Security News
Researchers have discovered a new Android banking malware that targets Brazil's Itaú Unibanco with the help of lookalike Google Play Store pages to carry out fraudulent financial transactions on victim devices without their knowledge. "The has created a fake Google Play Store page and hosted the malware that targets Itaú Unibanco on it under the name 'sincronizador.apk.'".
Researchers have discovered a new Android banking malware that targets Brazil's Itaú Unibanco with the help of lookalike Google Play Store pages to carry out fraudulent financial transactions on victim devices without their knowledge. "The has created a fake Google Play Store page and hosted the malware that targets Itaú Unibanco on it under the name 'sincronizador.apk.'".
Customers of Chase, Wells Fargo, Bank of America and Capital One, along with nearly 400 other financial institutions, are being targeted by a malicious app disguised to look like the official account management platform for French telecom company Orange S.A. Researchers say this is just the beginning. Once downloaded, the malware - a variant of banking trojan Anubis - steals the user's personal data to rip them off, researchers at Lookout warned in a new report.
A fake Android app is masquerading as a housekeeping service to steal online banking credentials from the customers of eight Malaysian banks. The app is promoted through multiple fake or cloned websites and social media accounts to promote the malicious APK, 'Cleaning Service Malaysia.
India's Punjab National Bank has smacked down a security firm's allegation that it exposed personal and financial data of its 180 million customers - but appears to have admitted its Exchange Server implementation wasn't in tip-top shape. In the same report, the Bank admitted that it uses Exchange, but the allegedly unpatched servers were only used to route mail to Office365 and contain no sensitive data.
There are significant privacy challenges that could make eNaira a lot less attractive. Identification and authentication can pose additional privacy risks because of their central role in onboarding users to the eNaira wallet and ensuring equal access for all users to meet the financial inclusion aspiration of the CBN. Under the CBN's Circular and Guideline [PDF] on the eNaira issued on 25 October, the national identity number and/or biometric verification number are the unique identifiers for users to "Self-onboard" to the eNaira speed wallet.
US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector's stability.
US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector's stability.
This article was written by Peter Gerdenitsch, Group CISO at Raiffeisen Bank International, and is based on a presentation given during Imvision's Executive Education Program, a series of events focused on how enterprises are taking charge of the API security lifecycle. We've got an API security course and cloud security course to deepen our security-related knowledge in these domains.
This article was written by Peter Gerdenitsch, Group CISO at Raiffeisen Bank International, and is based on a presentation given during Imvision's Executive Education Program, a series of events focused on how enterprises are taking charge of the API security lifecycle. We've got an API security course and cloud security course to deepen our security-related knowledge in these domains.