Security News

Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions
2023-09-26 11:49

An updated version of an Android banking trojan called Xenomorph has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric,...

The critical role of authorization in safeguarding financial institutions
2023-09-14 04:00

According to a recent Cost of Data Breach report, the financial industry has the second highest average cost for a data breach, making the value well worth financial institutions investing more into authorization. In this Help Net Security video, David Brossard, CTO at Axiomatics, discusses how, whether it's protecting their own or their customers' specific privacy/confidentiality while also adhering to global compliance regulations, there is a lot to think through regarding access control.

Huge DDoS attack against US financial institution thwarted
2023-09-11 18:46

Akamai says it thwarted a major distributed denial-of-service attack aimed at a US bank that peaked at 55.1 million packets per second earlier this month. The network traffic flood hit on September 5 against the unnamed finance giant Akamai describes as "One of the biggest and most influential US financial institutions."

German financial agency site disrupted by DDoS attack since Friday
2023-09-04 17:11

The German Federal Financial Supervisory Authority announced today that an ongoing distributed denial-of-service attack has been impacting its website since Friday. BaFin is Germany's financial regulatory authority, part of the Federal Ministry of Finance, responsible for supervising 2,700 banks, 800 financial, and 700 insurance service providers.

MMRat Android Trojan Executes Remote Financial Fraud Through Accessibility Feature
2023-08-30 15:12

A previously undocumented Android banking trojan dubbed MMRat has been observed targeting mobile users in Southeast Asia since late June 2023 to remotely commandeer the devices and perform financial fraud. "The malware, named after its distinctive package name com.mm.user, can capture user input and screen content, and can also remotely control victim devices through various techniques, enabling its operators to carry out bank fraud on the victim's device," Trend Micro said.

New Financial Malware 'JanelaRAT' Targets Latin American Users
2023-08-14 10:25

Users in Latin America are the target of a financial malware called JanelaRAT that's capable of capturing sensitive information from compromised Microsoft Windows systems. "JanelaRAT mainly targets financial and cryptocurrency data from LATAM bank and financial institutions," Zscaler ThreatLabz researchers Gaetano Pellegrino and Sudeep Singh said, adding it "Abuses DLL side-loading techniques from legitimate sources to evade endpoint detection."

Dark web activity targeting the financial sector
2023-08-08 04:00

In this Help Net Security video, Jim Simpson, Director of Threat Intelligence at Searchlight Cyber, discusses threats against the financial sector. Threat actors will invariably target banks, yet by keeping an eye on the dark web, these institutions can identify illegal activities during their initial planning or pre-attack phase.

EU’s financial institutions face cyber resilience crisis
2023-08-01 03:00

84% of financial institutions have been exposed to a fourth-party breach - illustrating how a vast web of unseen risks are hiding in plain sight. "If nearly 20% of the most well-resourced financial entities in the EU have grades of C or worse, then it's likely that the overall cyber resilience for other financial entities is actually much lower," said Matthew McKenna, Chief Sales Officer, SecurityScorecard.

A fresh look at the current state of financial fraud
2023-07-20 04:00

In this Help Net Security video, Greg Woolf, CEO at FiVerity, discusses how the emergence of sophisticated fraud tools powered by AI and recent upheavals in the banking sector have forged an ideal environment for financial fraud. This complex scenario presents considerable obstacles for financial establishments to defend themselves efficiently.

Singapore tells crypto operators: act like grown up financial institutions
2023-07-05 06:24

In measures floated in October 2022 and to be enacted by the end of 2023, Singapore's Monetary Authority will require operators to hold customer assets under a statutory trust segregated from their own assets. Crypto outfits are also barred from facilitating retail customer lending and staking - the term for locking up crypto assets for a set time to support blockchain validation.