Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Finance. Show all posts
North Korea Hackers
Crypto Hacking cryptocurrency cryptocurrency theft Cyber Security Finance North Korea Hackers

The Week of Crypto Platform Breaches: Prisma Finance Incident Highlights

 

The past week witnessed a series of bewildering events in the realm of cryptocurrency, marked by breaches on two prominent platforms that left the crypto community grappling with perplexing motives and unexpected outcomes. 

The first incident unfolded on Tuesday evening when the Munchables blockchain-based game fell victim to an attack, resulting in the theft of approximately $62 million worth of cryptocurrency. Initial speculation pointed towards North Korea-linked hackers, given the country's history of targeting cryptocurrency platforms for financial gain. However, the situation took an unexpected turn when the alleged perpetrator voluntarily returned the stolen funds without any ransom demands. 

In a surprising twist, Munchables shared that the individual behind the attack had relinquished access to the private keys containing the stolen funds, expressing gratitude for their cooperation. Despite this resolution, questions lingered about the circumstances surrounding the incident, including the attacker's identity and motives, prompting calls for enhanced security measures within the crypto community. Shortly thereafter, another breach occurred on Thursday evening, this time affecting Prisma Finance, a popular decentralized finance (DeFi) platform, which suffered a loss of approximately $11.6 million. 

However, the aftermath of this breach was marked by cryptic messages from the hacker, who claimed the attack was a "white hat" endeavour aimed at highlighting vulnerabilities in the platform's smart contracts. The hacker, whose identity remained undisclosed, reached out to Prisma Finance seeking to return the stolen funds and engaging in a discourse about smart contract auditing and developer responsibilities. 

Despite the hacker's apparent altruistic intentions, the incident underscored the importance of rigorous security measures and comprehensive audits in the DeFi space. Prisma Finance later released a post-mortem report detailing the flash loan attack that led to the breach, shedding light on the exploitation of vulnerabilities in the platform. The report emphasized ongoing efforts to investigate the incident and ensure the safety of users' funds, highlighting the collaborative nature of the crypto community in addressing security breaches. 

These breaches come against the backdrop of heightened scrutiny of cyberattacks on cryptocurrency platforms, with a recent United Nations report identifying North Korean hackers as key perpetrators. The report highlighted a staggering $3 billion in illicit gains attributed to North Korean cyberattacks over a six-year period, underscoring the persistent threat posed by state-sponsored hackers in the crypto space. 

As the investigation into these breaches continues, the crypto community remains vigilant, emphasizing the importance of robust security measures and proactive collaboration to safeguard against future threats. While the motives behind these breaches may remain shrouded in mystery, the incidents serve as a stark reminder of the ever-present risks associated with digital assets and the imperative of maintaining heightened security protocols in the evolving landscape of cryptocurrency.
Read more »
Technology
Cyberattacks CyberCrime Cybersecurity CyberThreat Finance Google Play Store MoS Technology

MoS Finance Comments Google's Swift Response in Removing 2,200 Deceptive Loan Apps

 


According to the government, over 2,200 fraudulent loan apps have been suspended or removed from Google's Play Store between September 2022 and August 2023, as outlined in a written statement issued by the government on Tuesday. 

As per a written reply to a Rajya Sabha question, Minister of State for Finance Bhagwat K Karad said the government has been in constant contact with the Reserve Bank of India (RBI) and other regulators and stakeholders to control fraudulent loan apps. 

Based on the information provided by MeitY (Ministry of Electronics and Information Technology), it seems that Google has reviewed about 3,500 to 4,000 loan apps between April 2021 and July 2022 and has suspended or removed over 2,500 of those apps from its Play Store during this period. 

It was stated that the Reserve Bank of India has released a set of regulatory guidelines that aim to strengthen the regulatory framework for digital lending and to make sure the customer's safety and well-being are protected, as well as ensuring a safe and secure digital lending ecosystem so that, ultimately, a more secure digital lending environment can be created. 

