Banking - Cyber Security Informer

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

They also allow the exchange of cryptocurrency for cash in accounts at some of Russia’s largest banks — nearly all of which are currently sanctioned by the United States and other western nations. At that address is a three-story building that used to be a bank and now houses a massage therapy clinic and a co-working space.

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

China-based SMS Phishing Triad Pivots to Banks

Krebs on Security

APRIL 10, 2025

The site will then complain that the visitor’s bank needs to “verify” the transaction by sending a one-time code via SMS. In reality, the bank is sending that code to the mobile number on file for their customer because the fraudsters have just attempted to enroll that victim’s card details into a mobile wallet.

Phishing

Phishing Banking Mobile Retail

Android malware FakeCall intercepts your calls to the bank

Malwarebytes

OCTOBER 31, 2024

An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank. Instead of reaching your bank, your call will be redirected to the cybercriminals. The Trojan accomplishes this by installing itself as the default call handler on the infected device.

Banking

Banking Malware Phishing Risk

Hackers stole millions of dollars from Uganda Central Bank

Security Affairs

NOVEMBER 30, 2024

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. Ugandan officials confirmed on Thursday that the national central bank suffered a security breach by financially-motivated threat actors. The Daily Monitor newspaper reported that the attackers stole 47.8

Banking

Banking Government Accountability Hacking

Exploring the Overlap: Cost Optimization and Digital Transformation

Speaker: Alex Jiménez, Managing Principal, Financial Service Consulting for EPAM

From a budget standpoint, US banks are feeling the pinch. Many US banks are bracing for increased defaults and lower demand for mortgages and other loans as interest rates have increased. The largest banks have increased reserves to protect against deteriorating economic conditions. Global economic conditions are soft at best.

Digital transformation

New version of Android malware FakeCall redirects bank calls to scammers

Security Affairs

OCTOBER 30, 2024

The latest FakeCall malware version for Android intercepts outgoing bank calls, redirecting them to attackers to steal sensitive info and bank funds. The malware allows operators to steal bank users’ sensitive information and money from their bank accounts. ” reads the report published by Zimperium.

Banking

Banking Malware Accountability Phishing

Russian authorities arrest three suspects behind Mamont Android banking trojan

Security Affairs

MARCH 28, 2025

Russian authorities arrested three suspects for developing Mamont, a newly identified Android banking trojan. Russian authorities arrested three suspects in Saratov for developing Mamont (Russian for mammoth), a recently discovered Android banking trojan. Mamont can also spread to contacts in the victims messenger app.

Banking

Banking Computers and Electronics Mobile Malware

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

Security Affairs

NOVEMBER 5, 2024

The ToxicPanda Android malware has infected over 1,500 devices, enabling attackers to perform fraudulent banking transactions. Cleafy researchers spotted a new Android banking malware, dubbed ToxicPanda, which already infected over 1,500 Android devices. ” reads the report published by Cleafy.

Banking

Banking Malware Accountability Authentication

SMS About Bank Fraud as a Pretext for Voice Phishing

Krebs on Security

NOVEMBER 10, 2021

Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text.

Banking

Banking Phishing Scams Accountability

Everything You Need to Know About Crypto

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

May 18th, 2023 at 9:30 am PDT, 12:30 pm EDT, 5:30 pm BST

Cryptocurrency

Cybercrime Rapper Sues Bank over Fraud Investigation

Krebs on Security

AUGUST 7, 2024

That story showed how Punchmade’s social media profiles promoted Punchmade-themed online stores selling bank account and payment card data. On June 26, Turner filed a pro se lawsuit against PNC Bank , alleging “unlawful discriminatory and tortuous action” after he was denied a wire transfer in the amount of $75,000.

Banking

Banking Cybercrime Accountability Retail

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

Security Affairs

FEBRUARY 4, 2025

Coyote Banking Trojan targets Brazilian users, stealing data from over 70 financial applications and websites. FortiGuard Labs researchers detected a campaign using LNK files executing PowerShell commands to deploy the Coyote Banking Trojan. Then the malware starts monitoring the active window.

