Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Banking Security. Show all posts
Third Party Risk
Banking Security Cybersecurity Threats Data Breach Data protection financial data exposure Network Security Ransomware attack SonicWall Vulnerability Third Party Risk

Large Scale Ransomware Attack at Marquis Compromises Data of 672000 People


 

Marquis, a Texas-based provider of analytics and visualization solutions to hundreds of U.S. banks, recently disclosed a ransomware intrusion that took place in August 2025 resulted in a large-scale compromise of highly sensitive customer information, demonstrating the systemic vulnerability inherent in today's interconnected financial data ecosystem. 

A breach that has only recently become publicized due to regulatory disclosures affected at least 672,075 individuals, and involved exfiltration of both personal identifiers and critical financial information. A company filing submitted to the Maine Attorney General's office indicates that it is beginning the process of notifying the affected, with a significant concentration of those affected residing in Texas. 

In light of the extent of the stolen dataset, which consists of names, dates of birth, addresses, bank account details, payment card information, and even Social Security numbers, this is not merely an unauthorized access incident, but a deeply consequential event threatening consumer financial security as well as institutional trust for the long term. 

Marquis has received subsequent disclosures suggesting that the incident may have been linked to a broader compromise within the vendor ecosystem on which Marquis relies. SonicWall released an advisory in mid-September 2025 urging its customers to reset their credentials following the discovery of a brute-force attack on the MySonicWall cloud platform. This service stores and manages configuration backups on behalf of firewall administrators. 

A backup may contain highly sensitive operational data, including network rules, access control policies, VPN configurations, authentication parameters associated with enterprise identity systems such as LDAP, RADIUS, and SNMP, as well as administrative account credentials. Later, Marquis confirmed the inclusion of Marquis among those affected entities, and the company acknowledged that the compromise encompassed the entire company's customer base. 

Although early reports do not offer a complete picture of downstream impact, subsequent regulatory filings by Marquis across multiple jurisdictions show that the nature and extent of compromised data varies from state to state. This company provided a particularly comprehensive dataset in its submission to Maine authorities that included names, physical addresses, contact information, Social Security numbers, taxpayer identification numbers, and financial account information without associated security codes. 

The date of birth, as well as the dates of birth, indicate a breach with both infrastructure and personal consequences. As a result of the incident, more attention has been drawn to the structural risks associated with the financial sector's reliance on third-party service providers, where a single point of compromise can have cascading effects on a number of institutions and, by extension, their clients. 

The runsomware event in August affected data associated with clients from dozens of banks and credit unions, according to Marquis, but it has only recently been confirmed how broad the scope of the individual impact and the amount of information exposed have been clarified. According to our investigation, the initial intrusion vector was caused by unauthorized access to the SonicWall firewall, which permitted a third party to gain access to Marquis’ internal network. 

In response to this incident, the company has taken legal action against the vendor, emphasizing the complexity of accountability issues which often follow breaches involving interconnected technology. Providing digital and physical marketing solutions to more than 700 financial institutions along with compliance software and services, Marquis occupies a position of considerable data centrality, which inherently magnifies the downstream consequences of any security breaches. 

Due to their centralized storage of aggregated financial data and personally identifiable information, such intermediaries remain high-value targets for ransomware groups. Upon learning about the breach, affected individuals are advised to adopt heightened monitoring practices, including carefully reviewing their bank and credit card transactions, obtaining credit reports from established credit bureaus, and activating fraud alerts and credit freezes whenever necessary. 

Furthermore, caution is being urged against unsolicited communications that may attempt to exploit the incident through phishing or social engineering methods. Ultimately, the episode underscores the importance of continuous risk assessments, stronger access controls, and coordinated security strategies between institutions and service providers as an increasingly persistent and sophisticated threat landscape continues to affect the financial ecosystem.

A security breach has also drawn attention to the systemic vulnerabilities introduced by financial institutions' deeper integration with third-party technology providers, where operational efficiency is often sacrificed at the expense of expanded attack surfaces. 

Even though Marquis had previously acknowledged that the August ransomware incident affected banking and credit union clients, subsequent disclosures have clarified the extent of individual exposures as well as the sensitive nature of compromised records.

A forensic analysis revealed that the point of entry was a SonicWall firewall that permitted unauthorized access to Marquis' internal infrastructure, allowing an external actor to gain access to the system. It has therefore decided to pursue legal action against the vendor in response, emphasizing the complex issues of liability and shared responsibility that arise from breaches within interconnected digital ecosystems. 

A significant amount of information within Marquis's systems magnifies the impact of such an intrusion because of the company's role in providing marketing, compliance, and data-driven services to more than 700 financial institutions. Observations from security experts suggest organizations that operate at this crossroads of aggregated financial and personally identifiable data remain particularly attractive targets for ransomware operators seeking maximum impact. 

