Tag: finance
-
Cryptohack Roundup: South Korea Busts $102M Laundering Ring
Also: $7 Million Saga and $5 Million Makina Finance Exploits. This week, South Korea dismantled a million money laundering ring, Saga paused SagaEVM after a $7 million exploit, Makina Finance lost $5 million, a Utah man sentenced to three years for fraud and illegal cash conversion and a software flaw let traders win Ethereum transaction…
-
Bank of England: Financial sector failing to implement basic cybersecurity controls
Mind the cyber gap similar flaws highlighted multiple years in a row First seen on theregister.com Jump to article: www.theregister.com/2026/01/22/financial_sector_cyber_gap/
-
Spanish e-retailer PcComponentes denies report it was hacked
token) that is used to identify the payment, but does not allow the card to be viewed or charges to be made on its own. This code has no value outside the payment system and cannot be used fraudulently. For this reason, there is no risk of bank details being stolen”; nor are customer passwords,…
-
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
Tags: ai, crypto, finance, intelligence, jobs, middle-east, north-korea, programming, service, softwareAs many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America.The new findings First seen…
-
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
Tags: ai, crypto, finance, intelligence, jobs, middle-east, north-korea, programming, service, softwareAs many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America.The new findings First seen…
-
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
Tags: ai, crypto, finance, intelligence, jobs, middle-east, north-korea, programming, service, softwareAs many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America.The new findings First seen…
-
CFOs, CISOs clash over cybersecurity spending as threats mount: Expel
Four in 10 surveyed finance leaders said quantified risk reduction would make it easier to justify a cybersecurity spending hike. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cfos-cisos-clash-cybersecurity-spending-expel/810091/
-
Peruvian Loan Scam Harvests Cards and PINs via Fake Applications
Loan phishing operation in Peru is stealing card info by impersonating financial institutions First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/loan-scam-harvests-cards-pins/
-
Face-Swapping Tools Pose Elevated ‘Know Your Customer’ Risks
Easy-to-Use Deepfake Services for Criminals Rapidly Improving, Researchers Warn. Financial firms’ fraud and risk teams must bolster know-your-customer checks in the face of increasingly effective and affordable deepfake technology and services that can generate synthetic identities, convincing face-swaps and defeat live biometric checks to bypass defenses, warn researchers. First seen on govinfosecurity.com Jump to article:…
-
Fake-Video mit Reinhold Würth wirbt für dubiose Geldanlagen
Die Würth-Gruppe geht aktuell gegen ein Betrugs-Video vor, das Nutzer mit einer dubiosen Geldanlage ködert.Mit einem gefälschten Video des bekannten Unternehmers Reinhold Würth versuchen Betrüger derzeit, Nutzer im Internet zu dubiosen Geldanlagen zu verleiten. In dem täuschend echt wirkenden Clip lädt eine mutmaßlich mit Hilfe von Künstlicher Intelligen (KI) generierte Version des Milliardärs zu einem…
-
Confusion and fear send people to Reddit for cybersecurity advice
A strange charge appears on a bank account. An email claims a package is on the way. A social media account stops accepting a password that worked yesterday. When these … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/20/reddit-cybersecurity-help-questions/
-
How proactive can AI be in secrets rotation processes
How Can Organizations Effectively Manage Non-Human Identities? Are you aware of the potential threats posed by machine identities in your organization? With cybersecurity professionals navigate the complexities of managing Non-Human Identities (NHIs), understanding the nuances of these machine identities becomes crucial. In domains such as financial services, healthcare, and travel, safeguarding NHIs and their associated……
-
New PDFSider Windows malware deployed on Fortune 100 firm’s network
Ransomware attackers targeting a Fortune 100 company in the finance sector used a new malware strain, dubbed PDFSider, to deliver malicious payloads on Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-pdfsider-windows-malware-deployed-on-fortune-100-firms-network/
-
Spear-Phishing Campaign Leverages Google Ads to Distribute EndRAT Malware
Genians Security Center has published an in-depth analysis of Operation Poseidon, a sophisticated APT campaign attributed to the Konni threat group that exploits legitimate advertising infrastructure to distribute EndRAT malware. This advanced spear-phishing operation demonstrates how threat actors leverage trusted platforms to circumvent traditional security defenses while targeting South Korean financial institutions and human rights…
-
Law enforcement tracks ransomware group blamed for massive financial losses
Law enforcement agencies in Ukraine and Germany have identified two members of a Russian-affiliated ransomware group and carried out searches in western Ukraine. Search … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/19/international-ransomware-group-investigation-ukraine/
-
The culture you can’t see is running your security operations
Tags: apache, breach, business, compliance, control, credentials, cyber, data, email, exploit, finance, firewall, flaw, identity, intelligence, jobs, network, north-korea, phishing, risk, technology, threat, tool, training, update, vulnerabilityNon-observable culture: The hidden drivers: Now we get interesting.Non-observable culture is everything happening inside people’s heads. Their beliefs about cyber risk. Their attitudes toward security. Their values and priorities when security conflicts with convenience or speed.This is where the real decisions get made.You can’t see someone’s belief that “we’re too small to be targeted” or…
-
Southeast Asia CISOs Top 13 Predictions for 2026: Securing AI, Centering Identity, and Making Resilience Strategic
Innovation and technology, Hand of robot touching a padlock of security on network connection of business, Data exchange, Financial and banking, AI, Cyber crime and internet security. iStock/ipopba First seen on csoonline.com Jump to article: www.csoonline.com/article/4117844/southeast-asia-cisos-13-top-predictions-for-2026-securing-ai-centering-identity-and-making-resilience-strategic.html
-
How Attackers Target Financial Applications and VAPT Stops Them?