Several regulatory guidelines have been issued by the Reserve Bank of India on digital lending, according to the minister, aimed at strengthening the regulatory framework for digital lending, improving customer protection, and making the digital lending ecosystem a safer and healthier place to operate. 

The Indian Cyber Crime Coordination Centre (I4C), Ministry of Home Affairs (MHA) has been continuously analysing digital lending apps, he said. The Minister of State of Finance, MoS Karad, revealed that the government has been actively working with regulatory authorities like the Reserve Bank of India to reduce the number of illegal loan apps in the country. 

To mitigate vulnerabilities in the Indian financial system, Karad stressed the need for timely action by the Indian government to maintain cybersecurity preparedness. According to him, one of the efforts in this regard had been the RBI sharing with MeitY an exclusive list of 442 unique digital lending applications for whitelisting, a list which had also been shared with Google and was part of a similar effort. 

In the preceding two and a half years of collaborating with the tech giant, MeitY has removed or suspended over 4,700 fraudulent loan apps from the Google Play Store due to its collaboration with MeitY. The purge was carried out between April 2021 and July 2022 by Karad. After that, another 2,200 apps were removed between September 2022 and August 2023 by Karad. 

As per Karad, about 2,500 loan apps were taken down between April 2021 and July 2022. In addition to that, the minister also pointed out that Google has implemented stricter policies regarding the enforcement of loan apps on its Play Store, only allowing those apps that are created by regulated entities or those that are affiliated with them. 

Aside from this, it was also mentioned that the RBI has issued regulatory guidelines on digital lending in tandem with the actions mentioned above, to enhance customer protection in the digital lending ecosystem by strengthening the regulatory framework and fortifying oversight. As part of its efforts to combat cybercrime, the Indian Cybercrime Coordination Centre (I4C) is actively monitoring digital lending applications under the Ministry of Home Affairs. 

A national cybercrime reporting portal and a dedicated helpline number have been established by the union home ministry to give citizens the ability to report cybercrime incidents, including those related to illegal loan apps. 

The government of India and the Reserve Bank of India have undertaken several awareness initiatives, such as social media safety tips, educational handbooks, and campaigns to combat cybercrime, as part of their efforts to raise public awareness. 

According to the minister, the government will maintain vigilance, take regulatory actions, and conduct awareness campaigns, including e-BAAT, electronic banking awareness and training (e-BAAT) programs run by the Reserve Bank of India, to combat cybercrimes, particularly those relating to fraudulent loan apps. 

Since JanSamarth launched its portal at the end of last year, more than 1,83,903 beneficiaries have applied for loans via the JanSamarth portal, reaching a total of more than 2,10,000 beneficiaries. During 2022-23, Karad reportedly reported 7,25 cases of fraud related to UPI in a separate response. In total, there were 573 crores involved in these fraud cases, which amounts to a large amount of money.
Read more »
Private Information
CISA Citrix Bleed Bug Cyber Security Finance Healthcare Malicious actor Private Information

Ransomware Surge: 2023 Cyber Threats

In the constantly changing field of cybersecurity, 2023 has seen an increase in ransomware assaults, with important industries like healthcare, finance, and even mortgage services falling prey to sophisticated cyber threats.

According to recent reports, a ransomware outbreak is aimed against critical services like schools, hospitals, and mortgage lenders. These attacks have far-reaching consequences that go well beyond the digital sphere, producing anxiety and disturbances in the real world. The state of affairs has sparked worries about the weaknesses in our networked digital infrastructure.

A concerning event occurred at Fidelity National Financial when a ransomware debacle shocked homeowners and prospective purchasers. In addition to compromising private financial information, the hack caused fear in those who deal in real estate. This incident highlights the extensive effects of ransomware and the necessity of strong cybersecurity protocols in the financial industry.

Widespread technology vulnerabilities have also been exposed, with the Citrix Bleed Bug garnering media attention. The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings due to the growing damage caused by this cybersecurity vulnerability. The growing dependence of businesses and organizations on digital platforms presents a significant risk to data security and integrity due to the potential for exploiting vulnerabilities.

