• Banking Trojans Top Threats to Financial Services Firms
    Banking Trojans represent the biggest potential threat to financial institutions and their customers, and are on the rise, according to new research from Blueliv. The Spanish threat intelligence firm released data from a recent Twitter poll of over 11,000 users and its newly launched report for the banking sector, Follow the Money. Nearly a third (31%) of respondents claimed banking Trojans were the biggest threat to financial services firms, followed by mobile malware (28%), a category also increasingly comprised of Trojans designed to access customer accounts. The poll also revealed that skills shortages (28%) are the biggest challenge facing banks’ IT security teams as they try to build out programs. The poll also highlighted the challenges associated with high volumes of threats and alerts (26%) and poor visibility into threats (20%), which it is claimed are hampering banking cybersecurity teams as they struggle to combat attacks. “Security teams can be easily overwhelmed by the number of threat alerts they receive which can very quickly result in alert fatigue and desensitization to real, preventable threats.Read More
  • UK Card Fraud Losses Now Accounts for Half of Europe
    UK card fraud now accounts for half of all losses across Europe, driven by data breaches and online scams, according to new findings from FICO. The predictive analytics firm’s newly launched interactive European Fraud Map reveals that UK card fraud losses hit a record £671 in 2018, up 19% from the previous year. The vast majority of the UK’s losses (£506.4m) came from card-not-present (CNP) channels, which are dominated these days by online fraud. “The sheer volume of attempted fraud has meant that, although more fraud is being prevented now than ever before, and that it’s being caught earlier in the attack cycle, the total value lost is still on the rise,” said Matt Cox, the firm's vice president for fraud management solutions in Europe. “The key to fighting online fraud lies in establishing practices to protect against data compromise,” said Cox. “Drawing on global networks of loss data and confirmed cases of fraud enables businesses to identify and prevent data breaches significantly earlier, reducing the customer losses and operational pressures that often result from these attacks.”Read More
  • New Linux Vulnerability Lets Attackers Hijack VPN Connections
    Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams. • Ubuntu 19.10 (systemd) • Fedora (systemd) • Debian 10.2 (systemd) • Arch 2019.05 (systemd) • Manjaro 18.1.1 (systemd) • Devuan (sysV init) • MX Linux 19 (Mepis+antiX) • Void Linux (runit) • Slackware 14.2 (rc.d) • Deepin (rc.d) • FreeBSD (rc.d) • OpenBSD (rc.d) All VPN implementations are affected This security flaw "allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website," according to William J. Tolley, Beau Kujath, and Jedidiah R. Crandall, Breakpointing Bad researchers at University of New Mexico.Read More
  • U.S. Authorities Take Action Against 600 Money Mules
    Money mules are individuals who assist fraud schemes by receiving money from victims and transferring proceeds to perpetrators. More than 550 individuals were interviewed and over 500 warning letters were sent to individuals who recently served as money mules. Authorities also executed search warrants to secure evidence from those who knowingly aided and abetted fraud schemes, including transnational elder fraud schemes. In November, the DoJ’s Transnational Elder Fraud Strike Force indicted a Georgia man for a $6.5 million online romance scam and business email compromise fraud, four other Georgia residents for fraud schemes targeting retirees and federal benefit programs, and six other individuals involved in a prize-notification scheme. “The Money Mule initiative highlights the importance of partnership to stop fraud schemes, and it sends a message to all who are engaged in money mule activity that they will be caught and prosecuted,” said FBI Director Christopher Wray. A similar initiative against money mules was announced this week in Europe, where authorities said they had identified over 3,800 money mules and 386 recruiters, of which 228 were arrested.Read More
  • Facebook Sues Company For Hijacking Accounts to Run Bad Ads
    In a lawsuit filed today, Facebook alleges that a Chinese company used malware to compromise user accounts to run deceptive ads on the social media platform. A second practice is called 'cloaking' and consists in hiding from Facebook's systems the real destination of a link carried by the advertisement. When clicked, the ad would take users to the real landing page while Facebook would be served a version that abides by the platforms Terms and Advertising Policies. Facebook refunded the users that fell victim to these schemes and got their accounts used to run unauthorized ads and helped them secure their accounts. "Creating real-world consequences for those who deceive users and engage in cloaking schemes is important in maintaining the integrity of our platform" Facebook One of them accesses the 'account_billing' directory, which holds information that allows calling a Facebook Graph API and extract data from the user's Ads Manager settings.Read More
