Banking News, Articles and Updates

More than £4 million stolen from Russian central bank via SWIFT system

Hackers stole £4.3 million from the Russian central bank last year via the SWIFT messaging system, according to report from the bank.

Unauthorised party access data on 800K Swisscom customers

Telecom giant Swisscom Wednesday disclosed that an unauthorised intruder misappropriated an unnamed sales partner's access to its data, thereby compromising basic information pertaining to approximately 800,000 customers.

One third of Britons would apply to be a money mule

One third (32 percent) of Britons would apply for a job as a money mule - knowingly helping criminals launder money, according to the results of a fake job advert set up by Santander.

FakeBank malware accesses sensitive SMS banking messages

A newly discovered mobile malware program that primarily targets Russian banking customers can take over victims' SMS capabilities, allowing cyber-criminals to intercept text messages that contain bank security codes.

Android banking trojan targets more than 232 apps

Security researchers have found a new strain of malware targeting banking apps on Android devices.

TLS implementation bug put millions at risk

A critical security bug put millions of banking app users at risk, according to researchers from the University of Birmingham.

Security flaw puts 10 million banking app users at risk

Vulnerability could enable hackers to carry out MitM attacks on bank apps - 10 million users at risk

New Ursnif variants silently targets banks and employ redirection attacks

New Ursnif variants being tested in the wild are using redirection attacks to target Australian banks and malicious TLS callback techniques to achieve process injection.

New IcedID banking trojan already rivals worst of its malware peers

A banking trojan that's been targeting US financial institutions and services since at least September is already as advanced in its capabilities as its predecessors Zeus, Gozi, and Dridex, researchers from IBM have reported.

Banking Trojan gang poisons Google results to spread malware: more comment

Cunning SEO trickery and new variant of Zeus Panda targets international banking customers

Corebot banking trojan returns - after modifying indicators of compromise

A new variant of the banking Trojan, CoreBot, which was mainly active in the summer of 2015, has been spotted by security researchers with the new variant spreading via malicious Office documents.

Russian hackers silently threaten global financial organisations

A new bankrobber Trojan has been identified by researchers at Kaspersky Lab, quietly stealing money direct from the banks themselves rather than targeting customers.

Ursnif banking malware surges in Japan, banks and payment card Cos hit

Malspam campaigns designed to spread the Ursnif banking trojan have been heavily targeting Japanese banks and payment card providers in 2017, especially since September, according to IBM'sX-Force research team.

Swiss phishing scam aims to download Retefe banking trojan

Researchers with PhishMe have released the details of a phishing campaign, currently being run in Switzerland, that uses a tax dodge to entice its victims to open an attached file, which will then download the Retefe banking trojan.

LokiBot Android Banking Trojan turns into ransomware in last ditch effort

An Android banking trojan dubbed LokiBot turns into a ransomware when users try to remove its admin privileges in a last ditch effort to extort the user.

North Korean hackers suspected of targeting Nepali bank SWIFT codes

Cyber-criminals used stolen SWIFT codes to transfer money from multiple Nepali banks on 19 October 2017.

ATMii ATM malware uses two modules, simple yet effective

A new family of ATM malware, dubbed ATMii, is using legitimate proprietary libraries and a small piece of code to cause the machines to spit out money and targets older Windows versions.

Brazilian banking trojan uses legit VMware binary to bypass security

Cyber-criminals are using legitimate VMware binary to spread banking trojans in a new phishing campaign targeting the Brazilian financial sector.

Red Alert banking malware steals credentials

A new strain of banking malware is targeting Android users, security researchers have discovered. Red Alert Trojan targets more than 60 banking and social networking apps

Trickbot banking Trojan a significant risk to financial institutions

Vitali Kremez reports how the Necurs botnet is delivering a different type of malware that poses a threat specifically to the financial sector: the "Trickbot" banking Trojan.

Interview: Dr Fatemi Ardakani, director, Bank Melli Iran: ID & authentication

Clearer definitions between privacy, security, and trust - a mix of these areas can be a great place for innovations. Identification and authentication are two particular areas that lots of innovation can happen says Dr Fatemi Ardakani

Bring on GDPR. Wonga blunders in data breach - bank details lost?

Unsurprisingly, Wonga customers have been told to change their passwords after the payday loan firm admitted it had suffered a major data breach affecting 250,000 customers.

G20 finance chiefs agree on concerted effort to fight financial crime

The agreement follows a number of high profile cyber-attacks on banking systems around the world, which has brought banking security to the top of the agenda.

Dutch registry releases scathing report on .nl domain security

SIDN, the Dutch domain registry, has released a report which says banking has less than ideal DNSSEC.

Outdated testing methods will fail to address EU cyber concerns

Chris Dye explores how banks can use testing to prevent disasters and provides practical tips on how the sector can improve cyber-resiliency.

Symantec blames Lazarus for malware targeting banks in 31 countries

Lazarus Group, widely thought to originate from North Korea, has been driven into the light once again, if reports from Symantec are to be believed.

Open Banking: Open door to mobile risks?

Tony Robinson discusses the CMA ruling on mobile banking.

LFI vulnerability allegedly found in website of Barclays/RBS

A hacker going by the name of CyberZeist is claiming to have found a Local File Inclusion vulnerability in the website of "many UK banks".

ICYMI: Cyber-Sec challenge; Tesco hack, DDoS hits Finns; US election hack?; NHS Trust downed

In this week's In Case You Missed It we look at: Youngest Cyber-Sec winner; Tesco bank hacked; DDoS hits Finns heating; US election vulnerability; NHS Trust closed by malware

Financial Conduct Authority rapped for lack of cyber experts on board

Treasury Committee member Steve Baker MP questioned the FCA about the lack of IT expertise on the board of directors, saying it was crucial to understanding complex banking systems.