In light of the incident, individuals are being urged to adopt a more vigilant stance, which includes monitoring their financial statements on a continuous basis, obtaining credit reports to detect anomalies, and implementing precautionary measures, such as fraud alerts or credit freezes, as appropriate.

A special focus is being placed on preventing opportunistic follow-on attacks, such as phishing attacks or deceptive outreach that may use compromised information to establish trust. These incidents serve as a reminder, together with tighter access governance and more cohesive defensive collaboration between service providers and their institutional clients, of the importance of continuous security reassessment, tighter access governance, and more cohesive defensive collaboration. 

In an increasingly complex digital environment, threat actors continue to refine their tactics. Despite the incident's unfortunate outcome, it serves as a defining example of how digitally interconnected financial services are evolving in terms of risk dynamics, in which trust is distributed among vendors, platforms, and shared infrastructure. 

As a result, cybersecurity is no longer considered a perimeter function, but rather an integrated, continuous discipline throughout the entire supply chain that must be addressed continuously. It entails a deeper level of vendor due diligence, stricter configuration governance, and real-time visibility into third-party dependencies for institutions. As a result, service providers must harden cloud-integrated environments and limit the persistence of sensitive credentials within systems that can be accessed. 

A stronger regulatory scrutiny and continued exploits of systemic interdependencies will lead to an increasing focus on resilience, which will not necessarily mean avoiding breaches but rather anticipating, containing, and responding transparently to breaches without eroded stakeholder trust.
Read more »
NSA
Bank Security Banking Security CISA Cyber Security cybersecurity concerns Financial Institutions Hacker attack Iran hackers Iran-based hacker group Iranian cyber attack NSA

Iranian Hackers Threaten More Trump Email Leaks Amid Rising U.S. Cyber Tensions

 

Iran-linked hackers have renewed threats against the U.S., claiming they plan to release more emails allegedly stolen from former President Donald Trump’s associates. The announcement follows earlier leaks during the 2024 presidential race, when a batch of messages was distributed to the media. 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) responded by calling the incident “digital propaganda,” warning it was a calculated attempt to discredit public officials and mislead the public. CISA added that those responsible would be held accountable, describing the operation as part of a broader campaign by hostile foreign actors to sow division. 

Speaking virtually with Reuters, a hacker using the alias “Robert” claimed the group accessed roughly 100 GB of emails from individuals including Trump adviser Roger Stone, legal counsel Lindsey Halligan, White House chief of staff Susie Wiles, and Trump critic Stormy Daniels. Though the hackers hinted at selling the material, they provided no specifics or content. 

The initial leaks reportedly involved internal discussions, legal matters, and possible financial dealings involving RFK Jr.’s legal team. Some information was verified, but had little influence on the election, which Trump ultimately won. U.S. authorities later linked the operation to Iran’s Revolutionary Guard, though the hackers declined to confirm this. 

Soon after Trump ordered airstrikes on Iranian nuclear sites, Iranian-aligned hackers began launching cyberattacks. Truth Social, Trump’s platform, was briefly knocked offline by a distributed denial-of-service (DDoS) attack claimed by a group known as “313 Team.” Security experts confirmed the group’s ties to Iranian and pro-Palestinian cyber networks. 

The outage occurred shortly after Trump posted about the strikes. Users encountered error messages, and monitoring organizations warned that “313 Team” operates within a wider ecosystem of groups supporting anti-U.S. cyber activity. 

The Department of Homeland Security (DHS) issued a national alert on June 22, citing rising cyber threats linked to Iran-Israel tensions. The bulletin highlighted increased risks to U.S. infrastructure, especially from loosely affiliated hacktivists and state-backed cyber actors. DHS also warned that extremist rhetoric could trigger lone-wolf attacks inspired by Iran’s ideology. 

Federal agencies remain on high alert, with targeted sectors including defense, finance, and energy. Though large-scale service disruptions have not yet occurred, cybersecurity teams have documented attempted breaches. Two groups backing the Palestinian cause claimed responsibility for further attacks across more than a dozen U.S. sectors. 

At the same time, the U.S. faces internal challenges in cyber preparedness. The recent dismissal of Gen. Timothy Haugh, who led both the NSA and Cyber Command, has created leadership uncertainty. Budget cuts to election security programs have added to concerns. 

