Security News
This article was written by Peter Gerdenitsch, Group CISO at Raiffeisen Bank International, and is based on a presentation given during Imvision's Executive Education Program, a series of events focused on how enterprises are taking charge of the API security lifecycle. We've got an API security course and cloud security course to deepen our security-related knowledge in these domains.
This article was written by Peter Gerdenitsch, Group CISO at Raiffeisen Bank International, and is based on a presentation given during Imvision's Executive Education Program, a series of events focused on how enterprises are taking charge of the API security lifecycle. We've got an API security course and cloud security course to deepen our security-related knowledge in these domains.
The Dutch Police have arrested nine people for targeting and stealing money from the elderly by impersonating bank employees. The group of bank help desk fraudsters, five men and four women between the ages of 20 and 27, were arrested between September 14 and October 19, 2021.
Ecuador's largest private bank Banco Pichincha has suffered a cyberattack that disrupted operations and taken the ATM and online banking portal offline. The cyberattack occurred over the weekend, causing the bank to shut down portions of their network to prevent the attack's spread to other systems.
Pacific City Bank, one of the largest Korean-American community banking service providers in America, has disclosed a ransomware incident that took place last month. The bank is circulating notices to inform its clients of a security breach it identified on August 30, 2021, which they claim to have addressed promptly.
BEC scams use various tactics to compromise or impersonate business email accounts with the end goal of redirecting pending or future payments to bank accounts under a threat actor's control. One of the case examples in the indictment document seen by Bleeping Computer, mentions a single transaction of $356,954, sent by a victim in Boston to what they thought was the bank account of their business partner.
One brand that's been getting a lot of exposure among phishing campaigns is Chase Bank as cybercriminals are increasingly targeting people who use the company's financial services. The American subsidiary of JP Morgan Chase, Chase Bank is now ranked as the sixth most spoofed brand seen in phishing URLs, according to Cyren.
MalwareHunterTeam has spotted the two-year-old malware in a new distribution campaign that targets German users with a malicious APK named 'Commerzbank Security' and using the same icon as the official app. Cyble has found that the Hydra-laced app requests 21 permissions, most notably the 'BIND-ACCESSIBILITY PERMISSION' and 'BIND DEVICE ADMIN,' two extremely risky permissions.
Two newly discovered malicious Android applications on Google Play Store have been used to target users of Brazil's instant payment ecosystem in a likely attempt to lure victims into fraudulently transferring their entire account balances into another bank account under cybercriminals' control. "The attackers distributed two different variants of banking malware, named PixStealer and MalRhino, through two separate malicious applications [] to carry out their attacks," Check Point Research said in an analysis shared with The Hacker News.
Banks and post offices in New Zealand have been hit by a cyber offensive, according to reports, consisting of sustained DDoS attacks against a number of critical online services. Local cybersecurity agency NZ-CERT added to the general air of mystery, saying in a statement on its website that it was "Aware of a DDoS attack targeting a number of New Zealand organisations. We are monitoring the situation and are working with affected parties where we can."