Banking News, Articles and Updates

TLS implementation bug put millions at risk

A critical security bug put millions of banking app users at risk, according to researchers from the University of Birmingham.

Security flaw puts 10 million banking app users at risk

Vulnerability could enable hackers to carry out MitM attacks on bank apps - 10 million users at risk

New Ursnif variants silently targets banks and employ redirection attacks

New Ursnif variants being tested in the wild are using redirection attacks to target Australian banks and malicious TLS callback techniques to achieve process injection.

New IcedID banking trojan already rivals worst of its malware peers

A banking trojan that's been targeting US financial institutions and services since at least September is already as advanced in its capabilities as its predecessors Zeus, Gozi, and Dridex, researchers from IBM have reported.

Banking Trojan gang poisons Google results to spread malware: more comment

Cunning SEO trickery and new variant of Zeus Panda targets international banking customers

Corebot banking trojan returns - after modifying indicators of compromise

A new variant of the banking Trojan, CoreBot, which was mainly active in the summer of 2015, has been spotted by security researchers with the new variant spreading via malicious Office documents.

Russian hackers silently threaten global financial organisations

A new bankrobber Trojan has been identified by researchers at Kaspersky Lab, quietly stealing money direct from the banks themselves rather than targeting customers.

Ursnif banking malware surges in Japan, banks and payment card Cos hit

Malspam campaigns designed to spread the Ursnif banking trojan have been heavily targeting Japanese banks and payment card providers in 2017, especially since September, according to IBM'sX-Force research team.

Swiss phishing scam aims to download Retefe banking trojan

Researchers with PhishMe have released the details of a phishing campaign, currently being run in Switzerland, that uses a tax dodge to entice its victims to open an attached file, which will then download the Retefe banking trojan.

LokiBot Android Banking Trojan turns into ransomware in last ditch effort

An Android banking trojan dubbed LokiBot turns into a ransomware when users try to remove its admin privileges in a last ditch effort to extort the user.

North Korean hackers suspected of targeting Nepali bank SWIFT codes

Cyber-criminals used stolen SWIFT codes to transfer money from multiple Nepali banks on 19 October 2017.

ATMii ATM malware uses two modules, simple yet effective

A new family of ATM malware, dubbed ATMii, is using legitimate proprietary libraries and a small piece of code to cause the machines to spit out money and targets older Windows versions.

Brazilian banking trojan uses legit VMware binary to bypass security

Cyber-criminals are using legitimate VMware binary to spread banking trojans in a new phishing campaign targeting the Brazilian financial sector.

Red Alert banking malware steals credentials

A new strain of banking malware is targeting Android users, security researchers have discovered. Red Alert Trojan targets more than 60 banking and social networking apps

Trickbot banking Trojan a significant risk to financial institutions

Vitali Kremez reports how the Necurs botnet is delivering a different type of malware that poses a threat specifically to the financial sector: the "Trickbot" banking Trojan.

Interview: Dr Fatemi Ardakani, director, Bank Melli Iran: ID & authentication

Clearer definitions between privacy, security, and trust - a mix of these areas can be a great place for innovations. Identification and authentication are two particular areas that lots of innovation can happen says Dr Fatemi Ardakani

Bring on GDPR. Wonga blunders in data breach - bank details lost?

Unsurprisingly, Wonga customers have been told to change their passwords after the payday loan firm admitted it had suffered a major data breach affecting 250,000 customers.

G20 finance chiefs agree on concerted effort to fight financial crime

The agreement follows a number of high profile cyber-attacks on banking systems around the world, which has brought banking security to the top of the agenda.

Dutch registry releases scathing report on .nl domain security

SIDN, the Dutch domain registry, has released a report which says banking has less than ideal DNSSEC.

Outdated testing methods will fail to address EU cyber concerns

Chris Dye explores how banks can use testing to prevent disasters and provides practical tips on how the sector can improve cyber-resiliency.

Symantec blames Lazarus for malware targeting banks in 31 countries

Lazarus Group, widely thought to originate from North Korea, has been driven into the light once again, if reports from Symantec are to be believed.

Open Banking: Open door to mobile risks?

Tony Robinson discusses the CMA ruling on mobile banking.

LFI vulnerability allegedly found in website of Barclays/RBS

A hacker going by the name of CyberZeist is claiming to have found a Local File Inclusion vulnerability in the website of "many UK banks".

ICYMI: Cyber-Sec challenge; Tesco hack, DDoS hits Finns; US election hack?; NHS Trust downed

In this week's In Case You Missed It we look at: Youngest Cyber-Sec winner; Tesco bank hacked; DDoS hits Finns heating; US election vulnerability; NHS Trust closed by malware

Financial Conduct Authority rapped for lack of cyber experts on board

Treasury Committee member Steve Baker MP questioned the FCA about the lack of IT expertise on the board of directors, saying it was crucial to understanding complex banking systems.

New banking malware stops customers from cancelling payment cards

Symantec has spotted a new banking malware that stops a victim from cancelling a compromised payment card by blocking calls from the infected device to the bank's customer service department.

Hackers investing 40% of crime proceeds in new criminal techniques

Cyber-criminals are investing up to 40 percent of their stolen funds in improving and modernising their techniques and criminal schemes according to a recent report issued by cyber-experts at the Russian Ministry of Communications.

Retefe banking Trojan now targeting UK banking customers

Avast Security is reporting that the Retefe banking Trojan is now targeting UK banking customers by redirecting them to fake banking websites.

Check Point tracks two waves of Cerber ransomware hitting US, UK

A team of Check Point researchers has tracked two large waves of attacks using Cerber ransomware in the last few months, with more spikes in the number of incidents expected.