While a military ceasefire between Iran and Israel may be holding, experts warn the cyber conflict is far from over. Independent threat actors and ideological sympathizers could continue launching attacks. Analysts stress the need for sustained investment in cybersecurity infrastructure—both public and private—as digital warfare becomes a long-term concern.
Read more »
User Safety
Banking Security Cyber Security India RBI User Safety

RBI Launches "bank.in" Domain to Combat Digital Banking Scam

 

The Reserve Bank of India (RBI) has made the "bank.in" domain exclusive to all authorised banking institutions in India in an effort to strengthen digital banking security and shield customers from online banking fraud. This effort aims to minimise the rising threat of digital banking fraud by establishing a secure and verified online presence for the banks across the nation.

Due to the surge in online banking transactions, fraudsters have taken advantage of vulnerabilities by impersonating actual banks via phishing attacks, phoney banking websites, and fraudulent email campaigns. The only registrar for this will be the Institute for Development and Research in Banking Technology (IDRBT).

It is expected that domain registration will get underway in April 2025. By implementing an exclusive bank.in domain strategy, the RBI lowers the risk of financial fraud by ensuring that users can quickly recognise and trust legitimate banking websites.

Importance of “bank.in” domain in banking security

The increased use of digital banking has transformed financial transactions in India, providing easy access to banking services. However, this digital transformation has resulted in an increase in cyber threats, with scammers creating fake banking portals to trick users into disclosing sensitive data such as login credentials, OTPs, and banking details. The RBI's special domain for banks called "bank.in" intends to: 

  • Enhance banking fraud prevention by eliminating fake sites that pose as authentic banking portals. 
  • Increase consumer trust and awareness by ensuring that all Indian banks use a single, verifiable domain structure.
  • Strengthen India's digital banking security by creating a centralised domain that is challenging for fraudsters to replicate.

The "bank.in" domain will be reserved solely for RBI-regulated banking institutions, guaranteeing that only reputable financial institutions can use this domain extension. Each bank's official website will be hosted under the bank.in domain, making it easy for consumers to check legitimacy. For example, a major bank like State Bank of India (SBI) may have an official URL such as sbi.bank.in, indicating that the website is trustworthy. 

To facilitate this transition, the RBI is working with financial institutions, cybersecurity professionals, and domain regulatory agencies to ensure a smooth transition to the new domain. Banks will be expected to phase out their current domains and redirect consumers to their new "bank.in" addresses, ensuring a smooth transition and avoiding confusion.
Read more »
TrickMo
Banking Security Banking Trojan C2 servers Cyberattack Data Breach device access malware Mobile Threats Security TrickMo

TrickMo Banking Trojan Unveils Advanced Threat Capabilities in Latest Variant

Malware Analyst at Zimperium, Aazim Yaswant, has released an in-depth report on the most recent TrickMo samples, highlighting worrisome new functionalities of this banking trojan. Initially reported by Cleafy in September, this new version of TrickMo employs various techniques to avoid detection and scrutiny, such as obfuscation and manipulating zip files. 

Yaswant’s team discovered 40 variants of TrickMo, consisting of 16 droppers and 22 active Command and Control (C2) servers, many of which remain hidden from the broader cybersecurity community.

Although TrickMo primarily focuses on stealing banking credentials, Yaswant's analysis has exposed more sophisticated abilities. "These features allow the malware to access virtually any data on the device," Yaswant stated. TrickMo is capable of intercepting OTPs, recording screens, remotely controlling the device, extracting data, and misusing accessibility services to gain permissions and perform actions without the user’s approval. Additionally, it can display misleading overlays designed to capture login credentials, enabling unauthorized financial transactions.

A particularly concerning discovery in Yaswant's findings is TrickMo’s ability to steal the device’s unlock pattern or PIN. This enables attackers to bypass security measures and access the device while it is locked. The malware achieves this by mimicking the legitimate unlock screen. “Once the user enters their unlock pattern or PIN, the page transmits the captured data, along with a unique device identifier,” Yaswant explained.

Zimperium’s researchers managed to gain entry to several C2 servers, identifying approximately 13,000 unique IP addresses linked to malware victims. The analysis revealed that TrickMo primarily targets regions such as Canada, the UAE, Turkey, and Germany. Yaswant’s investigation also uncovered millions of compromised records, with the stolen data including not only banking credentials but also access to corporate VPNs and internal websites, posing significant risks to organizations by potentially exposing them to larger-scale cyberattacks.
Read more »
Online Banking
2FA Banking Security Cyber Security CyberCriminal data security Mobile App Online Banking

Is Online Banking Truly Safe? Understanding the Safety Loopholes in Bank Websites

 

In today's increasingly digital landscape, ensuring the security of online banking platforms is paramount. With cyber threats evolving and becoming more sophisticated, financial institutions face the constant challenge of fortifying their systems against unauthorized access and data breaches. 

