Vitali Kremez, Flashpoint-intel.com, January 26, 2017
• First observed in July 2014, “Dridex,” a financial banking Trojan, is considered to be one of the successors to the “GameOver ZeuS” (GoZ) malware.
Jeremy Kirk, Bankinfosecurity.com, January 24, 2017
Lloyds Banking Group came under a distributed denial-of-service attack that hampered access to its online banking services for about two days earlier this month, several media outlets reported, citing anonymous sources.
Michael Mimoso, Threatpost.com, January 19, 2017
Months of ramped up Carbanak activity that includes a new host of targets and new command and control strategy has reinvigorated attention on a criminal outfit that may have at one time stolen up to $1 billion from banks worldwide.
Jeremy Kirk, Bankinfosecurity.com, January 16, 2017
In early 2013, cybercriminals began deploying in Mexico what some security experts described as one of the most advanced pieces of malware that’s ever been built to steal money from ATMs. Nicknamed Ploutus, it evolved to become the first ATM malware that could be controlled remotely by a mobile phone.
Sugata Ghosh & Sangita Mehta, Economictimes.indiatimes.com, January 16, 2017
Hackers recently infiltrated the systems of three government-owned banks — two headquartered in Mumbai and one in Kolkata — to create fake trade documents that may have been used to raise finance abroad or facilitate dealings in banned items.
Brian Hengesbaugh, Amy de La Lama and Harry Valetk, Bakerinform.com, January 5, 2017
In a surprising turn of events, the New York State Department of Financial Services (“DFS”) announced on December 28 significant changes to its cybersecurity regulation in response to industry concerns that the agency’s original proposal was too prescriptive, and did not allow enough time for compliance.
Informationsecuritybuzz.com, January 4, 2017
In a new blog post researchers from Proofpoint have tracked a phishing campaign leveraging the concept of “Twitter Brand Verification”. Because the actors in this case are relying on paid, targeted ads on Twitter, users don’t need to do anything to see the phishing link. Attackers are increasing the sophistication of social engineering approaches and extending them across social channels. Users and brands need to be increasingly savvy to avoid getting snared by ads, accounts, and messages that initially look legitimate. While this attack was observed on Twitter, such a scam could be implemented on any social media platform that implements some form of account verification.
Gunjan Tripathi, Sitepronews.com, December 27, 2016
For better or worse, a security firm’s attempt to cash in on software bugs by shorting a company’s stock and then publicizing the flaws might have pioneered a new approach to vulnerability disclosure.