Security News

A US bank has said at least the names and social security numbers of more than 1.5 million of its customers were stolen from its computers in December. In a statement to the office of Maine's Attorney General this month, Flagstar Bank said it was compromised between December and April 2021.

Flagstar Bank is notifying 1.5 million customers of a data breach where hackers accessed personal data during a December cyberattack. According to data breach notifications sent to exposed customers, Flagstar experienced a security incident in December 2021 when intruders breached the bank's corporate network.

RuneScape is a free online MMORPG game first released two decades ago but continues to be popular in the gaming community and enjoyed by millions of players. The latest phishing campaign, spotted by Malwarebytes, attempts to target players of both the Old School and the standard editions via a fake email change notice.

The Spanish police have announced the arrest of 13 people and the launch of investigations on another seven for their participation in a phishing ring that stole online bank credentials. The threat actors used phishing lures to trick their victims into believing they received an alert from their bank and proceeded to steal their account credentials.

After suffering a ransomware attack by the Hive operation, the Bank of Zambia made it clear that they were not going to pay by posting a picture of male genitalia and telling the hackers to s. Last week, the Bank of Zambia, the country's central bank, disclosed that recent technical outages resulted from a cyberattack. "The Bank of Zambia wishes to inform members of the public that it experienced a partial disruption to some of its Information Technology applications on Monday 9th May 2022," disclosed the bank in a press release.

The Bank for International Settlements - a meta bank for the world's central banks and facilitator of cross-border payments - has advocated new governance systems that promote owner control of data and transparency over its use. Consent is often given once, despite use of data changing over time without re-confirming consent.

In this video for Help Net Security, Tom Kellermann, Head of Cybersecurity Strategy at VMware, talks about threats against financial institutions and the findings of the Modern Bank Heists 5.0 report. There has been a dramatic uptick of attacks, not just specific to spearphishing, but attacks against APIs, attacks where ransomware was distributed inside infrastructure because of the presence of remote access trojans, island hopping, etc.

Despite banks working to improve online security protocols, consumers must also do their part in taking advantage of enhanced security features to keep their accounts safe. Since banks strive to make the digital banking experience as intuitive and frictionless as possible for users, this can also present an opportunity for hackers to access unwitting consumers' bank accounts.

African banks are increasingly targeted by malware distribution campaigns that employ HTML smuggling tricks and typo-squatted domains to drop remote access trojans. Cybercriminals interested in quick financial gains are a constant source of trouble for banks in Africa, which have resorted to deploying strict gateway security controls.

Salt Security spotted a vulnerability in a large fintech company's digital platform that would have granted attackers admin access to banking systems in addition to allowing them to transfer funds to their own accounts. "This vulnerability is a critical flaw, one that completely compromises every bank user," Yaniv Balmas, vice president of research at Salt, an API security firm, told The Register.