On the legislative front, the National Defense Authoration Act (NDAA) looms large in the cybersecurity discourse. As the specter of cyber threats continues to grow, policymakers are grappling with the need to bolster the nation's defenses against such attacks. The imminent NDAA is expected to address key issues related to cybersecurity, aiming to enhance the country's ability to thwart and respond to cyber threats effectively.

The healthcare sector has not been immune to these cyber onslaughts, as evidenced by the Ardent Hospital cyberattack. This incident exposed vulnerabilities in the healthcare system, raising questions about the sector's preparedness to safeguard sensitive patient information. With the increasing digitization of medical records and critical healthcare infrastructure, the need for stringent cybersecurity measures in the healthcare industry has never been more pressing.

The ransomware landscape in 2023 is characterized by a concerning surge in attacks across various critical sectors. From financial institutions to healthcare providers, the vulnerabilities in our digital infrastructure are being ruthlessly exploited. As the world grapples with the fallout of these cyber threats, the importance of proactive cybersecurity measures and robust legislative frameworks cannot be overstated. The events of 2023 serve as a stark reminder that the battle against ransomware is an ongoing and evolving challenge that requires collective and decisive action.



Read more »
Sensitive data
Crypto Crypto Currency Crypto Firms Cyber Secuirty Encryption Finance Protocol Sensitive data

Modern Cryptographic Methodologies Are Essential for Cybersecurity

Robust cybersecurity measures are more important than ever in a time when technological breakthroughs rule the day. A major risk to an organization's security is outdated cryptographic protocols, which make it open to cyberattacks. According to recent reports, organizations must immediately upgrade their cryptography methods in order to keep up with the constantly changing landscape of cyber threats.

The cybersecurity landscape is constantly evolving, and cybercriminals are becoming increasingly sophisticated in their techniques. This means that older cryptographic protocols, once considered secure, may now be vulnerable to attacks. The use of outdated protocols can expose sensitive data and leave organizations susceptible to breaches.

According to a recent article on Help Net Security, organizations can mitigate these risks by adopting modern cryptographic protocols. By staying informed about the latest advancements and best practices in encryption, businesses can ensure that their data remains secure.

One company at the forefront of modern encryption solutions is Virtru. Their platform offers state-of-the-art encryption tools designed to protect sensitive information across various platforms and applications. By leveraging Virtru's technology, organizations can enhance their data security and safeguard against potential breaches.

Moreover, maintaining robust cybersecurity practices can also have financial benefits. A report from Help Net Security suggests that organizations can decrease their cyber insurance premiums while still maintaining adequate coverage. By demonstrating a commitment to strong security measures, companies can negotiate better insurance rates, ultimately saving on costs.

In addition to updating cryptographic protocols, it's essential for organizations to implement a multi-layered approach to security. This includes regular security assessments, employee training, and proactive monitoring for potential threats. By taking a comprehensive approach to cybersecurity, businesses can fortify their defenses against evolving cyber threats.

Keeping up with cryptographic protocols is essential to ensuring strong cybersecurity. Organizations must maintain constant awareness and implement proactive security measures due to the ever-changing world of cyber threats. Businesses may strengthen their defenses and protect their sensitive data from potential intrusions by adopting modern encryption technologies and putting in place a multifaceted security approach.



Read more »
User Data
Aadhaar card Credit Card Digital Payment Finance Online Payments OTP Payment Apps Paytm Privacy Sensitive Information User Data

Paytm's Innovative ID-Based Checkout Solution

Paytm has made history by being the first payment gateway to provide retailers an alternative ID-based checkout solution. The way transactions are carried out in the world of digital payments is about to undergo a revolutionary change because of this ground-breaking innovation.

Traditional Internet transactions need a multi-step procedure that includes entering personal information, OTP verification, and payment confirmation. By enabling consumers to make payments using additional IDs like Aadhaar, PAN, or mobile numbers, Paytm's new system accelerates this procedure. This not only streamlines the checkout process but also improves security and lowers the possibility of mistakes.

