Security News
Whether pursued as a compliance requirement or a business strategy, open banking has ignited financial services firms to focus on APIs and API security. Financial services API security issues 54 of the 55 mobile apps that were reverse engineered contained hardcoded API keys and tokens including usernames and passwords to third-party services.
The FBI warned the US public that threat actors actively use fake and spoofed unemployment benefit websites to harvest sensitive financial and personal information from unsuspecting victims. Sites used in these attacks are designed to closely resemble official government platforms to trick the targets into giving away their info, infecting them with malware, and claiming unemployment benefits on their behalf.
The operators behind the BlackRock mobile malware have surfaced back with a new Android banking trojan called ERMAC that targets Poland and has its roots in the infamous Cerberus malware, according to the latest research. "The new trojan already has active distribution campaigns and is targeting 378 banking and wallet apps with overlays," ThreatFabric's CEO Cengiz Han Sahin said in an emailed statement.
Cyentia Institute and RiskRecon released a research that quantifies how a multi-party data breach impacts many organizations in today's interconnected digital world. The impact of multi-party data breach events 897 multi-party data breach incidents, also referred to as ripple events, have been observed since 2008.
As you can see, the cryptocurrency wallets in question were partially redacted - but as we know, these follow a recognizable pattern and can be uncovered in the public ledger. After determining the full wallet address, we can find this wallet on the blockchain and see what was transferred and when.
This is part one of a two-part series on how hackers stole $2 million in cryptocurrency. There is one strong commonality with all these incidents and attacks: The hackers want the funds in cryptocurrency.
Key findings 32.5% of all companies were targeted by brute force attacks in early June 2021. 73% of all advanced threats were credential phishing attacks.
A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar. The previously undocumented malware has been dubbed "Sardonic" by Romanian cybersecurity technology company Bitdefender, which it encountered during a forensic investigation in the wake of an unsuccessful attack carried out by FIN8 aimed at an unnamed financial institution located in the U.S. Said to be under active development, "Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components," Bitdefender researchers Eduard Budaca and Victor Vrabie said in a report shared with The Hacker News.
A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar. The previously undocumented malware has been dubbed "Sardonic" by Romanian cybersecurity technology company Bitdefender, which it encountered during a forensic investigation in the wake of an unsuccessful attack carried out by FIN8 aimed at an unnamed financial institution located in the U.S. Said to be under active development, "Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components," Bitdefender researchers Eduard Budaca and Victor Vrabie said in a report shared with The Hacker News.
Atlas VPN analyzed financial hacks over the last two-and-a-half years and found that DeFi hacks represent 76% of all major hacks for the first half of 2021.The problem has jumped from basically zero dollars lost to DeFi hacks in 2019 to $129 million in 2020 and $361 million in the first half of this year.