Security News

Barclays Bank appears to have been using no less than the Internet Archive's Wayback Machine as a "Content distribution network" to serve up a Javascript file. Archive.org went down, it would presumably break Barclays' website as well.

The phishing email leads recipients to a phony BOA landing page in an attempt to steal their banking credentials, according to Armorblox. A blog post published Thursday by security provider Armorblox explains how a recent phishing campaign impersonates Bank of America.

The bank's master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank's encrypted master key in plain, unencrypted digital language at the Postbank's old data centre in the Pretoria city centre.

Safe Systems, a national provider of fully-compliant IT and security services for community banks and credit unions, announced the availability of NetInsight, a cyber risk reporting tool designed to help community banks and credit unions fill gaps in reporting to meet examiner expectations and provide actionable data to internal stakeholders. Many community financial institutions struggle to efficiently identify threats and assess risks due to limited visibility into their networks and lack of quality cyber risk reports.

A new ransomware strain called Tycoon is seeking to wheel and deal its way into the Windows and Linux worlds, using a little-known Java image format as part of its kill chain. Working with KPMG's UK Cyber Response Services, the researchers analyzed a targeted attack using the previously unknown malware on an organization's domain controller and file servers.

Creeps in Australia have given away money in order to harass people with abusive transaction descriptions that appear in online banking records. Australia's Commonwealth Bank revealed the practice today after finding over 8,000 customers had received such messages.

Reposify unveiled research findings of critical asset exposures and vulnerabilities in attack surfaces of the world's leading multinational banks. Researchers measured the prevalence of exposed sensitive assets including exposed databases, remote login services, development tools and additional assets for 25 multinational banks and their 350+ subsidiaries.

Researchers have analysed a new strain of Android malware that does not yet exist in the wild. EventBot asks the user for permission to use accessibility services, a powerful feature since these services require extensive permissions in order to work, including acting as a keylogger, for example, and running in the background.

"Only Temenos can provide banks the richest banking functionality and the most advanced cloud-native technology to help them deliver value to their customers and build sustainable growth in the future." To support banks, Temenos launched AI-driven SaaS technology propositions which are immediately available to help banks with the Covid-19 crisis.

Researchers are warning of a remote overlay malware attack that leverages a fake Chrome browser plugin to target the accounts of banking customers in Spain. Grandoreiro is a type of remote overlay banking trojan, designed to help attackers overtake devices and display a full-screen overlay image when victim accesses their online banking account.