Financial Security | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have discovered a new Android banking trojan called BlankBot targeting Turkish users with an aim to steal financial information. "BlankBot features a range of malicious capabilities, which include customer injections, keylogging, screen recording and it communicates with a control server over a WebSocket connection," Intel 471 said in an analysis published last week. Discovered on July 24, 2024, BlankBot is said to be undergoing active development, with the malware abusing Android's accessibility services permissions to obtain full control over the infected devices. The names of some of the malicious APK files containing BlankBot are listed below - app-release.apk (com.abcdefg.w568b) app-release.apk (com.abcdef.w568b) app-release-signed (14).apk (com.whatsapp.chma14) app.apk (com.whatsapp.chma14p) app.apk (com.whatsapp.w568bp) showcuu.apk (com.whatsapp.w568b) Like the recently resurfaced Mandrake Android trojan, BlankBot implement

Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in cryptocurrency assets. "A cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding $230 million," the company said in a statement. "This wallet was operated utilizing the services of Liminal's digital asset custody and wallet infrastructure from February 2023." The Mumbai-based company said the attack stemmed from a mismatch between the information that was displayed on Liminal's interface and what was actually signed. It said the payload was replaced to transfer wallet control to an attacker. Crypto custody firm Liminal is one of the six signatories on the wallet and is responsible for transaction verifications. "Our preliminary investigations show that one of the self custody multi-sig smart contract wallets created outside of the Liminal ecosystem has been compromised

Want to know what's the latest and greatest in SecOps for 2024? Gartner's recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this year's report: Threat Exposure Management, Exposure Assessment Platforms (EAP), and Adversarial Exposure Validation (AEV). These category definitions are aimed at providing some structure to the evolving landscape of exposure management technologies. Pentera, listed as a sample vendor in the newly defined AEV category, is playing a pivotal role in increasing the adoption of CTEM, with a focus on security validation. Following is our take on the CTEM related product categories and what they mean for enterprise security leaders. The Industry is Maturing CTEM, coined by Gartner in 2022, presents a structural approach for continuously assessing, prioritizing, validating, and remediating expo

Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz). That's according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware. Mekotio , known to be actively put to use since 2015, is known to target Latin American countries like Brazil, Chile, Mexico, Spain, Peru, and Portugal with an aim to steal banking credentials. First documented by ESET in August 2020, it's part of a tetrade of banking trojans targeting the region, such as Guildma, Javali, and Grandoreiro , the latter of which was dismantled by law enforcement earlier this year. "Mekotio shares common characteristics for this type of malware, such as being written in Delphi, using fake pop-up windows, containing backdoor functionality and targeting Spanish- and Portuguese-speaking countries," the Slovakian cybersecurity firm said at the time. The malware operation suffered a blow in

The banking trojan known as  Mispadu  has expanded its focus beyond Latin America (LATAM) and Spanish-speaking individuals to target users in Italy, Poland, and Sweden. Targets of the ongoing campaign include entities spanning finance, services, motor vehicle manufacturing, law firms, and commercial facilities, according to Morphisec. "Despite the geographic expansion, Mexico remains the primary target," security researcher Arnold Osipov  said  in a report published last week. "The campaign has resulted in thousands of stolen credentials, with records dating back to April 2023. The threat actor leverages these credentials to orchestrate malicious phishing emails, posing a significant threat to recipients." Mispadu, also called URSA,  came to light  in 2019, when it was observed carrying out credential theft activities aimed at financial institutions in Brazil and Mexico by displaying fake pop-up windows. The Delphi-based malware is also capable of taking screen

Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called  BunnyLoader  that modularizes its various functions as well as allow it to evade detection. "BunnyLoader is dynamically developing malware with the capability to steal information, credentials and cryptocurrency, as well as deliver additional malware to its victims," Palo Alto Networks Unit 42  said  in a report published last week. The new version, dubbed BunnyLoader 3.0, was announced by its developer named Player (or Player_Bunny) on February 11, 2024, with rewritten modules for data theft, reduced payload size, and enhanced keylogging capabilities. BunnyLoader was  first documented  by Zscaler ThreatLabz in September 2023, describing it as a malware-as-a-service (MaaS) designed to harvest credentials and facilitate cryptocurrency theft. It was initially offered on a subscription basis for $250 per month. The malware has since undergone frequent updates that are aimed

Financial data is much more than just a collection of numbers; it is a crucial component of any business and a prime target for cybercriminals. It's important to understand that financial records can be a veritable treasure trove for digital pirates. A security breach not only puts customers' personal information in jeopardy but also enables fraudsters to drain company funds and exploit clients. Data threats can arise from a variety of sources, ranging from malicious actors with harmful intentions to simple mistakes, such as sending a confidential email to the wrong recipient. The methods used to compromise data are diverse and constantly evolving, including ransomware attacks and inadvertent leaks in cloud storage. Navigating this complex landscape can be daunting, but knowledge is empowering. We're excited to announce that we are hosting an exclusive webinar in collaboration with experts from Win Zip. Titled " Locking Down Financial and Accounting Data — Best Dat

When Ben Franklin famously wrote, "An ounce of prevention is worth a pound of cure," he wasn't thinking about cybercrime. Yet, in today's world of phishing, shoulder-surfing, and spyware, his advice is more relevant than ever. Unfortunately, some people will take advantage of any opportunity to rip you off. Just as you take precautions when handling cash, you should be vigilant when using credit or debit cards, whether in person or online. Tips for Protecting Your Account Information and Avoiding Payment Card Scams Prevent Online Intrusions Use updated anti-virus and anti-spyware software. Only download information from trusted sites, and don't click on pop-up windows or suspicious links in emails. These can be tricks to install spyware, which can record your keystrokes to steal account or other confidential information. Use Secure Websites When purchasing items online, look for safety symbols like the padlock icon in the browser's status bar, an "s" after "http" in the U

Specialty retailer Genesco Inc. announced on Friday that it experienced a criminal intrusion into the part of its computer network that processes payment card transactions. Some card details might have been compromised. However, the company quickly secured the affected network segment and expressed confidence that customers can now safely use their credit and debit cards in its stores. Nashville, Tennessee-based Genesco stated that the intrusion affected its U.S. Journeys, Journeys Kidz, Shi by Journeys, Johnston & Murphy stores, and some Underground Station stores. The company is currently investigating the extent of the compromise with the help of an outside expert. Robert Dennis, Chairman, President, and CEO of Genesco, said, "Since we learned of the intrusion, we have worked diligently with outside experts to protect our customers' information, and we are confident that they are safe shopping with their credit and debit cards at our stores. We recommend that our cust