Financial applications, ranging from mobile banking apps to payment gateways, are among the most targeted systems worldwide. In 2025 alone, the Indusface State of Application Security Report revealed that banks and financial institutions endured 1.2 billion attacks, with each financial app experiencing double the attack frequency compared to other industries. This surge highlights the urgent……
-
How Attackers Target Financial Applications and VAPT Stops Them?
Financial applications, ranging from mobile banking apps to payment gateways, are among the most targeted systems worldwide. In 2025 alone, the Indusface State of Application Security Report revealed that banks and financial institutions endured 1.2 billion attacks, with each financial app experiencing double the attack frequency compared to other industries. This surge highlights the urgent……
-
New PayPal Scam Sends Verified Invoices With Fake Support Numbers
Hackread.com exclusive: Scammers are using verified PayPal invoices to launch callback phishing attacks. Learn how the “Alexzander” invoice bypasses Google filters. First seen on hackread.com Jump to article: hackread.com/paypal-scam-verified-invoices-fake-support-numbers/
-
2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026
Tags: access, ai, application-security, attack, authentication, awareness, backdoor, breach, business, captcha, cloud, compliance, container, control, credentials, credit-card, cybersecurity, data, data-breach, ddos, defense, encryption, exploit, finance, firewall, flaw, google, identity, infrastructure, intelligence, leak, malicious, mitigation, monitoring, network, pypi, risk, service, software, strategy, supply-chain, threat, tool, vulnerability, windows2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026 andrew.gertz@t“¦ Thu, 01/15/2026 – 16:48 Nadav Avital – Senior Director of Threat Research at Thales More About This Author > 2025 was a year that tested how businesses think about security. Some attacks happened in new, unexpected ways, while others employed old tricks, taken…
-
FTC bans GM from selling drivers’ location data for five years
The FTC has finalized an order with General Motors, settling charges that it collected and sold the location and driving data of millions of drivers without consent. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ftc-bans-general-motors-from-selling-drivers-location-data-for-five-years/
-
Iran’s partial internet shutdown may be a windfall for cybersecurity intel
only available launchpads. A connection from the Ministry of Agriculture might not be a farmer. It’s likely a tunnel for a state actor who needs an exit node.”Ranjbar said the removal of the traffic from millions of routine Iranian business and residential users allows a powerful visibility into Iranian government traffic patterns, thereby allowing SOCs…
-
CrowdStrike Acquires Browser Security Startup Seraphic in Latest Buying Spree
CrowdStrike Holdings Inc. announced Tuesday it has signed a definitive agreement to acquire Seraphic Security, a browser security startup, marking the cybersecurity giant’s fourth acquisition since August and its second in less than a week. While CrowdStrike did not disclose financial terms, Israeli publication Calcalist reported the deal is worth approximately $400 million, to be..…
-
DORA penetration testing and threat-led exercises explained
The Digital Operational Resilience Act (DORA) introduces a unified framework for managing ICT risk across the European financial sector, with key requirements, including penetration testing, coming into force in 2026. Its aim is to ensure that regulated organisations, and the critical third-party providers they rely on, can withstand, respond to and recover from operational disruptions.”¦…
-
Eurail passengers taken for a ride as data breach spills passports, bank details
Travel biz tells customers to change passwords beyond its own services First seen on theregister.com Jump to article: www.theregister.com/2026/01/14/eurail_breach/
-
Monroe University says 2024 data breach affects 320,000 people
Monroe University revealed that threat actors stole the personal, financial, and health information of over 320,000 people after breaching its systems in a December 2024 cyberattack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/monroe-university-says-2024-data-breach-affects-320-000-people/