Security News
Financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are being targeted by a new version of an "evolving threat" called JSOutProx. "JSOutProx is a...
Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers. In a security alert from Visa's Payment Fraud Disruption unit seen by BleepingComputer and sent to card issuers, processors, and acquirers, Visa says they became aware of a new phishing campaign distributing the remote access trojan on March 27, 2024.
A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May...
Though generative AI offers financial firms remarkable business and cybersecurity utility, cyberthreats relating to GenAI in financial services are a consistent concern, according to FS-ISAC. Cybercriminals exploit AI for data exfiltration. That said, threat actors can use generative AI to write malware and more skilled cybercriminals could exfiltrate information from or inject contaminated data into the large language models that train GenAI. The use of corrupted GenAI outputs can expose financial institutions to severe legal, reputational, or operational consequences.
In an email to customers, the Vans and North Face parent promised that crooks didn't swipe their credit card or bank account details. "VF never collects or retains any detailed payment or financial information, such as bank account or credit card information, so no such information was exposed to the threat actors. Furthermore, no consumers' passwords were compromised. Please note that formal investigations by competent authorities are still ongoing. For this reason, we are unable to provide further details."
Financially motivated hackers have been leveraging SmokeLoader malware in a series of phishing campaigns predominantly targeting Ukrainian government and administration organizations. The Ukrainian SSSCIP State Cyber Protection Center, together with the Palo Alto Networks Unit 42 research team, have been tracking a massive phishing campaign linked to the distribution of the SmokeLoader malware.
A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. Singapore-headquartered Group-IB described the...
Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers' personal and financial information - including bank account and routing numbers, credit card numbers and security or access codes - after breaking into Infosys' IT systems in the fall. The US-headquartered firm says it "Believes" the data included: names, Social Security numbers, states of residence, bank accounts and routing numbers, or credit/debit card numbers in combination with access code, password, and PIN for the account, and dates of birth.
Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers' personal and financial information - including bank account and routing numbers, credit card numbers and security or access codes - after breaking into Infosys' IT systems in the fall. The US-headquartered firm says it "Believes" the data included: names, Social Security numbers, states of residence, bank accounts and routing numbers, or credit/debit card numbers in combination with access code, password, and PIN for the account, and dates of birth.
ALPHV has now made a number of inflammatory allegations against both victims, which of course should be taken with a substantial grain of salt given that they are indeed criminals. "The claims are categorically false. We continue to have uninterrupted access to their network and are actively exfiltrating information," ALPHV alleged on its site.