Finance News, Articles and Updates

Cyber-due diligence demanded for mergers, acquisitions, & cyber readiness

Given the potential the impact a significant data leak could have on the valuation of a target company, M&A practitioners must appreciate that organisations should do whatever is necessary to preserve the value of their deals.

Terdot banking trojan targets social media, email & financial services

Saying that Terdot malware is a banking trojan is kind of like saying your computer is a giant calculator. Yes, that's essentially what it is, but it's also a whole lot more.

Quarter of financial service employee mobile devices unpatched

A quarter of financial service employee mobile devices have unpatched vulnerabilities, according to a recent Symantec report.

Enterprise security budgets slashed by a third; is spend appropriate?

Enterprises seem to be getting the message, at last, that security posture cannot be measured by pocket depth as budgets get cut by a third.

ATMii ATM malware uses two modules, simple yet effective

A new family of ATM malware, dubbed ATMii, is using legitimate proprietary libraries and a small piece of code to cause the machines to spit out money and targets older Windows versions.

Banks lose £30m plus to new hybrid threat hitting former Soviet states

Banks face a new hybrid threat from hackers that has already netted criminals a cool £30 million, according to a new report.

Trading apps found to be worse at security than banking apps

Researchers find trading apps riddled with flaws despite transacting millions of pounds of shares

BlackHat: security researcher says ApplePay vulnerable to two separate attacks

Positive Technologies' Timur Yunusov says ApplePay's security measures mean that on paper it appears to have the perfect defence. But that's not case.

Hackers threaten South Korean banks with DDoS attacks

KB Kookmin Bank, Shinhan Bank, Woori Bank, KEB Hana Bank, NH Bank and two other South Korean banks were reportedly threatened with DDoS attacks last week.

Trustwave: 63 percent of breaches observed targeted payment card data

New report from security company Trustwave illustrates a wave of crime looking to steal payment information from those in the hospitality, retail and food and beverage industries.

ECB to force all Eurozone banks to report cyber-security breaches

The European Central Bank has announced it is looking to encourage information sharing between financial institutions, and the mandatory reporting of incidents appears to be a big part of its cyber-resilience strategy.

Report predicts banks to get €4.7bn fines in first 3 years under GDPR

Report urges banks to focus on breach response readiness to mitigate GDPR risk as predicted number and levels of fines are exceedingly highs.

Europol announces takedown ring of card-skimming fraudsters

The European law enforcement organisation says that thanks to the malicious activities carried out by the group, 3,000 victims have lost roughly half a million Euros.

Don't be fooled by tax scams this quarter as hackers ramp up activity

David Emm discusses the various types of tax scams and top tips for staying safe when managing tax affairs this year.

The insider threat: the biggest threat in banking cyber-security

Israel Levy discusses ways companies can strike the delicate balance between employee productivity and cyber-security best practices for financial institutions.

UK financial services firms must do better to protect customer data

The growing cyber-threat landscape makes protecting sensitive customer and company information vital, and it will only increase with GDPR coming next May.

Trio of downloaders used in recent Blackmoon banking Trojan campaign

Two recent cyber-theft campaigns targeting South Koreans employed a three-stage downloader framework that installed the Blackmoon banking Trojan on geo-targeted machines, according to a report Thursday from Fidelis.

Asian Interpol operation finds nearly 270 compromised websites

Authorities from seven Southeast Asian nations recently collaborated on an operation that exposed regional threats including malware, ransomware, DDoS attacks, and spam campaigns.

Mastercard hedges its bets on fingerprint scanner in new card

Money-giant Mastercard has unveiled a new payment card which contains a fingerprint scanner for the purposes of verification.

Union Bank of India cyber-attacked similar to Bangladesh heist

Hackers launched an attack against Union Bank of India that was very similar to the attack Bangladesh bank heist that resulted in the theft of $81 million.

Global financial firms prepare to step up cyber-security defences

In the next year, 86 percent of financial services firms plan to increase the time and resources they spend on cyber-security.

Russian banking machine theft leads investigators to ATMitch malware

According to a Securelist blog post, the primary payload used in the cyber-heists is ATMitch, a malware capable of issuing a variety of commands to compromised ATM machines, including counting the number of banknotes in a dispenser (for reconnaissance purposes) and dispensing money from any cassette with the mere touch of a button.

G20 finance chiefs agree on concerted effort to fight financial crime

The agreement follows a number of high profile cyber-attacks on banking systems around the world, which has brought banking security to the top of the agenda.

FFA UK figures released: financial fraud lost £2m each day in 2016

Financial Fraud Action UK (FFA UK) has released official figures showing that the UK lost £2 million each day during 2016 as a result of financial fraud.

Stronger authentication and a great customer experience can coexist

Sunil Gossain discusses the revised Directive on Payment Services and what it means for the industry.

Malware targeting banks contains apparent false flags designed to frame Russians

Malware samples recovered from watering hole attacks recently targeting banks across the globe contain false flags that fraudulently suggest Russian actors are behind the campaign, even though the most likely culprit is the Lazarus Group.

Uber drives down alert fatigue with customised data sets

To combat alert fatigue among its security analysts, transportation service Uber applies specially customised data sets to flagged incidents to help distinguish between genuine threats and non-malicious activities.

Data firm alerts of open web being used to trade stolen credentials

A data feed firm sees stolen credentials being traded in broad daylight, so to speak.

Only 19% of UK banks and insurers say they can detect a data breach

Only one in five (19 percent) UK financial service organisations are highly confident they can detect a data breach (21 percent globally).

Terdot Zloader/Zbot combo abuses certificate app to pull off MITM browser attacks

The downloader Terdot Zloader and its accompanying Zbot banking trojan payload abuse a legitimate certificate application to spy on users and modify web content via man-in-the-middle attacks against browsers, an in-depth code analysis shows.