- Now this password-stealing Android malware wants to grab your bank details too
January 5, 2023
A prolific and powerful form of Android malware has switched its attention to online banking applications, using abilities including keylogging to steal usernames and passwords for bank accounts, social media profiles and more. Detailed by researchers at cybersecurity company ThreatFabric, the Android malware is part of the SpyNote family, a form of trojan spyware which has ...
- Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa
January 5, 2023
Bluebottle, a cyber-crime group that specializes in targeted attacks against the financial sector, is continuing to mount attacks on banks in Francophone countries. The group makes extensive use of living off the land, dual-use tools, and commodity malware, with no custom malware deployed in this campaign. The activity observed by Symantec, a division of Broadcom Software, ...
- Godfather: A banking Trojan that is impossible to refuse
December 21, 2022
The Android banking Trojan Godfather is currently being utilized by cybercriminals to attack users of popular financial services across the globe. Godfather is designed to allow threat actors to harvest login credentials for banking applications and other financial services, and drain the accounts. To date, its victims include users of over 400 international targets, including ...
- California Department of Finance dealing with cybersecurity incident; no state funds compromised
December 12, 2022
An investigation is underway after a cybersecurity incident involving the California Department of Finance. The California Cyber Security Integration Center (Cal-CSIC) confirmed the incident on Monday but offered few specifics. Officials did note, however, that no state funds had been compromised. Read more… Source: MSN News
- UK arrests five for selling ‘dodgy’ point of sale software
December 12, 2022
Tax authorities from Australia, Canada, France, the UK and the USA have conducted a joint probe into “electronic sales suppression software” – applications that falsify point of sale data to help merchants avoid paying tax on their true revenue. A Friday announcement from the Joint Chiefs of Global Tax Enforcement (known as the J5), states that ...
- Clop ransomware uses TrueBot malware for access to networks
December 11, 2022
Security researchers have noticed a spike in devices infected with the TrueBot malware downloader created by a Russian-speaking hacking group known as Silence. The Silence group is known for its big heists against financial institutions, and has begun to shift from phishing as an initial compromise vector. The threat actor is also using a new custom data ...
- DeathStalker targets legal entities with new Janicab variant
December 8, 2022
“Dosen’t matter how long you wait for the bus on a rainy day, X seconds was enough to get wet?” Just to clarify, the above subheading isn’t a normal quote, but a message that Janicab malware attempted to decode in its newest use of YouTube dead-drop resolvers (DDRs). While hunting for less common Deathstalker intrusions that use ...
- REvil-hit Medibank to pull plug on IT, shore up defenses
December 8, 2022
Australian health insurance company Medibank will take all of its IT systems offline and close its branches over the weekend as part of its ongoing efforts to improve security and recover from a massive data security breach in October. The planned outage, dubbed Operation Safeguard, begins at 2030 Sydney time on Friday, December 9. The insurer ...
- DEV-0139 launches targeted attacks against the cryptocurrency industry
December 6, 2022
Over the past several years, the cryptocurrency market has considerably expanded, gaining the interest of investors and threat actors. Cryptocurrency itself has been used by cybercriminals for their operations, notably for ransom payment in ransomware attacks, but Microsoft researchers have also observed threat actors directly targeting organizations within the cryptocurrency industry for financial gain. Attacks ...
- Russian VTB bank reports major DDoS attack on bank from overseas
December 6, 2022
VTB’s technical infrastructure is currently under a major cyberattack from abroad. The bank’s customers may face temporary problems when using the application and the web version of VTB online due to the measures in tackling the attack that are in progress, the press service of Russia’s second-biggest lender reported on Tuesday. “VTB’s technological infrastructure is currently ...
- UK: Cambridge Water customers’ bank details published to dark web after cyber attack
December 3, 2022
Bank account details of Cambridge Water customers have been published to the dark web, following a cyber attack. Customers have been left alarmed and furious after learning that names and current addresses, sort codes and account numbers are among the data stolen by cyber criminals from its parent company, South Staffordshire plc, back in August. Cambridge Water ...
- Watch out for this triple-pronged PayPal phishing and fraud scam
December 2, 2022
My day started rough. It was 7 a.m., and I was just partially through my first cup of coffee, when I noticed a new message in my email inbox. It was from PayPal and the subject line said, “You’ve got a money request.” And so began my first look at this three-pronged PayPal phishing scam. Read more… Source: ZDNet
- Australian Cyber Task Force Looks to “Hack the Hackers” After Data Breach Crime Wave
November 24, 2022
A recent string of data breaches has prompted rapid changes to Australia’s cybersecurity and data protection policies, and the latest development appears to be a cyber task force set to “hack back” and actively pursue what Minister for Home Affairs Clare O’Neil described as “scumbags.” Home Affairs is promising a new “tough on crime” policy toward ...
- Cyber-enabled financial crime: USD 130 million intercepted in global INTERPOL police operation
November 24, 2022
LYON, France – An INTERPOL police operation to tackle online fraud has seen almost 1000 suspects arrested and the seizure of USD 129,975,440 worth of virtual assets. Fraud investigators around the world worked together over five months (28 June – 23 November) to intercept money and virtual assets linked to a wide range of cyber-enabled financial ...
- Estonian duo accused of $575m cryptocurrency scam
November 22, 2022
Police in Estonia have arrested two men suspected of running a $575m (£485m) cryptocurrency scam involving hundreds of thousands of victims. Estonian police investigated the case with the FBI, and US authorities want to extradite the pair – Estonians Sergei Potapenko and Ivan Turogin. The two 37-year-olds allegedly got people to invest in a cryptocurrency mining service ...
- Gambian Central Bank says ‘don’t panic’ after data hack
November 18, 2022
The Gambia’s Central Bank says there’s no need to panic after a data hack. Sources allege the hackers managed to access the bank’s most sensitive files, but in a statement the Central Bank said no mission-critical systems were compromised, and that normal operations have continued unabated. It did however say one server was affected, which was promptly ...
- DTrack activity targeting Europe and Latin America
November 15, 2022
DTrack is a backdoor used by the Lazarus group. Initially discovered in 2019, the backdoor remains in use three years later. It is used by the Lazarus group against a wide variety of targets. For example, Kaspersky researchers seen it being used in financial environments where ATMs were breached, in attacks on a nuclear power ...
- Massive Phishing Campaigns Target India Banks’ Clients
November 7, 2022
Trend Micro researchers observed an uptick in attacks targeting bank customers in India, the common entry point being a text message with a phishing link. The SMS content urges the victims to open the embedded phishing link or malicious app download page and follow the instructions: To fill in their personally identifiable information (PII) and ...
- DDoS attacks in Q3 2022
November 7, 2022
In Q3 2022, DDoS attacks were, more often than not, it seemed, politically motivated. As before, most news was focused on the conflict between Russia and Ukraine, but other high-profile events also affected the DDoS landscape this quarter. The pro-Russian group Killnet, active since January 2022, took the responsibility for several more cyberattacks. According to the ...
- Robin Banks phishing service returns to steal banking accounts
November 4, 2022
The Robin Banks phishing-as-a-service (PhaaS) platform is back in action with infrastructure hosted by a Russian internet company that offers protection against distributed denial-of-service (DDoS) attacks. Robin Banks faced operational disruption in July 2022, when researchers at IronNet exposed the platform as a highly threatening phishing service targeting Citibank, Bank of America, Capital One, Wells Fargo, ...