Security News

Australian FinTech takes itself offline to deal with cyber incident that caused data leak
2023-03-21 03:58

Latitude Financial has blamed a supplier for leaking creds that caused vast PII leak Australian outfit Latitude Financial has taken itself offline, and even stopped serving customers, while it tries to clean up an attack on its systems. Latitude said the attack on the vendor exposed credentials of its staff, which were used to log on to two other service providers it uses for matter such as identity verification.

Popular fintech apps expose valuable, exploitable secrets
2023-03-06 04:30

92% of the most popular banking and financial services apps contain easy-to-extract secrets and vulnerabilities that can let attackers steal consumer data and finances, according to Approov. 92% of the apps leaked valuable, exploitable secrets and 23% of the apps leaked extremely sensitive secrets.

Threats targeting fintech companies are on the rise
2022-08-05 08:00

In Q1 of 2022, fintech companies experienced 2.5 times more attacks than in the two previous years. The growing rate of cybercrime has added to the market unrest and questioned fintech preparedness; some claimed that the industry players are more susceptible to virtual threats than traditional banking, with greater resources at their disposal.

Trust in fintech security has been wavering
2022-07-25 03:00

In Q1 of 2022, fintech companies experienced 2.5 times more attacks than in the two previous years. The growing rate of cybercrime has added to the market unrest and questioned fintech preparedness; some claimed that the industry players are more susceptible to virtual threats than traditional banking, with greater resources at their disposal.

Ransomware in fintech: Cybercriminals adopt new means as theft gives way to sabotage
2022-04-21 08:00

VMware released a report which takes the pulse of the financial industry's top CISOs and security leaders on the changing behavior of cybercriminal cartels and the defensive shift of the financial sector. The report found that financial institutions are facing increased destructive attacks and falling victim to ransomware more than in years' past, as sophisticated cybercrime cartels evolve beyond wire transfer fraud to now target market strategies, take over brokerage accounts and island hop into banks.

Fintech platform flaw could have allowed bank transfers, exposed data
2022-04-07 15:30

Salt Security spotted a vulnerability in a large fintech company's digital platform that would have granted attackers admin access to banking systems in addition to allowing them to transfer funds to their own accounts. "This vulnerability is a critical flaw, one that completely compromises every bank user," Yaniv Balmas, vice president of research at Salt, an API security firm, told The Register.

SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
2022-04-07 13:46

A server-side request forgery flaw in an API of a large financial technology platform potentially could have compromised millions of bank customers, allowing attackers to defraud clients by controlling their bank accounts and funds, researchers have found. A team at Salt Security's Salt Labs identified the vulnerability in an API in a web page that supports the organization's platform fund transfer functionality, which allows clients to transfer money from their accounts on its platform into their bank accounts, researchers disclosed in a report published Thursday.

North Korean threat actors target news outlets and fintechs with a Google Chrome vulnerability
2022-03-30 14:07

Threat actors from North Korea have been exploiting a vulnerability in Google Chrome to target certain users with remote code, particularly news outlets, software vendors and fintechs in the United States. On Feb. 10, Google's TAG team discovered two distinct threat actors using that vulnerability to target U.S.-based organizations spanning news media, IT, cryptocurrency and fintech industries.

North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms
2022-03-25 19:04

Google's Threat Analysis Group on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser. The campaigns, once again "Reflective of the regime's immediate concerns and priorities," are said to have targeted U.S. based organizations spanning news media, IT, cryptocurrency, and fintech industries, with one set of the activities sharing direct infrastructure overlaps with previous attacks aimed at security researchers last year.

Tax-Season Scammers Spoof Fintechs, Including Stash, Public
2022-03-24 13:00

Threat actors have new targets in their sites this tax season during the annual barrage of cyber-scams as people file their U.S. income-tax documents. It's common for attackers to target popular tax filing and preparation apps such as Intuit and TurboTax in various cybercriminal campaigns during tax season, a time that's traditionally rife with scams.