Security News

92% of the most popular banking and financial services apps contain easy-to-extract secrets and vulnerabilities that can let attackers steal consumer data and finances, according to Approov. 92% of the apps leaked valuable, exploitable secrets and 23% of the apps leaked extremely sensitive secrets.

In Q1 of 2022, fintech companies experienced 2.5 times more attacks than in the two previous years. The growing rate of cybercrime has added to the market unrest and questioned fintech preparedness; some claimed that the industry players are more susceptible to virtual threats than traditional banking, with greater resources at their disposal.

In Q1 of 2022, fintech companies experienced 2.5 times more attacks than in the two previous years. The growing rate of cybercrime has added to the market unrest and questioned fintech preparedness; some claimed that the industry players are more susceptible to virtual threats than traditional banking, with greater resources at their disposal.

VMware released a report which takes the pulse of the financial industry's top CISOs and security leaders on the changing behavior of cybercriminal cartels and the defensive shift of the financial sector. The report found that financial institutions are facing increased destructive attacks and falling victim to ransomware more than in years' past, as sophisticated cybercrime cartels evolve beyond wire transfer fraud to now target market strategies, take over brokerage accounts and island hop into banks.

Salt Security spotted a vulnerability in a large fintech company's digital platform that would have granted attackers admin access to banking systems in addition to allowing them to transfer funds to their own accounts. "This vulnerability is a critical flaw, one that completely compromises every bank user," Yaniv Balmas, vice president of research at Salt, an API security firm, told The Register.

A server-side request forgery flaw in an API of a large financial technology platform potentially could have compromised millions of bank customers, allowing attackers to defraud clients by controlling their bank accounts and funds, researchers have found. A team at Salt Security's Salt Labs identified the vulnerability in an API in a web page that supports the organization's platform fund transfer functionality, which allows clients to transfer money from their accounts on its platform into their bank accounts, researchers disclosed in a report published Thursday.

Threat actors from North Korea have been exploiting a vulnerability in Google Chrome to target certain users with remote code, particularly news outlets, software vendors and fintechs in the United States. On Feb. 10, Google's TAG team discovered two distinct threat actors using that vulnerability to target U.S.-based organizations spanning news media, IT, cryptocurrency and fintech industries.

Google's Threat Analysis Group on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser. The campaigns, once again "Reflective of the regime's immediate concerns and priorities," are said to have targeted U.S. based organizations spanning news media, IT, cryptocurrency, and fintech industries, with one set of the activities sharing direct infrastructure overlaps with previous attacks aimed at security researchers last year.

Threat actors have new targets in their sites this tax season during the annual barrage of cyber-scams as people file their U.S. income-tax documents. It's common for attackers to target popular tax filing and preparation apps such as Intuit and TurboTax in various cybercriminal campaigns during tax season, a time that's traditionally rife with scams.

Sift released a report, detailing the increasingly sophisticated - and often automated - tactics cybercriminals leverage to commit payment fraud. Derived from a global network of over 34,000 sites and apps and a survey of over 1,000 consumers, the index reveals that the payment fraud attack rate across fintech ballooned 70% in 2021-making it the highest increase across any vertical in the network.