Banking

Banking Malware Antivirus Cyber threats

Hackers stole millions of dollars from Uganda Central Bank

Security Affairs

NOVEMBER 30, 2024

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. Ugandan officials confirmed on Thursday that the national central bank suffered a security breach by financially-motivated threat actors. The Daily Monitor newspaper reported that the attackers stole 47.8

Banking

Banking Government Accountability Hacking

Crooks bank on Microsoft’s search engine to phish customers

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. Multi-factor authentication is still highly recommended, but users should be aware that criminals can directly ask for verification codes while pretending to be the real bank.

Engineering

Engineering Phishing Banking Authentication

The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implications, and Future Impacts

Speaker: Elizabeth "Paige" Baumann, Founder and CEO of Paige Baumann Advisory, LLC

Paige Baumann will walk us through the impacts of the AMLA, and you'll leave this session with a new understanding of: The catalysts for this new law and how it amended the Bank Secrecy Act of 1970 Rulemaking and other actions taken by the U.S. The AMLA represents the most significant changes in U.S.

Banking

Shedding AI Light on Bank Wire Transfer Fraud

Security Boulevard

OCTOBER 31, 2024

The post Shedding AI Light on Bank Wire Transfer Fraud appeared first on Security Boulevard. Wire transfer fraud occurs when scammers convince a company to send money to a fraudulent account. While weeding out suspicious requests like this may seem rudimentary, it’s not.

Banking

Banking Accountability Social Engineering Engineering

California Cryobank, the largest US sperm bank, disclosed a data breach

Security Affairs

MARCH 19, 2025

California Cryobank, the largest US sperm bank, suffered a data breach exposing customer information. California Cryobank (CCB) is the largest sperm bank in the U.S., providing frozen donor sperm and reproductive services, including egg and embryo storage.

Data breaches

Data breaches Banking Insurance Hacking

Fintech Giant Finastra Investigating Data Breach

Krebs on Security

NOVEMBER 19, 2024

Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. However, it did reference many of the same banks called out as Finastra customers in the Nov.

Data breaches

Data breaches Banking Cybercrime Advertising

Sperm bank breach deposits data into hands of cybercriminals

Malwarebytes

MARCH 19, 2025

California Cryobank (CCB) is a sperm donation and cryopreservation firm and one of the US top sperm banks. The information potentially involved varies by customer but includes names and one or more of the following: Drivers license numbers Bank account and routing numbers.

Banking

Banking Data breaches Computers and Electronics Passwords

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Does our bank understand and support the importance of a strong ERM program to continue to position our company for growth? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk? Are we leveraging risk velocity and vulnerability to obtain more granular residual risk results?

Banking

Crooks are reviving the Grandoreiro banking trojan

Security Affairs

MARCH 28, 2025

Grandoreiro Banking Trojan resurfaces, targeting users in Latin America and Europe in new phishing campaigns. Forcepoint X-Labs researchers warn of new phishing campaigns targeting Latin America and Europe in new phishing campaigns.

Banking

Banking Phishing Malware Passwords

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

Security Affairs

MARCH 29, 2025

The new Android trojan Crocodilus exploits accessibility features to steal banking and crypto credentials, mainly targeting users in Spain and Turkey. ThreatFabric researchers discovered a new Android trojan called Crocodilus, which exploits accessibility features to steal banking and crypto credentials. ” ThreatFabric concludes.

Banking

Banking Mobile Identity Theft Malware

Tenable: 26,500 Cyber Vulnerabilities Risk SE Asia’s Banks

Tech Republic Security

SEPTEMBER 6, 2024

Tenable's research reveals 26,500 cyber vulnerabilities in Southeast Asia's banking and insurance sectors, exposing critical security risks.

Banking

Banking Risk Insurance Financial Services

Banks Must Report Cyber Incidents Beginning in May 2022

Lohrman on Security

DECEMBER 12, 2021

financial institutions are leaders in global cyber defense. Recently approved rules will mandate the reporting of security incidents next year. We explore the topic with cybersecurity expert Michael McLaughlin.

Banking

Banking Cybersecurity

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists. million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! It’s mindboggling, but right now for 49% of respondents, cybersecurity is their primary business concern.

