Security News

Interpol has announced the arrest of three Nigerian men in Lagos, who are suspected of using remote access trojans to reroute financial transactions and steal account credentials. Interpol did not disclose how much money the gang was able to steal from the victimized organizations.

Meta's Facebook subsidiary has been collecting hashed personal data from students seeking US government financial aid, even from those without a Facebook account and those not logged into the student aid website, according to a research study published this week. News non-profit The Markup, working with Mozilla via its Rally data monitoring extension, found that the Meta pixel code has been gathering digital fingerprints representing the first name, last name, phone number, zip code, and email address of students filling out the Free Application for Federal Student Aid, or FAFSA, on the US Department of Education's StudentAid.

VMware released a report which takes the pulse of the financial industry's top CISOs and security leaders on the changing behavior of cybercriminal cartels and the defensive shift of the financial sector. The report found that financial institutions are facing increased destructive attacks and falling victim to ransomware more than in years' past, as sophisticated cybercrime cartels evolve beyond wire transfer fraud to now target market strategies, take over brokerage accounts and island hop into banks.

Over 42 million people in the UK had financial data compromised. According to a release from international law firm RPC, the financial information belonging to approximately 42.2 million people in the U.K. was surrendered due to a growing number of ransomware attacks.

Escobar mobile malware targets 190 banking and financial apps, steals 2FA codes. Mobile malware is becoming increasingly powerful against banking and financial applications, especially on Android operating systems.

The potential financial, operational, and reputational impact of ransomware makes it the top threat facing financial services organizations, according to a report from F-Secure. While the report forecasts that ransomware will remain a predominant threat for at least the next 12 months, it also highlights defensive strategies that can help reduce the impact of ransomware attacks.

Although many financial institutions are aware of the need for API security to support their new corporate reality, they do not really know how to approach it and especially with which tools. In the API security domain, financial organizations are looking for tools that handle the whole lifecycle.

Russia may ramp up ransomware attacks against the United States as a way to avoid sanctions levied against the nation and Vladimir Putin's government for its invasion of Ukraine, U.S. federal authorities are warning. The Financial Crimes Enforcement Network issued a FinCEN Alert on Wednesday advising all financial institutions to remain vigilant against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions related to the current conflict.

New Xenomorph Android malware targets more than 50 banking and financial applications. Figure B. The Alien malware has more overall capabilities than Xenomorph, which is far more targeted at stealing banking information.

State-sponsored attackers from China conducted a two-month campaign against Taiwanese financial services firms, according to CyCraft, a security consultancy from the island nation. CyCraft's analysis of the incident alleges that the attack run started in November 2021, when the malicious actors - named as Chinese gang APT10 - used supply chain attacks to target software used by Taiwanese financial institutions.