appear to be easy targets
1.3 million stolen cards, mostly from India, could fetch $130 million for the cybercrooks. Continue reading Joker’s Stash Drops Largest-Ever Credit Card Cache on Dark Web
A database containing roughly 1.3 million credit and debit card numbers belonging primarily to Indian bank customers was uploaded this week to Joker’s Stash, an online market specializing in stolen personal data, according to new findings by security researchers. Group-IB, in a statement e-mailed Tuesday to CyberScoop, said the database was uploaded Oct. 28, and is worth more than $130 million, the equivalent value of roughly one dollar per record. Ninety-eight percent of the files belong to Indian banks, while 1% originate with a Colombian entity. Group-IB did not name any of the banks affected, victims included in the database or speculate on who may have uploaded the information. This addition of credit card information came just days after researchers determined that Joker’s Stash is growing. Over its four-year lifespan, the illicit card shop has become a dumping ground for financial information stolen from organizations like Hy-Vee, Sonic Drive-In and others. Now, […]
The post Scammers just posted 1.3 million payment card numbers on Joker’s Stash, a market for ID theft appeared first on CyberScoop.
Last week, when the popular payments startup Stripe made some waves with its first move into money lending through the launch of Stripe Capital, we reported that the company was also soon going to be launching a credit card. Now, that news is official. Today, the company is doubling down on financing with the launch […] Continue reading Payments giant Stripe debuts a credit card in its latest step into the financing fray
Last week, when the popular payments startup Stripe made some waves with its first move into money lending through the launch of Stripe Capital, we reported that the company was also soon going to be launching a credit card. Now, that news is official. Today, the company is doubling down on financing with the launch […] Continue reading Payments giant Stripe debuts a credit card in its latest step into the financing fray
There was no months-old, unpatched Apache flaw. A S3 bucket wasn’t publicly accessible to anyone with an internet connection. There was no effort to hide what happened behind the company’s bug bounty program. When taken at face value, the Capital One breach looks awfully similar to other massive security failures that have made national news in the past few years. But while people fixate on the amount of information taken, there are some in cybersecurity circles that see a silver lining in the way the bank has handled the incident. Multiple security experts told CyberScoop that while the incident is clearly severe and there are still questions that need to be answered, actions taken by the Virginia-based bank — who did not respond to CyberScoop’s request for comment — prevented this breach from becoming another example of extreme corporate cybersecurity negligence. “While it’s tempting to knock Capital One for this […]
The post What Capital One’s cybersecurity team did (and did not) get right appeared first on CyberScoop.
Continue reading What Capital One’s cybersecurity team did (and did not) get right
Capital One always said it wasn’t like other banks. While other financial giants cautiously waded into their own digital transformations, Capital One’s leadership has sought to differentiate the $28 billion bank by investing in technology meant to modernize their business. The bank has increased its number of technology staffers to 9,000 today from 2,500 in 2011, assigning employees to software engineering, artificial intelligence and building a digital chatbot to automate reminders to customers about when their bills are due or flag unusually large restaurant tips in case they want to rescind them, Rob Alexander, the bank’s chief information officer told the Wall Street Journal last year. Capital One also was different for its use of Amazon Web Services, a rarity in the financial services industry where most corporate heavyweights simply don’t trust third-parties to store their financial data. At Capital One, the use of AWS was to serve as proof of […]
The post Capital One is a cautionary tale for companies rushing to embrace new tech appeared first on CyberScoop.
Continue reading Capital One is a cautionary tale for companies rushing to embrace new tech
Financial giant Capital One announced a large data breach Monday, with the company saying that one person accessed personal information of approximately 100 million people in the United States and 6 million in Canada who had applied for or are currently considered users of the company’s credit cards. Additionally, the FBI arrested a woman in Washington state who is suspected of hacking into the company to obtain that information. Paige A. Thompson was arrested Monday and appeared in federal court in Seattle. According to the complaint, Thompson allegedly took wide swaths of personal information from Capital One’s cloud storage instances on March 22 and March 23. The company stored the data taken by Thompson on Amazon Web Services. The company says this information included names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth and self-reported income. The information ranged from 2005 to early 2019. Additionally, Capital One […]
The post Capital One announces massive data breach; lone suspect arrested in Seattle appeared first on CyberScoop.
Continue reading Capital One announces massive data breach; lone suspect arrested in Seattle
A federal jury on Thursday convicted two Romanian nationals of aggravated identity theft and wire fraud, among other charges, for using malware to steal credit card information and sell it on underground websites. A 12-day trial found Bogdan Nicolescu and Radu Miclaus guilty on 21 counts. In addition to wire fraud and identity theft, they were convicted on money laundering and counterfeit charges. The men were accused of infecting and controlling over 400,000 computers, most of which were in the U.S., as part of the long-running fraud scheme that included cryptocurrency mining. The scheme also involved robbing people of millions of dollars by duping them into making fraudulent purchases on supposed auction sites. Prosecutors described a methodical enterprise that used stolen credit card numbers to rent server space, register domains, and pay for virtual private network services. Nicolescu and Miclaus, who are both in their 30s and from the Romanian […]
The post U.S. jury finds two Romanians guilty of stealing credit card info, infecting 400,000 computers appeared first on CyberScoop.