Tag: finance
-
New FamousSparrow Malware Targets Hotels and Engineering Firms with Custom Backdoor
ESET researchers have uncovered new activity from the China-aligned APT group FamousSparrow, revealing two previously undocumented versions of their custom SparrowDoor backdoor. The group, thought to be inactive since 2022, compromised a US-based trade organization in the financial sector and a Mexican research institute in July 2024. The first variant closely resembles the CrowDoor malware…
-
Aussie Fintech Vroom Exposes Thousands of Records After AWS Misconfiguration
Cybersecurity researcher Jeremiah Fowler discovered a data exposure at Australian fintech Vroom by YouX, exposing 27,000 records, including driver’s licenses, bank statements, and more. First seen on hackread.com Jump to article: hackread.com/aussie-fintech-vroom-pii-records-aws-misconfiguration/
-
Cyber insurance isn’t always what it seems
Many companies think cyber insurance will protect them from financial losses after an attack. But many policies have gaps. Some claims get denied. Others cover less than … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/27/cyber-insurance-ciso/
-
Island Banks $250M in Series E Funding for Enterprise Browser
The late-stage startup said the round was led Coatue Management and brings Island’s total external funding to approximately $730 million. The post Island Banks $250M in Series E Funding for Enterprise Browser appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/island-banks-250m-series-e-for-enterprise-browser/
-
Island Banks $250M Series E for Enterprise Browser
The late-stage startup said the round was led Coatue Management and brings Island’s total external funding to approximately $730 million. The post Island Banks $250M Series E for Enterprise Browser appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/island-banks-250m-series-e-for-enterprise-browser/
-
China-linked FamousSparrow APT group resurfaces with enhanced capabilities
ESET investigated suspicious activity on the network of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/26/famoussparrow-cyberespionage-attacks-united-states/
-
New Atlantis AIO platform automates credential stuffing on 140 services
A new cybercrime platform named ‘Atlantis AIO’ provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-atlantis-aio-automates-credential-stuffing-on-140-services/
-
Abracadabra Cyberattack: How Hackers Drained $13M from DeFi Platform
The decentralized finance (DeFi), Abracadabra, is dealing with a cyberattack that resulted in the theft of nearly $13 million worth of cryptocurrency. The Abracadabra cyberattack, which targeted the platform’s “gmCauldrons,” has shaken the cryptocurrency market particularly those that rely on liquidity tokens from decentralized exchanges like GMX. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/abracadabra-cyberattack/
-
Legal impact on cybersecurity in 2025: new developments and challenges in the EU
Tags: 5G, authentication, compliance, corporate, cybersecurity, dora, finance, framework, fraud, identity, law, network, regulation, resilience, risk, service, strategy, technology, theftDORA Regulation: digital operational resilience in the financial sector: Regulation 2022/2554 (DORA) focuses on increasing the “Digital Operational Resilience” of financial institutions. Approved on 14 December 2022, DORA seeks to strengthen the security and robustness of financial sector entities’ information systems, with the aim of reducing technological risks and cyberthreats.As mentioned, DORA is applicable to…
-
Rising attack exposure, threat sophistication spur interest in detection engineering
Tags: access, ai, attack, automation, banking, ceo, ciso, cloud, compliance, cyber, cybersecurity, data, detection, endpoint, exploit, finance, framework, healthcare, infrastructure, insurance, intelligence, LLM, malware, mitre, network, programming, ransomware, RedTeam, risk, sans, siem, software, supply-chain, tactics, technology, threat, tool, update, vulnerability, zero-dayMore than the usual threat detection practices: Proponents argue that detection engineering differs from traditional threat detection practices in approach, methodology, and integration with the development lifecycle. Threat detection processes are typically more reactive and rely on pre-built rules and signatures from vendors that offer limited customization for the organizations using them. In contrast, detection…
-
Nearly $13 million stolen from Abracadabra Finance in crypto heist
The crypto lending platform said the issue was sourced back to a product it calls “cauldrons”, isolated lending markets that allow users to borrow against a variety of cryptocurrencies. First seen on therecord.media Jump to article: therecord.media/nearly-thirteen-million-stolen-abracadabra
-
Cyber-Zwischenfall bei einem Finanzdienstleister in Jamaika
Access Financial Services addresses data breach from cybersecurity incident First seen on jamaicaobserver.com Jump to article: www.jamaicaobserver.com/2025/03/24/access-financial-services-addresses-data-breach-cybersecurity-incident/
-
Advanced Malware Targets Cryptocurrency Wallets
More attacks targeting cryptocurrency users. Microsoft has identified a new Remote Access Trojan, named StilachiRAT, that has sophisticated capabilities to remain stealthy and persistent so it can harvest crypto wallet credentials via web browsers. The malware targets many widely used cryptocurrency wallet browser extensions: 1. Bitget Wallet (Formerly BitKeep) 2. Trust Wallet 3. TronLink…
-
23andMe files for bankruptcy, customers advised to delete DNA data
California-based genetic testing provider 23andMe has filed for Chapter 11 bankruptcy and plans to sell its assets following years of financial struggles. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/23andme-files-for-bankruptcy-customers-advised-to-delete-dna-data/
-
Pocket Card Users Targeted in Sophisticated Phishing Campaign
A new phishing campaign targeting Japanese Pocket Card users has been uncovered by Symantec. The attackers are employing sophisticated tactics to deceive cardholders into divulging their login credentials, potentially compromising their financial accounts. Japanese Cardholders at Risk of Credential Theft The phishing operation begins with fraudulent emails masquerading as official notifications from Pocket Card’s online…
-
Oracle Cloud breach may impact 140,000 enterprise customers
Tags: access, attack, authentication, breach, business, cloud, control, credentials, data, extortion, finance, hacker, mfa, mitigation, oracle, password, radius, ransom, risk, security-incident, service, strategy, supply-chain, threatBusiness impact and risks: In an alarming development, the threat actor has initiated an extortion campaign, contacting affected companies and demanding payment to remove their data from the stolen cache. This creates immediate financial pressure and complex legal and ethical decisions for victims regarding ransom payments.To increase pressure on both Oracle and affected organizations, the…
-
The Role of AI in Cybersecurity: Boon or Threat?
