Security News

The state-owned Industrial and Commercial Bank of China, which is one of the largest banks in the world, has been hit by a ransomware attack that led to disrupted trades in the US Treasury market. "On November 8, 2023, U.S. Eastern Time, ICBC Financial Services experienced a ransomware attack that resulted in disruption to certain FS systems. Immediately upon discovering the incident, ICBC FS disconnected and isolated impacted systems to contain the incident," the bank said in their security incident notice.

China's largest bank, ICBC, was hit by ransomware that resulted in disruption of financial services systems on Thursday Beijing time, according to a notice on its website. "Immediately upon discovering the incident, ICBC FS disconnected and isolated impacted systems to contain the incident," said the bank's financial services division, which added that it was both investigating and progressing recovery efforts.

Image: Adrian Grycuk/CC BY-SA 3.0 PL. Update November 10, 06:49 EST: The Industrial & Commercial Bank of China confirmed its services were disrupted by a ransomware attack that impacted its systems on Wednesday, November 8. "On November 8, 2023, U.S. Eastern Time, ICBC Financial Services experienced a ransomware attack that resulted in disruption to certain FS systems. Immediately upon discovering the incident, ICBC FS disconnected and isolated impacted systems to contain the incident," said the bank.

Image: Adrian Grycuk/CC BY-SA 3.0 PL. The Industrial & Commercial Bank of China is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues."ICBC is currently unable to connect to DTCC/NSCC. This issue is impacting all of ICBC's clearing customers," says an emergency notice issued to equity traders and shared by security research group vx-underground.

The U.S. Federal Trade Commission has amended the Safeguards Rules, mandating that all non-banking financial institutions report data breach incidents within 30 days. "The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers' data."

Flagstar Bank is warning that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider. A data breach notification sent to impacted customers explains that Flagstar was indirectly impacted by Fiserv, a vendor it uses for payment processing and mobile banking services.

Security researchers discovered a new campaign that distributes a new version of the Xenomorph malware to Android users in the United States, Canada, Spain, Italy, Portugal, and Belgium. In December 2022, the same analysts reported about a new malware distribution platform dubbed "Zombinder," which embedded the threat into legitimate Android apps' APK file.

An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. "The BBTok banker has a dedicated...

Singapore officials announced on Monday that next month they will deliver a consultation paper detailing a split liability scheme that will mean both consumers and banks are on the hook for financial losses flowing from scams. "There are some views that banks can easily absorb losses arising from individual scam cases. However, full restitution without due consideration of culpability is neither fair nor desirable," he told Parliament on Monday.

Bank-fintech partnerships continue to rise as financial institutions look to streamline operations, improve customer experiences, drive profitability, and manage risk and compliance efforts. The guidance promotes standardization for assessing third-party risk and describes sound risk management principles when developing and implementing third-party risk management practices.