Security News

The Central Bank of Seychelles on Friday announced that the network of the Development Bank of Seychelles was recently targeted in a ransomware attack. CBS has been engaging with DBS to establish the exact nature and circumstances of the incident and closely monitor the developments, including the possible impact on DBS' operations," the bank said in a Friday announcement.

Since February 2020, North Korean state-sponsored hackers have been targeting banks in multiple countries, the Cybersecurity and Infrastructure Security Agency, the Department of the Treasury, the Federal Bureau of Investigation and U.S. Cyber Command warn in a joint advisory. "The BeagleBoyz's bank robberies pose severe operational risk for individual firms beyond reputational harm and financial loss from theft and recovery costs. [] Equally concerning, these malicious actors have manipulated and, at times, rendered inoperable, critical computer systems at banks and other financial institutions," the joint advisory reads.

The BeagleBoyz, part of the North Korean government's hacking apparatus, are back to targeting banks around the world after a brief pause in activity. The US Cybersecurity and Infrastructure Security Agency has released an alert with details of how the BeagleBoyz have made off with an estimated $2 billion in fiat and cryptocurrency since 2015, along with details on how financial institutions can protect themselves against their known patterns of attack.

For two years, IBM has been deploying confidential computing capabilities in the IBM Cloud and Rohit Badlaney, vice president of IBM Z Hybrid Cloud, said it is the only public cloud with "Production-ready confidential computing capabilities able to protect data, applications and processes." IBM's platform is now used in heavily regulated industries like healthcare and banking, with high profile customers like Bank of America and Daimler taking advantage of confidential cloud computing capabilities.

The British offices of Barclays Bank are under investigation over allegations that managers spied upon their own staff as part of a workplace productivity improvement drive. Back in February, the bank trialled tracking software to detail the amount of time employees spent at their desk, as revealed by City AM. Last week an employee received a "Work yoga" assessment on their daily performance informing them they had spent "Not enough time in the Zone yesterday," the City paper reports.

Capital One must pay a trivial $80m fine for its shoddy public cloud security - yes, the US banking giant that was hacked last year by a miscreant who stole personal information on 106 million credit-card applicants in America and Canada. "The OCC took these actions based on the bank's failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner," the watchdog said in a statement on Thursday.

A recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards. Virtually all chip-based cards still have much of the same data that's stored in the chip encoded on a magnetic stripe on the back of the card.

The same group noted that while banks continue to show the most interest in threat intelligence, over the past 12 months healthcare organizations have doubled their research into it, manufacturers have increased their interest in threat intelligence more than 50%, and energy and utilities are asking about it 30 percent more frequently, as is the services sector. Can the rest of the world catch up to the same level of security effectiveness that banks have achieved? Data showing that more sectors are diving deeper into security is a promising sign.

The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. We're told only a small fraction of the crooks lurking on the boards were commercial traders buying and selling stolen cards for cybercrime use.

Stolen domain admin login credentials can be resold by dark web criminals for up to £95,000 and a total of 15 billion purloined credentials are traded on illicit marketplaces. "Rick Holland, CISO and strategy veep of Digital Shadows, mused:"The sheer number of credentials available is staggering and in just over the past 1.5 years, we've identified and alerted our customers to some 27 million [leaked] credentials which could directly affect them.... "Details exposed from one breach could be re-used to compromise accounts used elsewhere. The message is simple - consumers should use different passwords for every account and organizations should stay ahead of the criminals by tracking where the details of their employees and customers could be compromised."