Banco Santander warns of a data breach exposing customer info

May 15, 2024 at 10:16AM Banco Santander S.A. confirmed a recent data breach impacting customers and employees in Spain, Chile, and Uruguay. The unauthorized access to a third-party hosted database led to the compromise of information for current and some former employees as well as customers. The bank has implemented fraud prevention measures and assured … Read more

Largest non-bank lender in Australia warns of a data breach

May 13, 2024 at 10:19AM Firstmac Limited, a major player in Australia’s financial industry, discloses a data breach following a cyber-extortion group’s leak of over 500GB of information allegedly stolen from the company. Despite compromised personal data, they assure customers of secure accounts and have enhanced security measures, including two-factor authentication. Customers receive free identity … Read more

Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach

April 30, 2024 at 04:14PM The Philadelphia Inquirer disclosed a May 2023 cyberattack which compromised the personal and financial data of 25,549 individuals. The breach led to disruption in the publication of the print newspaper, prompting home-delivery subscribers to rely on the unaffected website for news. The incident was claimed by the Cuba ransomware group, … Read more

FBI warns against using unlicensed crypto transfer services

April 25, 2024 at 05:19PM The FBI warned against using unlicensed cryptocurrency platforms due to financial risks and potential law enforcement takedowns. It advised checking for Money Services Business registration, providing KYC information, and being cautious with cryptocurrency services. This comes after the takedown of Samourai, its founders’ charges for money laundering, and the substantial … Read more

Korean researcher details scheme abusing Apple’s third-party pickup policy

April 18, 2024 at 12:06PM At Black Hat Asia, a Korean researcher uncovered a phishing operation leveraging second-hand shops and Apple’s pickup method for financial gain. Their discovery of a payment widget led to uncovering over 50 online stores involved in the scam and the theft of 8,000 credit cards and 5 million personal information … Read more

Roku Mandates 2FA for Customers After Credential-Stuffing Compromise

April 15, 2024 at 04:19PM Roku is enforcing mandatory two-factor authentication for all users following two incidents where customer accounts were compromised. Approximately 591,000 customers were affected, with 400 having their accounts used for unauthorized purchases. The breach did not expose sensitive financial or personal information, and Roku has reset passwords for the affected accounts. … Read more

Solar Spider Spins Up New Malware to Entrap Saudi Arabian Financial Firms

April 8, 2024 at 02:06AM A new version of the JSOutProx JavaScript remote access Trojan targets organizations in the Middle East and Asia-Pacific, infecting victims with multiple plugins and sophisticated capabilities. The group behind it, Solar Spider, appears to be linked to China. Visa warns financial institutions about the malware’s threat and advises vigilance and … Read more

Anti-Fraud Project Boosts Security of African, Asian Financial Systems

March 11, 2024 at 01:37PM The nonprofit launched Tazama, an open source platform providing anti-fraud capabilities to financial systems in Africa, Asia, and the Middle East. Funded by the Linux Foundation and Gates Foundation, it completed pilot projects in Jordan and South Africa and aims to expand, addressing the lack of banking services and low … Read more

First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches

March 6, 2024 at 05:31PM FILI notified 30,000 individuals of a third-party data breach, affecting names, Social Security numbers, bank account details, and more. This is the second breach involving IMS this year. Jeff Margolies points to increased third-party security breaches and the need for better third-party access management. Fidelity offers 24 months of credit … Read more

New APT Group ‘Lotus Bane’ Behind Recent Attacks on Vietnam’s Financial Entities

March 6, 2024 at 02:15AM A new cyber attack targeting a financial entity in Vietnam was linked to Lotus Bane, an advanced persistent threat group with methods overlapping those of OceanLotus. This suggests possible connections with or inspirations from OceanLotus, though the different target industries indicate potential differences. Financial organizations worldwide have been targeted by … Read more