Category Archives: Financial data

Crooks are getting smarter about exploiting SAP software, study finds

Posted on by

Security researchers on Tuesday warned of the unrelenting interest that cybercriminals have in exploiting applications made by software giant SAP to defraud or disrupt big businesses that rely on SAP products. A months-long study by Boston-based security firm Onapsis found that malicious hackers are growing more knowledgeable of SAP software and the potential impact that compromises could have on customers. In one case, an unidentified attacker managed to chain together multiple software exploits to target an SAP “credential store,” which stores login details for an organization’s high-value SAP users. Access to the credential store could give a hacker the ability to exploit other applications that interact with those credentials. SAP has 400,000 customers worldwide, including more than half of NATO members. A big swath of the world’ largest public companies use the software to manage their business processes. A critical bug in SAP software could be a ticket for a […]

The post Crooks are getting smarter about exploiting SAP software, study finds appeared first on CyberScoop.

Continue reading Crooks are getting smarter about exploiting SAP software, study finds

Russian man sentenced to 12 years in prison for massive JPMorgan data heist

Posted on by

A U.S. federal judge on Thursday sentenced Andrei Tyurin, a 37-year-old Russian man, to 12 years in prison for his role in a hacking scheme that prosecutors say involved the theft of personal data from over 100 million customers of big U.S. financial firms. The brazen hacking operation, which ran from 2012 to 2015, is one of the biggest to hit Wall Street in recent memory. It involved Tyurin allegedly working with an Israeli man named Gery Shalon, among others, to breach big-name companies like JPMorgan Chase, ETrade and The Wall Street Journal. The scammers then sought to inflate stock prices by marketing them to people whose data they had stolen. Tyurin’s breach of JPMorgan Chase alone saw data on 80 million customers stolen, according to prosecutors. The Russian man made $19 million altogether from the hacking, the Justice Department said in a statement. The case is a win for […]

The post Russian man sentenced to 12 years in prison for massive JPMorgan data heist appeared first on CyberScoop.

Continue reading Russian man sentenced to 12 years in prison for massive JPMorgan data heist

$100M Botnet Scheme Lands Cybercriminal 8 Years in Jail

Posted on by

Aleksandr Brovko faces jail time after stealing $100 million worth of personal identifiable information (PII) and financial data over the course of more than 10 years. Continue reading $100M Botnet Scheme Lands Cybercriminal 8 Years in Jail

Egregor Claims Responsibility for Barnes & Noble Attack, Leaks Data

Posted on by

The ransomware gang claims to have bought network access to the bookseller’s systems before encrypting the networks and stealing “financial and audit data.” Continue reading Egregor Claims Responsibility for Barnes & Noble Attack, Leaks Data

Warner Music Notifies Customers of Web-Skimming Attack; Personal and Financial Data Potentially Viewed by Cybercriminals

Posted on by

US-based multinational entertainment and record label Warner Music Group has disclosed a web-skimming attack that may have let cybercriminals steal customers’ personal and financial data. According to a data breach notification submitted with Californi… Continue reading Warner Music Notifies Customers of Web-Skimming Attack; Personal and Financial Data Potentially Viewed by Cybercriminals

Malicious Autodesk plugin at root of cyber-espionage campaign

Posted on by

A company involved in billion-dollar real estate deals in New York, London, Australia, and Oman has recently become the target of a cyber-espionage campaign from a set of well-resourced hackers, according to new BitDefender research published Wednesday. The hackers waged the campaign against the target, an international architectural and video production entity, in a likely effort to collect financial information or negotiation details of competing contracts for a customer, BitDefender assessed. They infiltrated the victim firm by imitating a plugin for a popular 3D computer graphics software, AutoDesk 3ds Max, and then deploying a malicious file against the target. The perpetrators are likely hackers-for-hire who split their time between running nation-state cyber-operations and conducting corporate espionage on behalf of private sector entities, according to BitDefender’s analysis. Which foreign government BitDefender suspects employs the hackers wasn’t immediately clear, but Russia, China, Iran, and North Korea alike frequently rely on contractor talent or […]

The post Malicious Autodesk plugin at root of cyber-espionage campaign appeared first on CyberScoop.

