Security News

Sift released a report, detailing the increasingly sophisticated - and often automated - tactics cybercriminals leverage to commit payment fraud. Derived from a global network of over 34,000 sites and apps and a survey of over 1,000 consumers, the index reveals that the payment fraud attack rate across fintech ballooned 70% in 2021-making it the highest increase across any vertical in the network.

One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Threat actors approached ONUS to extort a $5 million sum and threatened to publish the customer data should ONUS refuse to comply.

Rapyd published a report conducted by 451 Research, to assess the market dynamics of fintech developers around the world. Key findings in the report include a growing demand for fintech developers to create payment applications and building in-house tools as well as general job dissatisfaction.

One financial startup that's targeting the gig worker market is offering up to $500 to anyone willing to hand over the payroll account username and password given to them by their employer, plus a regular payment for each month afterwards in which those credentials still work. On its blog, Argyle imagines a world in which companies choose to integrate its application platform interface and share their employee payroll data.

Indian digital financial services platform Mobikwik denies claims that almost 8 TB of data put up for sale was allegedly stolen from its servers. The threat actor who put the allegedly stolen data up for sale also created a search portal to allow anyone to check if their data is included in the stolen data.

If you sell Web-based software for a living and ship code that references an unregistered domain name, you are asking for trouble. A quick search of WHOIS registration records showed the domain was unregistered.

Founded by seasoned compliance veterans, DigiPli is transforming Anti-Money Laundering and Know Your Customer protocols for FinTechs and other financial services firms. DigiPli announces the official launch of its holistic Onboarding-as-a-Service solution, which addresses a financial institution's complete onboarding and KYC needs.

42% of global consumers use a free FinTech app or platform. The research reveals interesting findings about how consumers protect their sensitive information when using financial technology applications.

The malware's emergence dovetails with a change in the chain of infection and an expansion of infrastructure for the APT. According to researchers at Cybereason, PyVil RAT enables the attackers to exfiltrate data, perform keylogging and take screenshots, and can roll out secondary credential-harvesting tools such as LaZagne. The latest series of campaigns observed by Cybereason that use PyVil RAT are widespread yet targeted, taking aim at FinTech companies across the U.K. and E.U. The attack vector is spear-phishing emails, which use the Know Your Customer regulations as a lure.

For the past two years, a threat group tracked as Evilnum has been observed targeting financial technology companies, mainly ones located in the European Union and the U.K., ESET reports. Golden Chickens components used in Evilnum attacks are from the TerraLoader family.