  • Reasons to be fearful 2020: Smishing, public Wi-Fi, deepfakes... and all the usual suspects
    Certain types of company are more likely to face cyber attacks in 2020, Experian believes. It predicted that cannabis retailers and cryptocurrency exchanges will face more attacks and as immature businesses may not have made the security investment needed to protect their customers. It marked itself with another B grade for suggesting that a mobile network would see a simultaneous and successful attack on both Android and Apple phones. Capital One suffered a massive data loss and the hacker accused of the attack has been charged with targeting another 30 AWS-hosted companies. And a mixed A grade for Experian's prediction that online gamers would fall victim to attacks from crooks posing as fellow, friendly gamers. 2019 did see data losses at Zynga and distributed denial-of-service (DDoS) attacks on gaming servers, but no active attacks from people posing as gamers.Read More
  • VMware Patches ESXi Vulnerability That Earned Hacker $200,000
    VMware on Thursday informed customers that it has released patches for a critical remote code execution vulnerability in ESXi that was disclosed recently at the Tianfu Cup hacking competition in China. This year it took VMware more than two weeks to address the vulnerability disclosed at the Tianfu Cup contest, but in 2018 it took the company less than a week to patch a Workstation vulnerability that earned a researcher $100,000 at the hacking event. At this year’s Tianfu Cup, white hat hackers earned $545,000 for demonstrating exploits against products from VMware, Microsoft, Google, Apple, D-Link, and Adobe. Related: VMware Patches Six Vulnerabilities in Various Products Related: VMware Patches Critical Harbor Vulnerability Related: VMware Patches Potentially Serious Pixel Shader VulnerabilitiesRead More
  • Android Vulnerability Exposes Almost All Apps To Attacks
    Android threats continue to hit users, and recently, security researchers revealed a newly discovered Android vulnerability called ‘StrandHogg.’ It allows malware to act as a legit app to attack Android users, which is Google’s operating system. They discovered that all of the top 500 most popular apps are at risk, and all versions of Android are affected, including the latest Android 10. Photo: REUTERS/Dado Ruvic Lookout, one of the partners or Promon, confirmed that it has identified 36 malicious apps exploiting the StrandHogg vulnerability. This includes the Bankbot, a popular banking trojan, which has been in action since 2017. Promon CTO Tom Lysemose Hans shared that if this vulnerability is left unaddressed, Strandhogg could have an unprecedented impact in scale and amount of damage considering most apps by default are vulnerable, and all versions of Android are affected. It orchestrates its evil by utilizing a weakness in the multitasking system of Android to execute attacks that allow malicious apps to hide in plain sight by posing as legit apps.Read More
  • Data Breach Impacts Thousands of Fort Worth Water Customers
    About 3,000 Fort Worth residents who used credit cards to pay their water bills online may have had their personal information stolen, the water department says.A city contractor, CentralSquare, determined that someone hacked into the software used to process credit card information, water department spokeswoman Mary Gugliuzza said Thursday.The customers whose data may have been stolen are being notified, she said.The stolen information may include names, addresses and credit card data, including numbers and security codes and affects customers who made online payments between Aug. 27 and Oct. 23, she said.CentralSquare is offering impacted customers free credit monitoring for one year.Customers who had set up recurring payments by credit cards were not affected by the breach unless they changed credit card numbers online between August and October, Gugliuzza said.Customers who paid by bank draft, by phone or in person also were not impacted.Read More
  • These companies are teaming up to pursue a $1B cyber contract
    ManTech and General Dynamics are joining forces to compete for the Pentagon’s top cyber training contract, a deal that is thought to be worth nearly $1 billion. In a Dec. 5 Facebook post, ManTech announced the partnership with General Dynamics Information Systems and General Dynamics Mission Systems for the Cyber Training, Readiness, Integration, Delivery and Enterprise Technology (TRIDENT) contract. The primary component of the contract is the Persistent Cyber Training Environment (PCTE), an online client in which members of U.S. Cyber Command’s cyber mission force can log on from anywhere in the world for training and to rehearse missions. Pentagon leaders view PCTE as one of the more critical needs for Cyber Command. Currently, no integrated or robust cyber training environment exists.Read More