Banking

Hacker plays cat-and-mouse with the EBRD’s Twitter account

The European Bank for Reconstruction and Development (EBRD) found itself very publicly tussling with a hacker on its Twitter account this morning.

Bank of Ireland fined €1.66 million after being tricked by fraudster

One of Ireland’s largest banks, Bank of Ireland, has been fined almost €1.7 million after regulators discovered it had failed to inform financial regulators and the police after a fraudster tricked them into transferring funds from a client’s account.

Read more in my article on the Hot for Security blog.

Copied master key forces South African bank to replace 12 million cards

Fraudsters stole more than $3.2 million from the banking division of South Africa’s post office, after – in a catastrophic breach of security – employees printed out the bank’s master key.

Read more in my article on the Tripwire State of Security blog.

Newly-discovered Android malware steals banking passwords and 2FA codes

Security researchers are warning of a new mobile banking trojan that steals details from over 200 financial apps and intercepts SMS messages to bypass two-factor authentication mechanisms.

Read more in my article on the Tripwire State of Security blog.

€13 million Maltese bank cyber-heist – six men arrested in UK

The UK’s National Crime Agency (NCA) have arrested a total of six men as part of an investigation into the hack of a Maltese bank in February 2019.

Smashing Security podcast #159: Rap, robbery, and IoT holiday hell

A rapping bank worker is accused of stealing from the vault, the devices that can hide your car’s true mileage, and why it may be a case of “No No No” rather than “Ho Ho Ho” when it comes to IoT toys this Christmas.

And as Carole sups the mulled wine, Graham has problems with his internet connection…

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast.

European Central Bank confirms website hack and data breach

The European Central Bank (ECB), the central bank of the 19 European countries which have adopted the euro, has shut down a compromised website after it discovered that hackers had planted malware that stole information from newsletter subscribers.

Two weeks after hackers tried to steal 13 million euros, Bank of Valletta goes offline again

The Maltese Bank of Valletta went down two weeks ago as hackers tried to steal 13 million Euros.

And now its systems have gone down again…

School district fails to reclaim $120,000 wired by bank to scammer

A school district in Indiana which had $120,000 transferred from its bank account after its email account was hacked, has failed in an attempt to reclaim the cash.

Read more in my article on the Hot for Security blog.

Hackers steal $13.5 million from Indian bank in global attack

Hackers planted malware on an automated teller machine (ATM) server belonging to an Indian bank as part of a criminal scheme which saw the theft of nearly 944 million rupees (US $13.5 million) in a co-ordinated attack across 28 countries last weekend.

Read more in my article on the Tripwire State of Security blog.

Hackers siphon hundreds of millions of pesos out of Mexican banks through shadow transactions

A software vulnerability is suspected of being to blame for a hack which saw criminals transfer more than 300 million pesos (over US $15 million) out of Mexican banks.

Read more in my article on the Tripwire State of Security blog.

This Android malware redirects calls you make to your bank to go to scammers instead

Once installed the malware will intercept mobile calls you attempt to make to your bank, and instead direct them to a scammer.

Hackers steal $60 million from Taiwanese bank using bespoke malware

A hacking gang abused the SWIFT banking network to steal $60 million after planting malware on a Taiwanese bank’s servers.

Read more in my article on the Tripwire State of Security blog.

Banking trojan campaign uses commercial packers to target Brazilian users

A banking trojan campaign is using commercial packing platforms to evade analysis and thereby successfully infect unsuspecting users.

David Bisson reports.

Publication of NukeBot trojan’s source code leads to new ‘operational’ samples

New “operational” samples of the NukeBot banking trojan have emerged months after its original creator published its source code.

David Bisson reports.

Malware installs Signal as part of scheme to steal Mac users’ banking credentials

The new OSX/Dok Mac malware is mysteriously pushing the Signal private-messaging app onto victims’ mobile devices as part of a scheme to steal their banking credentials.

David Bisson reports.