Oracle databases at risk because of a leaked NSA hacking tool, researcher says
The recent outing of leaked NSA hacking tools designed to compromise SWIFT Service Alliance servers comes with a key to pry open thousands of Oracle servers around the globe, new research suggests. A mysterious group self-named the Shadow Brokers, which has been publishing authentic internal NSA documents since last summer, shared new material on April 14 detailing an expansive U.S. espionage operation aimed at hacking into Middle Eastern SWIFT service bureaus.
Hong Kong regulators move to tighten cybersecurity rules after hacks cost stockbrokers over $14M
A wave of successful cyberattacks against Hong Kong financial institutions prompted the island's regulator to act.
Shadow Brokers leak NSA documents that may reveal operation aimed at Middle Eastern banks
The mysterious group dropped their biggest leak yet Friday, including evidence that the NSA compromised offices connected to a global banking system in order to spy on Middle Eastern banks.
Business lobby pushes back on NIST Framework measurement plans
Public comments filed by business groups voice concern about what metrics should be used for measurement and how public that demonstration ought to be.
North Korea’s plan to cultivate an army of cybercrime masterminds
Conventional wisdom says North Korea is an arsenal-craving backwater under the rule of despots. The regime, however, is driving a furious growth of its cyber capabilities.
Insider charged with writing malware to steal Wall Street firm’s crown jewel algorithms
The accused senior systems administrator was caught only when his luck ran out, according to the FBI.
North Korean hackers wanted investigators to think Russians hacked banks
A group of highly skilled hackers accused of working for the North Korean government, breaking into the New York Federal Reserve Bank and stealing $81 million from Bangladesh Bank are using hacking tools with foreign computer code to make it appear like a Russian outfit is responsible. Cybersecurity researchers tell CyberScoop that the group, dubbed Lazarus, is fusing Russian language strings into their tools in an effort to confuse defenders and obfuscate attribution. The technique, discovered by Kaspersky and presented Monday at the company’s Security Analyst Summit in St. Maarten, shows how sophisticated threat actors will design attacks in ways that make it more difficult for forensic analysts to track their activity.
New warning: Super-stealthy fileless malware on the rise
Super-stealthy, fileless malware is increasingly being used to defeat cybersecurity systems, according to a new government warning.
Opsec fail allows researchers to track Bangladesh Bank hack to North Korea
The North Koreans were sloppy with their log data scrubbing, according to Kaspersky.
Report: Smaller banks not shouldering email security burdens
The top five U.S. banks have all adopted an email security protocol that helps guard customers against phishing — but none of the 50 fastest growing community banks in the country have done so, according to new data.
After losing millions to hackers, SWIFT banks now enforce mandatory security controls
The group will restrict internet access and segregate SWIFT and critical systems from the bank's general networks.
Accused $100M business email grifter arrested in Lithuania
A Lithuanian man charged with running a two year, $100 million email banking con against two unnamed U.S. tech multinationals was arrested last week by authorities.
Russian agents allegedly hired this cyber-mercenary to hack Google and Yahoo
Karim Baratov, 22, remains the only suspect in custody as the Justice Department pursues three other suspects. One analyst called Baratov the "wild card" in the case.
Home Depot settles suit on card-data breach for $20 million, security pledges
The DIY retail chain was hacked and cybercriminals got away with the details of 56 million payment cards — then they got sued by the banks. Now they've settled.
Fileless DNS malware used in SEC-filing cyberattacks
DNSMessenger, the new super-stealthy malware, is being sued in a spear phishing campaign targeting SEC filings at financial institutions.
Blockchain biz gets new D.C. voice
The Global Blockchain Business Council announced Wednesday that they were opening a DC office and appointing a board of directors.
Testing finds ‘100 percent’ of mobile banking apps hackable
The company is not disclosing the names of the vulnerable apps or the banks who made them. "We don't want to finger-point," said a company executive, especially given the 100 percent failure rate. "They are all vulnerable," she said.
Report: IoT devices attacked their own network
A university IT system was brought to a near-standstill by a cyberattack from inside its own firewall, when connected devices on its internal network became infected with malware, and overloaded its DNS server.
Turkish hacker gets 8 years in $55M ATM milking scheme
The sentence, which also included a requirement that Ercan Findikoglu pay back the $55 million, was announced by Robert Capers, U.S. attorney for the Eastern District of New York.
New malware works only in memory, leaves no trace
Kaspersky researchers found the malware, which has been attacking banks and telecom companies, but leaves no trace on the hard drive.