Ransomware

DOGE as a National Cyberattack

Schneier on Security

FEBRUARY 13, 2025

This approach, known as “separation of duties,” isn’t just bureaucratic red tape; it’s a fundamental security principle as old as banking itself. When your local bank processes a large transfer, it requires two different employees to verify the transaction.

Government

Government Artificial Intelligence Banking Software

Credit Card Fraud That Bypasses 2FA

Schneier on Security

SEPTEMBER 20, 2022

And bank cards can be stopped. Once they have the phone and the card, they register the card on the relevant bank’s app on their own phone or computer. That verification passcode is sent by the bank to the stolen phone. Once accepted, they have control of the bank account.

Banking

Banking Accountability Passwords Authentication

Change Healthcare Breach Hits 100M Americans

Krebs on Security

OCTOBER 30, 2024

Having a freeze in place does nothing to prevent you from using existing lines of credit you may already have, such as credit cards, mortgage and bank accounts.

Healthcare

Healthcare Insurance Computers and Electronics Data breaches

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

NOVEMBER 19, 2021

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. “Members don’t have to request to use Zelle.

Scams

Scams Banking Passwords Authentication

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. Bank customers. Bank customers.

Malware

Malware Banking Phishing DDOS

Threat Modeling and Logins

Adam Shostack

JANUARY 2, 2025

Recently, I was opening a new bank account. The bank unexpectedly sent me a temporary password to sign up, and when I did, the temporary password had expired. But then, after I went to reset the password, the bank emailed me a one time code. Only enter it on the bank mobile app or website. Good for them! Less frustration.

Banking

Banking Passwords Password Management Authentication

The FFIEC’s Origins and Purpose for Banking Industry

Centraleyes

MARCH 27, 2025

central banking system. The Office of the Comptroller of the Currency (OCC) – Regulates and supervises national banks and federal savings associations. FFIEC 031 applies to banks with both domestic and foreign offices, while FFIEC 041 applies to banks with domestic branches only.

Banking

Banking Insurance Consumer Protection Risk

Many Public Salesforce Sites are Leaking Private Data

Krebs on Security

APRIL 27, 2023

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. Huntington Bank has disabled the leaky TCF Bank Salesforce website.

Banking

Banking Government Information Security Authentication

The FFIEC’s Origins and Purpose for Banking Industry

Security Boulevard

MARCH 27, 2025

This comprehensive guide will explore the councils origins, structure, responsibilities, [] The post The FFIECs Origins and Purpose for Banking Industry appeared first on Centraleyes. The post The FFIECs Origins and Purpose for Banking Industry appeared first on Security Boulevard.

Banking

News alert: Wultra secures €3M funding to help financial firms mitigate coming quantum threats

The Last Watchdog

JANUARY 15, 2025

Czech cybersecurity startup Wultra has raised 3 million from Tensor Ventures, Elevator Ventures, and J&T Ventures to accelerate the development of its post-quantum authentication technology, safeguarding banks and fintech against the coming wave of quantum threats. Financial institutions must act now to protect their infrastructure.

Banking

Banking Authentication Technology Marketing

Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat

Security Boulevard

FEBRUARY 14, 2025

Plus, Europol offers best practices for banks to adopt quantum-resistant cryptography. In addition to adopting post-quantum cryptography , banks and other financial institutions should take this opportunity to boost their cryptography management practices, according to Europol.

Banking

Banking Cybercrime Cybersecurity Ransomware

Weekly Update 397

Troy Hunt

APRIL 28, 2024

Remember the old "bank grade security" adage? This week, Commbank is telling people to use a password manager but just not for their bank password, and ANZ bank is forcing people to rotate their passwords once a year because, uh, hackers?

Banking

Banking Passwords Password Management Data breaches

Fooling a Voice Authentication System with an AI-Generated Voice

Schneier on Security

MARCH 1, 2023

A reporter used an AI synthesis of his own voice to fool the voice authentication system for Lloyd’s Bank.

Authentication

Authentication Banking Artificial Intelligence

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

Madory said Kaspersky’s network appears to be hosting several financial institutions , including Russia’s largest — Alfa-Bank. Doug Madory , director of Internet analysis at Kentik , said routing records show the relationship between Prospero and Kaspersky started at the beginning of December 2024.

