Security News

RuneScape is a free online MMORPG game first released two decades ago but continues to be popular in the gaming community and enjoyed by millions of players. The latest phishing campaign, spotted by Malwarebytes, attempts to target players of both the Old School and the standard editions via a fake email change notice.

The Spanish police have announced the arrest of 13 people and the launch of investigations on another seven for their participation in a phishing ring that stole online bank credentials. The threat actors used phishing lures to trick their victims into believing they received an alert from their bank and proceeded to steal their account credentials.

After suffering a ransomware attack by the Hive operation, the Bank of Zambia made it clear that they were not going to pay by posting a picture of male genitalia and telling the hackers to s. Last week, the Bank of Zambia, the country's central bank, disclosed that recent technical outages resulted from a cyberattack. "The Bank of Zambia wishes to inform members of the public that it experienced a partial disruption to some of its Information Technology applications on Monday 9th May 2022," disclosed the bank in a press release.

The Bank for International Settlements - a meta bank for the world's central banks and facilitator of cross-border payments - has advocated new governance systems that promote owner control of data and transparency over its use. Consent is often given once, despite use of data changing over time without re-confirming consent.

In this video for Help Net Security, Tom Kellermann, Head of Cybersecurity Strategy at VMware, talks about threats against financial institutions and the findings of the Modern Bank Heists 5.0 report. There has been a dramatic uptick of attacks, not just specific to spearphishing, but attacks against APIs, attacks where ransomware was distributed inside infrastructure because of the presence of remote access trojans, island hopping, etc.

Despite banks working to improve online security protocols, consumers must also do their part in taking advantage of enhanced security features to keep their accounts safe. Since banks strive to make the digital banking experience as intuitive and frictionless as possible for users, this can also present an opportunity for hackers to access unwitting consumers' bank accounts.

African banks are increasingly targeted by malware distribution campaigns that employ HTML smuggling tricks and typo-squatted domains to drop remote access trojans. Cybercriminals interested in quick financial gains are a constant source of trouble for banks in Africa, which have resorted to deploying strict gateway security controls.

Salt Security spotted a vulnerability in a large fintech company's digital platform that would have granted attackers admin access to banking systems in addition to allowing them to transfer funds to their own accounts. "This vulnerability is a critical flaw, one that completely compromises every bank user," Yaniv Balmas, vice president of research at Salt, an API security firm, told The Register.

A server-side request forgery flaw in an API of a large financial technology platform potentially could have compromised millions of bank customers, allowing attackers to defraud clients by controlling their bank accounts and funds, researchers have found. A team at Salt Security's Salt Labs identified the vulnerability in an API in a web page that supports the organization's platform fund transfer functionality, which allows clients to transfer money from their accounts on its platform into their bank accounts, researchers disclosed in a report published Thursday.

An Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system has, shockingly, been compromised by criminals who made off with millions of rupees. It certainly thinks small about security - at least according to Hyderabad City Police, which last week detailed an attack on the Bank that started with over 200 phishing emails being sent across three days in November 2021.