Think about it everything’s online these days, right? Your photos, your bank stuff, your emails, and even your fridge probably connect to the internet now. It’s fantastic, but it also means there’s a whole bunch of sneaky folks out there cybercriminals trying to mess with it all. They want your data, your […] The post…
-
U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe
The U.S. Treasury Department has announced that it’s removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds.”Based on the Administration’s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity…
-
5 ransomware threats facing the financial sector and 5 ways to respond
First seen on scworld.com Jump to article: www.scworld.com/perspective/5-ransomware-threats-facing-the-financial-sector-and-5-ways-to-respond
-
Researchers Uncover FIN7’s Stealthy Python-Based Anubis Backdoor
Researchers have recently discovered a sophisticated Python-based backdoor, known as the Anubis Backdoor, deployed by the notorious cybercrime group FIN7. This advanced threat actor, active since at least 2015, has been responsible for billions of dollars in damages globally, primarily targeting the financial and hospitality sectors. The Anubis Backdoor represents a significant evolution in FIN7’s…
-
NSFOCUS Unveils AI-Driven Security Solutions at HKIB 2025 Cybersecurity Solutions Day
Hong Kong, March 21, 2025 The Hong Kong Institute of Bankers (HKIB) 2025 Cybersecurity Solutions Day kicked off on March 20, drawing over 600 executives and experts from financial institutions and cybersecurity domains to explore strategies for bolstering the financial sector’s security posture. NSFOCUS, a global leader in cybersecurity, marked its third consecutive participation in…The…
-
AdTech CEO whose products detected fraud jailed for financial fraud
Made up revenue and pretended to use non-existent data First seen on theregister.com Jump to article: www.theregister.com/2025/03/21/kubient_ceo_jailed/
-
11 hottest IT security certs for higher pay today
Tags: access, attack, automation, business, cloud, container, control, corporate, credentials, cyber, cybersecurity, data, defense, encryption, exploit, finance, fortinet, google, governance, incident response, infosec, intelligence, Internet, jobs, linux, malicious, malware, monitoring, network, penetration-testing, remote-code-execution, resilience, reverse-engineering, risk, risk-assessment, risk-management, skills, software, technology, threat, tool, training, vulnerability, windowsOffensive Security Certified Expert (OSCE): OffSec’s Offensive Security Certified Expert consists of three courses: Advanced Web Attacks and Exploitation, Advanced Evasion Techniques and Breaching Defenses, and Windows User Mode Exploit Development. The format for each course exam is the same: Candidates have 48 hours to compromise a given target using various techniques. No formal prerequisites exist for any of the…
-
Federal judge blocks DOGE’s access to Social Security Administration’s banks of personal information
The order accused DOGE of engaging in a “fishing expedition” at the federal agency. © 2025 TechCrunch. All rights reserved. For personal use only. First seen on techcrunch.com Jump to article: techcrunch.com/2025/03/20/federal-judge-blocks-doges-access-to-social-security-administrations-banks-of-personal-information/
-
Fighting Financial Fraud With Adversarial AI Defenses
Experts Weigh the Advantages and Risks of Generative Adversarial Networks. With traditional rule-based fraud detection systems and even conventional machine learning models struggling to identify these highly deceptive fraud patterns, financial institutions are exploring generative adversarial networks to enhance fraud detection. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/fighting-financial-fraud-adversarial-ai-defenses-a-27792