Continue reading Malicious Autodesk plugin at root of cyber-espionage campaign

Another guilty plea in $568 million Infraud crime ring

Posted on by

A Moldovan man on Friday became the second person in as many months to plead guilty to being part of Infraud, a $568 million cybercriminal enterprise that stole payment cards and personal data from around the world, the U.S. Department of Justice said. 30-year-old Valerian Chiochiu, who allegedly trained Infraud members on writing and deploying malware, appeared before a judge in federal court in Nevada, U.S. officials said. Chiochiu’s guilty plea follows that of Sergey Medvedev, a 33-year-old Russian, who is accused of being the group’s co-founder. The pleas are part of the ongoing U.S. effort to prosecute Infraud, which Department of Justice officials say victimized people in all 50 states. At its height, Infraud aspired to be the internet’s top spot for “carding,” or buying things with stolen credit card data. It amassed more than 10,000 members, and claimed to only allow vetted vendors of stolen data to advertise […]

The post Another guilty plea in $568 million Infraud crime ring appeared first on CyberScoop.

Continue reading Another guilty plea in $568 million Infraud crime ring

Twilio breach spotlights struggle to keep corporate software kits out of the wrong hands

Posted on by

The security team at Twilio, a cloud communications company that claimed over $1 billion in revenue last year, could breathe a sigh of relief on Sunday night. Earlier in the day, someone had manipulated the code in a software product that Twilio customers use to route calls and other communications. The breach resembled a Magecart-style attack that skims websites for users’ financial data. Twilio cleaned up the code hours later, and said there was no sign the attackers had accessed customer data. But the damage could have been worse if the attack had been targeted, multiple security experts told CyberScoop. With access to the code, which was sitting in an unsecured Amazon cloud storage service known as an S3 bucket, the attackers could have conducted phishing attacks or distributed malware through the platform, according to Yonathan Klijnsma, head of threat research at security company RiskIQ. Dave Kennedy, founder of cybersecurity […]

The post Twilio breach spotlights struggle to keep corporate software kits out of the wrong hands appeared first on CyberScoop.

Continue reading Twilio breach spotlights struggle to keep corporate software kits out of the wrong hands

US cyber officials urge patching of bug affecting up to 40K SAP customers

Posted on by

A critical vulnerability in applications made by software giant SAP could affect up to 40,000 SAP customers, offering a pathway for hackers to remotely steal or alter data, researchers warned Tuesday. At least 2,500 SAP systems with the vulnerability are exposed to the internet, making life easier for anyone who would want to exploit the bug, said researchers from Boston-based security company Onapsis. Exploiting the vulnerability could give a hacker administrative access to SAP software housing business and financial data, they said. The scope of the affected organizations and the importance of the SAP software to businesses prompted the Department of Homeland Security’s cybersecurity arm to issue an alert late Monday urging organizations to address the issue. “Due to the criticality of this vulnerability, the attack surface this vulnerability represents, and the importance of SAP’s business applications, the Cybersecurity and Infrastructure Security Agency strongly recommends organizations immediately apply patches,” CISA told affected […]

The post US cyber officials urge patching of bug affecting up to 40K SAP customers appeared first on CyberScoop.

Continue reading US cyber officials urge patching of bug affecting up to 40K SAP customers

Operators of Android hacking kit impersonate postal services in US and Europe

Posted on by

Two years ago, when researchers at antivirus company Trend Micro reported on a new mobile data-stealing kit known as FakeSpy, they warned there could be more to come from the hackers. Directing the Android-focused malware at users outside of South Korea and Japan, where it was discovered, would simply be a matter of reconfiguring the code, the researchers said. That’s exactly what happened. On Wednesday, another set of researchers, from security company Cybereason, revealed how FakeSpy’s operators have been impersonating various postal services in attacks on users in the U.S., China and Europe in the last several weeks. The hackers have taken aim at thousands of users with the help of phony text messages that, if clicked, install code capable of siphoning off financial data from mobile applications. The findings show how, with an effective mobile malware kit written, hackers can tweak the code to target different parts of the world and see […]

The post Operators of Android hacking kit impersonate postal services in US and Europe appeared first on CyberScoop.

Continue reading Operators of Android hacking kit impersonate postal services in US and Europe