The alternate ID-based checkout solution comes at a crucial time when the demand for seamless and secure online payments is higher than ever. With the surge in e-commerce activities, consumers seek faster and more convenient payment methods. Paytm's innovative approach addresses this need by eliminating the need for remembering complex passwords or digging through wallets for credit card information.

One of the major advantages of this system is its inclusivity. It caters to a wide range of users, including those who may need access to traditional banking services but possess valid alternate IDs. This democratization of online payments is a significant step towards financial inclusion.

Moreover, Paytm's solution is not limited to registered users. It includes a guest checkout option, allowing even first-time users to enjoy the benefits of this streamlined payment process. This opens up a whole new market of potential customers who may have been deterred by the complexity of conventional payment methods.

Security remains a paramount concern in the digital payment ecosystem, and Paytm has taken meticulous steps to ensure the safety of every transaction. The alternate ID-based system employs advanced encryption protocols and multi-factor authentication to safeguard sensitive information. This reassures both merchants and consumers that their data is protected.

Paytm's launch of the alternative ID-based checkout solution establishes a new benchmark for online payments as one of the fintech sector's innovators. The user experience is improved by this innovation, which also responds to the changing needs of a broad and expanding consumer base. Paytm is well-positioned to take the lead in determining the direction of future online transactions with its user-friendly approach and uncompromising dedication to security.

Read more »
Unauthorized access
Digital Currency. Digital Payment Encryption Europe Finance online transactions Policymaking process Privacy Unauthorized access

Consumer Finance Group Supports Enhanced Privacy in the Use of Digital Euro

Privacy and security in financial transactions are becoming increasingly important in our digital age. The Consumer Finance Group's recent call for stricter privacy protections for the digital Euro is a proactive step to ensure that people's financial information is protected.

The Consumer Finance Group, a prominent advocate for consumer rights, has raised concerns about the potential privacy vulnerabilities associated with the digital Euro, which is currently under development by the European Central Bank. As reported by ThePrint and Reuters, the group emphasizes the need for robust privacy protections.

One of the key concerns highlighted by the Consumer Finance Group is the risk of digital Euro transactions being traced and monitored without adequate safeguards. This could lead to an invasion of financial privacy, as every transaction could potentially be linked to an individual, raising concerns about surveillance and misuse of data.

To address these concerns, the group has proposed several measures:

  • Enhanced Encryption: They suggest implementing advanced encryption protocols to protect the privacy of digital Euro users. This would make it exceedingly difficult for unauthorized parties to access transaction details.
  • Anonymous Transactions: The group advocates for the option of anonymous transactions, allowing users to make payments without revealing their identities. While this could raise concerns about potential illicit activities, it also protects the privacy of law-abiding citizens.
  • Clear Data Retention Policies: Consumer Finance Group also calls for transparent data retention policies, ensuring that personal financial data is not stored longer than necessary and is subject to strict regulations.
  • User Consent: They propose that users should have clear and informed consent regarding the collection and use of their financial data, empowering individuals to make choices about their privacy.

While these measures are essential for safeguarding privacy, it's essential to strike a balance between privacy and security. Implementing stringent privacy measures must also consider the need to combat financial crimes such as money laundering and terrorism financing.

The European Central Bank and policymakers should carefully consider the recommendations put forth by the Consumer Finance Group. Finding the right balance between privacy and security in the digital Euro's design will be crucial in gaining public trust and ensuring the widespread adoption of this digital currency.

The need for stronger privacy protections in the digital Euro is a reminder of the importance of safeguarding personal financial data in our increasingly digitalized society. Regulators and financial institutions must prioritize addressing these privacy issues as digital currencies become more widely used.

Read more »
Technology
Account Aggregators AI Artificial Intelligence Finance Finance ministry Generative AI GOI Government of India Public sector bank State-run Banks Technology

India’s Finance Ministry Tell State-run Banks to Adopt Emerging Technologies to Increase Operational Efficiency


The Indian finance ministry has ordered state-run banks to collaborate and take use of emerging technology to improve operational effectiveness and customer experience.

In a meeting, headed by Finance Minister Nirmala Sitharaman to assess the activities and performance of public sector banks (PSBs), utilization of account aggregators and generative artificial intelligence for banking operations was taken into consideration in order to correspond with the innovative technological advancements.

