Security News

The Banner Bank executive leadership team announced that Janet Brown has joined the bank as Executive Vice President and Chief Information Officer. Brown is replacing Steve Rust who announced his retirement after more than 40 years in information technology, the last 15 years as CIO at Banner Bank.

Threat actors behind an ongoing worldwide mobile banking fraud campaign were able to steal millions from multiple US and EU banks, needing just a few days for each attack. While emulators are not malicious tools, the group behind this campaign used them for malicious purposes emulating compromised devices or setting up what looked like new devices picked up by the compromised accounts' owners.

Today, banks must contend with near-constant cyber attacks from organized criminal gangs, as well as highly skilled and well-resourced threat actors working on behalf of nation-states. The cyber threats facing banks are exacerbated by a large and complex infrastructure that presents threat actors with an extensive attack surface, allowing them to strike network infrastructure and systems like SWIFT, employees, customers, and physical assets like ATMs. The extent of these threats demands a proactive and persistent security program.

Okta announced significant momentum in the financial services industry with new and expanded deployments for Canadian Western Bank, First National of Nebraska, and Nota, powered by M&T Bank. Following a successful rollout of the Okta Identity Cloud across its workforce, Canadian Western Bank decided to expand its deployment to include Okta Customer Identity and to support its goal of creating a consistent customer experience across all lines of business.

An offshore Cayman Islands bank's backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs. Once evidence was given to the bank of the exposed data, the information was passed onto a bank staffer with a college computer science background, the report added.

"The traditional processes that banks and other financial institutions employ are a bit resource-intensive and often those processes are manual so they've innovated to add some software modeling in an attempt to draw inferences from patterns that they see in their transactions and in their operations to help inform a potential theft, fraud or money laundering," said Michael Reed, director of the Blockchain Program at Intel. "But even those have high false-positive rates which can be disruptive to their customer relationships and also just cost them more time and money in their operations. Confidential computing is a new tool that banks and other corporations are using to help address their own security challenges. It's an emerging technology that helps secure data while it's in use."

Jack Wallen thinks banks and credit card companies need to start considering radical ideas to increase their security. How many times have you had your bank account information or credit card number stolen, only to see your accounts drained? When that happens, you have to not only work with the bank to get your funds back, but jump through all of the hoops when subscribed services start sending you alerts that your payment didn't go through.

Typing in your login data on the fake site exposes your credentials to the crooks because your password is sent to them instead of to your real mobile phone provider. As you can see from the list above, it's theoretically possible that getting your mobile phone account password hacked might give the crooks a way in to your bank account too, especially if you used the same password on your banking site as elsewhere.

The criminals who took out Scotland's Dundee and Angus College made a ransom demand that precisely added up to the contents of its bank account - and that was no accident, its principal has said. In a postmortem interview with academic IT nonprofit Jisc, Simon Hewitt lifted the lid on the 31 January ransomware attack, which went on for days and saw the college's entire IT estate almost completely wiped.

Mastercard announced Cyber Secure, an AI-powered suite of tools that allows banks to assess cyber risk across their ecosystem and prevent potential breaches. Acquiring banks can help merchants understand their own cyber risk, preventing hundreds of millions of dollars in potential fraud.