Vulnerabilities in Apple Pay, Samsung Pay and Google Pay allow attackers to make unlimited purchases using stolen smartphones enabled with express transport schemes, according to a research report from Positive Technologies. These findings were presented at Black Hat Europe this week.
A subsidiary of the Central Depository Services Ltd. has patched a critical vulnerability that exposed sensitive data such as Permanent Account Numbers, income and net worth, broker names, amount of annual income tax return filed and CDSL client IDs for close to 44 million Indian investors.
The U.K. Supreme Court has blocked a $4.3 billion class action lawsuit against technology giant Google. The lawsuit, which was filed in 2017, alleges that Google accessed millions of iPhone users’ personal information illegally between June 1, 2011, and Feb. 15, 2012.
Microsoft's November Patch Tuesday security update covers 55 security fixes, six of which are zero-day vulnerabilities, with two flaws being actively exploited in the wild. Does the relatively low number for November mean there is a patch backlog at Microsoft?
Zero Trust: Is it the operational model that's going to propel us into a more secure future? Or just another marketing message to be tossed onto the pile of past campaigns? In this latest Cybersecurity Leadership panel, the top minds in the sector weigh in on the present and future of Zero Trust.
Zero Trust deployment - the acts of moving apps and data to the cloud and assuming no user or device is trustworthy until proven otherwise - came into vogue in response to COVID-19. A lot has changed since Zero Trust first appeared in 2014, so our concept of Zero Trust must also evolve. Stephen Banda of Lookout...
CyberEdBoad excutive member Alan Ng of China Taiping Insurance, Singapore, explains the enterprise risk management strategy for the pandemic era and how the Distributed, Immutable and Ephemeral triad works with the Confidentiality, Integrity and Availability triad to make organizations more secure.
U.S. SEC Commissioner Caroline Crenshaw urges DeFi developers to approach the financial regulator in an effort to bring projects in line with existing securities laws. Though praising the DeFi's innovative nature, the commissioner says it lacks transparency and is hindered by on-chain pseudonymity.
APT group Lyceum has targeted ISPs and telecommunication operators in Israel, Morocco, Tunisia and Saudi Arabia, as well as a Ministry of Foreign Affairs in an African country, according to Accenture’s Cyber Threat Intelligence group and Prevailion’s Adversarial Counterintelligence Team.
A new espionage campaign has allowed an unidentified threat actor to access data, including communications and services, on thousands of devices belonging to South Koreans, reports Aazim Yaswant, an Android malware analyst at mobile security company Zimperium.
A criminal hack attack has disrupted healthcare in Canada's easternmost province and resulted in the theft of patient information and personal details for healthcare employees. The province of Newfoundland and Labrador disclosed the apparent ransomware attack on Oct. 30, and has yet to restore all systems.
Before cybercriminals shifted heavily into ransomware, there was banking malware: sophisticated programs designed collect login credentials and intervene in transactions. A campaign using the Dridex banking Trojan has appeared in Mexico, says Metabase Q, a security company.
The U.S. Department of the Treasury has blacklisted cryptocurrency exchange Chatex, along with a network of entities the department says support it, for allegedly facilitating ransomware-related financial transactions. This action effectively bars Americans from doing business with the company.
A new initial access broker, Zebra2104, has been providing entry points to ransomware groups such as MountLocker and Phobos, as well as espionage-related advanced persistent threat group StrongPity, according to a new report. This process saves other threat actors time, effort and expense.
Trading platform Robinhood says an attacker gained access to its customer support system last week, stole 7 million individuals' names and email addresses and tried to extort the company. More personal details were also stolen for a much smaller group of customers.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.