The finance minister further highlighted the significance of PSBs into exploring partnerships in human resource training and utilizing technology to provide a cost efficient service to customers. These resources and knowledge will ultimately provide enhancement in the PSBs’ operational capability and a better experience to their customers.

What are These Technologies? 

Account Aggregators provide consented sharing of financial data within and between financial institutions once the customers have approved. This enables a consolidated overview of a person's financial data from many accounts and organizations.

Generative Artificial Intelligence is the AI system that can be used to generate content, like text, images or applications, based on training data. Its ability to automate a number of processes and tasks, improves its efficiency and productivity.

Adopting these emerging technologies will streamline the bank’s operations, cut off the costs, and provide a better customer experience. The instruction from the finance ministry emphasizes the government's dedication to using technology in the banking sector and improve overall performance and customer satisfaction.

Security Approach

The government has also issued a cautionary state to the state-controlled banks over the protection of customer data when contracting out essential services, notably technological services. In order to reduce costs and improve security, the statement demonstrates the value of protecting personal information and the necessity of lender cooperation.

While the state-run banks are inclined into investing in technological upgrades like AI and machine learning, this is eventually leading to higher expenses. To evade the issue, the government has asked banks to work collaboratively in sharing information in areas like ‘cybersecurity,’ thus aiding in reducing cost.

Banks can work on collaborating and adopting effective cybersecurity measures and secure the personal information of their clients by pooling resources and sharing infrastructure. This cooperative strategy can reduce the dangers of data breaches and improve the state-run institutions' overall security posture.

The government's warning indicated a rising understanding of the significance of cybersecurity and data protection in the financial industry. It emphasizes the necessity for banks to exercise caution when contracting out technical services, making sure that sufficient safeguards are put in place to protect customer data throughout the entire process.

Read more »
Finance
Blockchain cryptocurrency Cyberscams DeFi Digital WAllets Finance

DeFi Clients Lost $228 Million to Hackers in Past 3 Months


In the recent past, there has been a dramatic rise in the number of cyber incidents, where cyber threat actors have tried to exploit many cryptocurrency projects. It is interesting to note that hackers have significantly targeted DeFi, according to the latest report by the leading bug bounty program – Immunefi.

According to this report, the total hacks across blockchains have increased up to 63%, during the second quarter of 2023 when compared to the activities recorded from the same period last year. While the overall losses went as low as 60%, ImmuneFi notes that the number of hacks has only grown by 65%, with the losses shooting up by 225%.  

According to Immunefi's analysis of the attacks that were launched against DeFi platforms, they lost an overall sum of around $228 million in the second quarter across 79 separate cyber incidents. In comparison, over the course of two instances, centralized platforms lost $37 million. 

The firm’s analysis further concluded that most of the losses in cryptocurrency were a result of two specific incidents – the Atomic Wallet Hack of June 3 and the exit scam by the Fintoch platform, which is no longer in use. 

Atomic Wallet Hack 

The self-custodial wallet – Atomic Wallet – lost a whopping $100 million in crypto allegedly to the North Korea-linked hackers, Lazarus Group. According to the Atomic Wallet team, the threat organization affected “less than 0.1” of its customers, however, they did not make it clear if Lazarus was actually behind the attacks.

Fontoch 

After promising users a 1% daily interest on their investments, FinToch disappeared, losing almost $32 million in user funds in May. The scam, better known by the name ‘rugpull,’ was first discovered by Twitter blockchain sleuth ZackXBT. 

In addition, Immunefi also found that some chains were targeted more than others. The firm found that assaults on Ethereum and BNB Chain accounted for 77% of all losses in the most recent quarter, with Arbitrum coming in second at 12%. Given that Arbitrum had absolutely no issues during the same time period last year, they claimed that attacks on it were noteworthy. However, both Arbitrum and Binance spokespeople denied to comment on the matter.  