Recently, Which?, a respected consumer advocate, conducted an extensive investigation into the security measures implemented by major current account providers. This evaluation carried out with the assistance of independent computer security experts, aimed to scrutinize the efficacy of banks' online banking systems in safeguarding customer data and preventing fraudulent activities. 

The assessment, conducted over two months in January and February 2024, focused on examining the apps and websites of 13 prominent current account providers. While the evaluation did not encompass testing of back-end systems, it honed in on four critical areas essential for ensuring robust security protocols: security best practices, login processes, account management, and navigation & logout functionalities. 

Through rigorous testing, the investigation revealed significant variations among providers, with some demonstrating commendable security measures while others fell short of expectations. Among the findings, TSB and the Co-operative Bank emerged as the lowest-ranked institutions in both mobile app and online security. 

Notably, TSB's app exhibited a serious vulnerability, allowing sensitive data to be accessed by other applications on the device, raising concerns about data integrity and privacy. Similarly, the Co-operative Bank's failure to enforce two-factor authentication (2FA) on a test laptop highlighted potential weaknesses in their security infrastructure, necessitating urgent attention and remediation. 

Conversely, NatWest and Starling emerged as frontrunners in online banking security, earning an impressive score of 87%. Their robust security protocols and stringent authentication processes set them apart as leaders in safeguarding customer information. 

Meanwhile, HSBC and Barclays led the pack in mobile banking security, with HSBC notably eschewing SMS-based login verification, opting for more secure alternatives to protect user accounts. In addition to holding financial institutions accountable for maintaining rigorous security standards, consumers must also take proactive steps to protect their financial data when banking online. 

Which? recommends six essential tips for enhancing online security, including protecting mobile devices, using strong and unique passwords, and promptly reporting any suspicious activity. By adopting these best practices and remaining vigilant, consumers can mitigate the risks associated with online banking and thwart the efforts of cybercriminals seeking to exploit vulnerabilities. 

In an era where digital transactions are ubiquitous, prioritizing security is imperative to safeguarding personal and financial information from unauthorized access and fraudulent activities.
Read more »
Privacy
Banking Security Digital Pound Financial Inclusion Personal Details Privacy

A Deep Dive Into How Digital Pound Can Menace Financial Stability

DIGITAL POUND THREATENS FINANCIAL STABILITY

The UK's expedition into releasing a digital pound has triggered a strong debate among policymakers and finance experts. The House of Commons Treasury Committee has shown concerns, cautioning that bringing a central bank digital currency (CBDC) in the UK could lead to major risks to personal privacy and financial stability.

While HM Treasury and Bank of England are conducting their investigations into a digital pound, experts are suggesting to be on alert, underscoring the potential threats and downfalls of such a step. This blog will provide a comprehensive guide to explain how digital pound can threaten financial stability.

Worries about data privacy and stability

One of the main issues around the digital pound is the consequences it can have on traditional banking systems. Experts are worried that during times of financial crisis, individuals might quickly transfer large amounts of money to digital pounds from conventional bank accounts. 

If that becomes the case, it can result in increased vulnerability to bank runs, triggering imbalances in the financial system. Besides these, there are major concerns about how authorities would use the personal data of digital pound users. The chances of government surveillance and abuse of financial transaction data have raised concerns over individual privacy rights. 

This worry is underscored by the push to make a universally accepted, risk-free electronic alternative to physical cash that would function through smartphone wallets, likely providing government authorities unlimited access to personal financial transactions. 

Balancing risk and innovation

Additionally, the transition to a digital currency might raise interest rates on bank loans, with estimates hinting at a possible rise of 0.8 percentage points or more if major bank deposits are transferred into digital pounds.

To minimize these threats, the committee advised considering a lower limit on individual holdings of digital pounds than the Bank of England's suggested €10,000-€20,000 ceiling, taking lessons from the European Central Bank's talk regarding a €3,000 limit per individual for a digital euro. 

Experts also emphasize the need for robust privacy measures to make sure that the government doesn't spy on digital pound users' privacy. Besides this, there's a rising concern that a step towards a digital currency could trigger financial exclusion by pacing the fall in cash use. 

The bringing in of a digital pound in the UK shows a complex balancing step between minimizing financial threats.

The concerned labeled out by the Treasury Committee highlights the need for a safer approach towards implementing a digital currency. 

As the UK keeps exploring this digital onset, the task at hand remains to make sure that any possible digital currency complements the present financial system while keeping the basic norms of financial inclusion and privacy.

The Bank of England and Treasury have recognized these threats and are expected to formally work on the committee's report's recommendations, highlighting the future measures in the digital pound's voyage.


Read more »
Subscribe to: Posts (Atom)