Security News

The British offices of Barclays Bank are under investigation over allegations that managers spied upon their own staff as part of a workplace productivity improvement drive. Back in February, the bank trialled tracking software to detail the amount of time employees spent at their desk, as revealed by City AM. Last week an employee received a "Work yoga" assessment on their daily performance informing them they had spent "Not enough time in the Zone yesterday," the City paper reports.

Capital One must pay a trivial $80m fine for its shoddy public cloud security - yes, the US banking giant that was hacked last year by a miscreant who stole personal information on 106 million credit-card applicants in America and Canada. "The OCC took these actions based on the bank's failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner," the watchdog said in a statement on Thursday.

A recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards. Virtually all chip-based cards still have much of the same data that's stored in the chip encoded on a magnetic stripe on the back of the card.

The same group noted that while banks continue to show the most interest in threat intelligence, over the past 12 months healthcare organizations have doubled their research into it, manufacturers have increased their interest in threat intelligence more than 50%, and energy and utilities are asking about it 30 percent more frequently, as is the services sector. Can the rest of the world catch up to the same level of security effectiveness that banks have achieved? Data showing that more sectors are diving deeper into security is a promising sign.

The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. We're told only a small fraction of the crooks lurking on the boards were commercial traders buying and selling stolen cards for cybercrime use.

Stolen domain admin login credentials can be resold by dark web criminals for up to £95,000 and a total of 15 billion purloined credentials are traded on illicit marketplaces. "Rick Holland, CISO and strategy veep of Digital Shadows, mused:"The sheer number of credentials available is staggering and in just over the past 1.5 years, we've identified and alerted our customers to some 27 million [leaked] credentials which could directly affect them.... "Details exposed from one breach could be re-used to compromise accounts used elsewhere. The message is simple - consumers should use different passwords for every account and organizations should stay ahead of the criminals by tracking where the details of their employees and customers could be compromised."

Barclays Bank appears to have been using no less than the Internet Archive's Wayback Machine as a "Content distribution network" to serve up a Javascript file. Archive.org went down, it would presumably break Barclays' website as well.

The phishing email leads recipients to a phony BOA landing page in an attempt to steal their banking credentials, according to Armorblox. A blog post published Thursday by security provider Armorblox explains how a recent phishing campaign impersonates Bank of America.

The bank's master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank's encrypted master key in plain, unencrypted digital language at the Postbank's old data centre in the Pretoria city centre.

Safe Systems, a national provider of fully-compliant IT and security services for community banks and credit unions, announced the availability of NetInsight, a cyber risk reporting tool designed to help community banks and credit unions fill gaps in reporting to meet examiner expectations and provide actionable data to internal stakeholders. Many community financial institutions struggle to efficiently identify threats and assess risks due to limited visibility into their networks and lack of quality cyber risk reports.