Read more »
InfraGard
Cyber Security Database Breach FBI Finance InfraGard

Attacker Uses InfraGard Devices to Access FBI by Posing as Firm

According to experts that spoke to independent cybersecurity writer Brian Krebs, who first reported the incident, the hacker gained access to InfraGard's online site by pretending to be the CEO of a finance company. They described the screening procedure as surprisingly loose. 

Tens of thousands of contact info for public figures were advertised for sale on the dark web after hackers took advantage of a security flaw in one of the FBI's databases. 

According to reports, a hacker who pretended to be the CEO of a financial institution claims to have gained access to the than 80,000-member database of InfraGard, an FBI outreach program that communicates sensitive information on cybersecurity and threats to national security with public officials and private sector actors who manage critical infrastructure in the United States.

Last weekend, a hacker claimed to have samples from the database and posted them to a website forum frequented by internet criminals. They claimed to be seeking $50,000 for the complete database.

The FBI made no attempt to explain how the hacker managed to trick the organization into granting the InfraGard membership. When submitting an application to join InfraGard in November, the hacker reportedly will include a contact email address under its control as well as the CEO's actual mobile phone number. 

The FBI can interact with corporate leaders, entrepreneurs, lawyers, security personnel, military, and government officials, IT experts, academia, and state and local law enforcement through the InfraGard site. The Infragard homepage states that the portal is primarily intended for information exchange and education regarding new threats.   

The associated information from the hacker's chat has been submitted by KrebsOnSecurity so they can be taken down from the InfraGard forum. However, the hacker revealed to Krebs they had been contacting InfraGard personnel while assuming the role of the CEO of the financial institution in an effort to gather more private information that could be used in criminal activity.  
Read more »
User Privacy
Cyber Security Digital Currency. Finance Indian Bank Indian Rupee RBI UPI User Privacy

Indian Digital Currency Era – A Quick Look

Compared to more conventional forms of money like cash notes or coins, electronic money stored in bank accounts, mobile banking applications, and credit cards is quickly replacing the public's perception of finance.

The popularity of UPI demonstrates the preference for digital money systems. India has been pushing hard to become cashless, starting with the decision to implement demonetization in 2016. That same year also saw the launch of the real-time payments system known as the Unified Payments Interface (UPI). The paradox in the existing system is that although digital transactions are becoming more common, cash is still very popular in India.

In terms of transaction value, UPI executed 7.3 billion transactions in October, totaling Rs. 12.11 lakh crore, a record high. While volumes increased 73.3 percent during the same period, transaction values increased by 56.6 percent year over year.

Cryptocurrencies vs. Digital Rupee

A CBDC, as defined by the RBI, is "a legal tender issued by a central bank in digital form. It can be exchanged one-to-one for fiat money and is equivalent to it. All that has changed is its form. "

However, it is impossible to directly compare a CBDC to a cryptocurrency.

"A CBDC is not a commodity or a claim on a commodity or a digital asset, unlike cryptocurrencies. They are not money definitely not a currency in the sense that the term has historically been used, "according to the RBI's release.

According to the tracker maintained by the Atlantic Council, 98 nations are currently investigating CBDCs. Of these, 11 nations have started CBDCs. In light of this situation, the RBI is acting in a calibrated way to start CBDCs. It is currently looking into the possibility of implementing wholesale CBDCs based on accounts and retail CBDCs based on tokens.

"When something new enters the market, the old need to adapt, and the new need to control the change", says Nikhil Kamath, co-founder of Zerodha. "While many have been critical of #CBDC, we might be overlooking the big picture, remittances, unbanked economy, and minimizing subsidy leakage."

The increasing use of cryptocurrency stablecoins, which tie their value to another currency or asset, has also alarmed a number of central banks. According to a Press Trust of India report, RBI officials informed a parliamentary finance committee in 2022 that the 'dollarization' of a portion of the economy by cryptocurrencies could be detrimental to the nation's interests.

Money transfers via cell phones would be quick and easy, according to Sathvik Vishwanath, co-founder, and CEO of Unocoin, a rival cryptocurrency exchange. The digital rupee will most importantly aid in the eradication of problems with counterfeit money.