Malware

Malware Antivirus Software DDOS

Cybersecurity Snapshot: WEF Offers AI Security Best Practices, as DORA Regulation Places Strict Cyber Rules on Banks

Security Boulevard

JANUARY 24, 2025

Plus, the EUs DORA cyber rules for banks go into effect. DORA establishes strict cybersecurity requirements for financial firms including banks , insurance companies and investment firms, as well as for third-parties that provide information and communications technology (ICT) products and services to financial sector organizations.

Banking

Banking Cybersecurity Artificial Intelligence Ransomware

What Can We Learn from the Largest Global IT Incident Ever?

Lohrman on Security

JULY 28, 2024

On July 19, 2024, a CrowdStrike software update unleashed mayhem on computer systems at airports, banks and more from Australia to Atlanta. What happened, and what lessons can we take away?

Banking

Banking Software

PIN-Stealing Android Malware

Schneier on Security

JANUARY 9, 2024

This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN : The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password (..)

Malware

Malware Banking Passwords Authentication

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Security Affairs

NOVEMBER 24, 2024

Stolen information offered for sale on the carding website included bank account, credit card, and debit card numbers and associated information for conducting transactions. PopeyeTools was a dark web marketplace specializing in selling stolen credit cards and cybercrime tools, facilitating fraud and illicit online activities since 2016.

Cybercrime

Cybercrime Cryptocurrency Banking Accountability

Learning from Troy Hunt’s Sneaky Phish

Adam Shostack

APRIL 5, 2025

I do this for banks, and send them to a folder named for the bank. Maybe some jerk will see this, and think all of Adams custom addresses are vendor and three digits and says, hah, Ill send to all of those! Ill see dozens or hundreds of attempts, and I may get sneakier, and tell mailchimp theyre now +fdsafu8ewrejwddms. (I

Phishing

Phishing Banking Internet Internet

How Cryptocurrency Turns to Cash in Russian Banks

China-based SMS Phishing Triad Pivots to Banks

Trending Sources

Android malware FakeCall intercepts your calls to the bank

Hackers stole millions of dollars from Uganda Central Bank

Exploring the Overlap: Cost Optimization and Digital Transformation

New version of Android malware FakeCall redirects bank calls to scammers

Russian authorities arrest three suspects behind Mamont Android banking trojan

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

SMS About Bank Fraud as a Pretext for Voice Phishing

Everything You Need to Know About Crypto

Cybercrime Rapper Sues Bank over Fraud Investigation

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

Hackers stole millions of dollars from Uganda Central Bank

Crooks bank on Microsoft’s search engine to phish customers

The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implications, and Future Impacts

Shedding AI Light on Bank Wire Transfer Fraud

California Cryobank, the largest US sperm bank, disclosed a data breach

Fintech Giant Finastra Investigating Data Breach

Sperm bank breach deposits data into hands of cybercriminals

ERM Program Fundamentals for Success in the Banking Industry

Crooks are reviving the Grandoreiro banking trojan

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

Tenable: 26,500 Cyber Vulnerabilities Risk SE Asia’s Banks

Banks Must Report Cyber Incidents Beginning in May 2022

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

DOGE as a National Cyberattack

Credit Card Fraud That Bypasses 2FA

Change Healthcare Breach Hits 100M Americans

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Disneyland Malware Team: It’s a Puny World After All

Threat Modeling and Logins

The FFIEC’s Origins and Purpose for Banking Industry

Many Public Salesforce Sites are Leaking Private Data

The FFIEC’s Origins and Purpose for Banking Industry

News alert: Wultra secures €3M funding to help financial firms mitigate coming quantum threats

Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat

Weekly Update 397

Fooling a Voice Authentication System with an AI-Generated Voice

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Cybersecurity Snapshot: WEF Offers AI Security Best Practices, as DORA Regulation Places Strict Cyber Rules on Banks

What Can We Learn from the Largest Global IT Incident Ever?

PIN-Stealing Android Malware

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Learning from Troy Hunt’s Sneaky Phish

Stay Connected