Security News

Singapore monetary authority threatens action on bank over widespread phishing scam
2022-01-18 13:04

The Monetary Authority of Singapore says it is considering supervisory action against Southeast Asia's second largest bank, Oversea-Chinese Banking Corporation, which was criticised for its incident response to a widespread phishing scheme across the island nation. "Monetary Authority Singapore takes a serious view of the recent phishing scams involving OCBC Bank. They have significantly impacted several customers. OCBC has acknowledged that its incident response and customer service should have been better. MAS has been following up with the bank on these and broader issues relating to the incident," said MAS deputy managing director Ms Ho Hern Shin in a statement to The Register.

SlimPay fined €180k after 12 million customers' bank data publicly accessible for 5 years
2022-01-04 17:33

Using real data is a good way to ensure that development code is working as expected before live deployment, but when you are dealing with sensitive information such as bank account details, great care must be taken not to fall foul of data protection regulations. In a later data breach notification, the firm disclosed more details on the security incident, including the number of people and the type of personal data affected by the data breach.

New Android Malware Targeting Brazil's Itaú Unibanco Bank Customers
2021-12-27 04:11

Researchers have discovered a new Android banking malware that targets Brazil's Itaú Unibanco with the help of lookalike Google Play Store pages to carry out fraudulent financial transactions on victim devices without their knowledge. "The has created a fake Google Play Store page and hosted the malware that targets Itaú Unibanco on it under the name 'sincronizador.apk.'".

New Android Malware Targeting Brazil's Itaú Unibanco Bank Customers
2021-12-27 00:07

Researchers have discovered a new Android banking malware that targets Brazil's Itaú Unibanco with the help of lookalike Google Play Store pages to carry out fraudulent financial transactions on victim devices without their knowledge. "The has created a fake Google Play Store page and hosted the malware that targets Itaú Unibanco on it under the name 'sincronizador.apk.'".

400 Banks’ Customers Targeted with Anubis Trojan
2021-12-14 20:23

Customers of Chase, Wells Fargo, Bank of America and Capital One, along with nearly 400 other financial institutions, are being targeted by a malicious app disguised to look like the official account management platform for French telecom company Orange S.A. Researchers say this is just the beginning. Once downloaded, the malware - a variant of banking trojan Anubis - steals the user's personal data to rip them off, researchers at Lookout warned in a new report.

Malicious Android app steals Malaysian bank credentials, MFA codes
2021-12-01 18:33

A fake Android app is masquerading as a housekeeping service to steal online banking credentials from the customers of eight Malaysian banks. The app is promoted through multiple fake or cloned websites and social media accounts to promote the malicious APK, 'Cleaning Service Malaysia.

Indian bank smacks down allegation it exposed 180 million customers' accounts
2021-11-23 01:58

India's Punjab National Bank has smacked down a security firm's allegation that it exposed personal and financial data of its 180 million customers - but appears to have admitted its Exchange Server implementation wasn't in tip-top shape. In the same report, the Bank admitted that it uses Exchange, but the allegedly unpatched servers were only used to route mail to Office365 and contain no sensitive data.

Nigeria's central bank digital currency is 'same Naira, more possibilities' – if you count government snooping
2021-11-22 11:00

There are significant privacy challenges that could make eNaira a lot less attractive. Identification and authentication can pose additional privacy risks because of their central role in onboarding users to the eNaira wallet and ensuring equal access for all users to meet the financial inclusion aspiration of the CBN. Under the CBN's Circular and Guideline [PDF] on the eNaira issued on 25 October, the national identity number and/or biometric verification number are the unique identifiers for users to "Self-onboard" to the eNaira speed wallet.

US regulators order banks to report cyberattacks within 36 hours
2021-11-19 13:05

US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector's stability.

US regulators order banks to report cyberattacks within 3 days
2021-11-19 13:05

US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector's stability.