According to FIS's Cheema, adoption of the CBDC in the wholesale sector (CBDC-W) has large benefits and substantially fewer dangers than in the more complicated domain of retail CBDC (CBDC-R). In the future, CBDC-R will supplement existing payment structures, not replace them.

The digital rupee will therefore be available for use by all Indian citizens whenever the RBI begins to print it.




Read more »
FTX
bankruptcy Binance Crypto Crypto Firms Data Breach Finance FTX

FTX Filed for Bankruptcy Protection in US

Facing the digital equivalent of a banking collapse, the financially troubled cryptocurrency exchange FTX filed for US bankruptcy protection on Friday.

Bitcoin fell to a two-year low this week after a week of reports regarding the platform's financial difficulties, and by Friday night, the price of the cryptocurrency was trading at $16,861 (€16,256).

The company revealed that Sam Bankman-Fried, its former CEO, has also left after a remarkable turn of events at the second-largest cryptocurrency exchange in the world. His FTX empire crumbled in a little more than a week, shattering trust in the already unstable cryptocurrency market.

Coindesk and customer reports on social media claim that the unstable platform has finally permitted some users to withdraw money for the first time in days.

Summary of FXT company

According to a tweet from the company, FTX, Alameda Research, a cryptocurrency trading company that is linked with it, and roughly 130 of its other businesses have started voluntary Chapter 11 bankruptcy procedures in Delaware. In the US, a firm can use Chapter 11 to reorganize its debts while still operating under court supervision.

FTX Trading claimed in its bankruptcy filing that the firm has assets worth between $10 billion and $50 billion, liabilities between $10 billion and $50 billion, and more than 100,000 creditors.

Customers left FTX earlier this week because of concern about a lack of capital, leading to an agreement to sell the company to larger rival Binance.

Kingston student Thomas, 22, who has been a customer of FTX for over a year, calls it a 'hub for crypto.'For the £2,000 he claimed to have on the exchange, which he calls a 'fairly large amount of money,' he claims he was able to submit a withdrawal request.

However, he is worried about the number of requests being made by FTX consumers and is unsure if all of them will be fulfilled as the business struggles.

The cryptocurrency community had hoped that Binance, the biggest cryptocurrency exchange in the world, could be able to save FTX and its depositors.

After reviewing FTX's financial records, Binance came to the conclusion that the issues facing the smaller exchange were insurmountable, and it withdrew from the agreement. A business that was once the pride of the cryptocurrency market had a dramatic fall in popularity.

In January, FTX collected $400 million from investors, valuing the business at $32 billion.






Read more »
Telecom
Credential Phishing Dark Web Data Breach Finance Healthcare Malicious actor Ransomware Attacks. Stock market Telecom

Dark Web: 31,000 FTSE 100 Logins

 

With unveiling the detection of tens of thousands of business credentials on the dark web, security experts warn the UK's largest companies that they could unintentionally be exposed to significant vulnerability. Outpost24 trawled cybercrime sites for the compromised credentials, discovering 31,135 usernames and passwords related to FTSE 100 companies using its threat monitoring platform Blueliv.

The Financial Times Stock Exchange (FTSE) 100 Index comprises the top 100 companies on the London Stock Exchange in terms of market capitalization. Across several industry verticals, these businesses reflect some of the most powerful and lucrative businesses on the market. 

The following are among the key findings from the study on stolen and leaked credentials: 

  • Around three-quarters (75%) of these credentials were obtained by traditional data breaches, while a quarter was gained through personally targeted malware infections. 
  • The vast majority of FTSE 100 firms (81%) had at least one credential hacked and published on the dark web, and nearly half of FTSE 100 businesses (42%) have more than 500 hacked credentials. 
  • Since last year, there were 31,135 hacked and leaked credentials for FTSE 100 organizations, with 38 of them being exposed on the dark web. 
  • Up to 20% of credentials are lost due to malware infections and identity thieves.
  • 11% disclosed in the last three months (21 in the last six months, and 68% for more than a year) Over 60% of stolen credentials come from three industries: IT/Telecom (23%), Energy & Utility (22%), and Finance (21%). 
  • With the largest total number (7,303) and average stolen credentials per company (730), the IT/Telecoms industry is the most in danger. They are the most afflicted by malware infection and have the most stolen credentials disclosed in the last three months.
  • Healthcare has the biggest amount of stolen credentials per organization (485) due to data breaches, as they have become increasingly targeted by cybercriminals since the pandemic started. 

"Malicious actors could use such logins to get covert network access as part of "big-game hunting" ransomware assault. Once an unauthorized third party or initial access broker obtains user logins and passwords, they can either sell the credentials on the dark web to an aspiring hacker or use them to compromise an organization's network by bypassing security protocols and progressing laterally to steal critical data and cause disruption," Victor Acin, labs manager at Outpost24 company Blueliv, explained.
Read more »
User Security
Bank Cyber Security Bank fraud Bank Security Banks Cyber Risk Cyber Security Finance Financial Regulators RBI User Privacy User Security

How Banks Evade Regulators For Cyber Risks

 


As of late, the equilibrium between the banks, regulators, and vendors has taken a hit as critics claim that banks are not doing enough for safeguarding the personally identifiable information of the clients and customers they are entrusted with. As there has been rapid modernization in internet banking and modes of instant payments, it has widened the scope of attack vectors, introducing new flaws and loopholes in the system; consequently, demanding financial institutions to combat the threat more actively than ever. 

In the wake of the tech innovations that have broadened the scope of cybercrime, the RBI has constantly felt the need to put forth reminders for banks to strengthen their cyber security mechanisms; of which they reportedly fell short. As financial frauds relating to electronic money laundering, identity theft, and ATM card frauds surge, banks have increasingly avoided taking the responsibility.  

It's a well-known fact that banks hire top-class vendors to circumvent cyber threats, however, not a lot of people would know that banks have gotten complacent with their reliance on vendors to the point of holding them accountable for security loopholes and cybersecurity mismanagement. Subsequently, regulators fine the third-party entity, essentially the 'vendors' providing diligent cyber security risk management to the banks.  

The question that arises is that are banks on their own doing enough to protect their customers from cyber threats? Banks need to understand monitoring and management tools available to manage cyber security and mitigate risks. Financial institutions have an inherent responsibility of aggressively combating fraud and working on behalf of their customers and clients to stay one step ahead of threats.  

Banks can detect and effectively prevent their customers' privacy and security from being jeopardized. For instance, banks can secure user transactions by proactively monitoring SMS using the corresponding mobile bank app. They can screen phishing links and unauthorized transactions and warn customers if an OTP comes during a call.  

Further, banks are expected to strictly adhere to the timeframe fixed for reporting frauds and ensuring that customer complaints regarding unscrupulous activities are timely registered with police and investigation agencies. Banks must take accountability in respect of reporting fraud cases of their customers by actively tracking the accounts and interrupting vishing/phishing campaigns on behalf of their customers as doing so will allow more stringent monitoring of the source, type, and modus operandi of the attacks. 

“We are getting bank fraud cases from the customers of SBI and Axis Bank also. It is yet to be verified whether the data has been leaked or not. There might be data loss or it could be some social engineering fraud,” Telangana’s Cyberabad Crimecrime police said. 

“Police said that the fraudsters had updated data of the thousands of customers who received new credit cards and it was a bank’s insider who is the architect of this whole fraud,” reads a report pertaining to an aforementioned security incident by The Hindu.  

“This is a classic case to explain the poor procedure practised by the network providers while issuing SIM cards, and of course the data security system at the banks,” a senior police officer said. 

In relation to the above stated, banks should assume accountability for their customers’ security and shall review and strengthen the monitoring process, while meticulously following the preventive course of action based on risk categorization like checking at multiple levels, closely monitoring credits and debits, sending SMS alerts, and (wherever required) alerting the customer via a phone call. The objective, essentially, is for banks to direct the focus on aspects of prevention, prompt detection, and timely reporting for the purpose of aggregation and necessary corrective measures by regulators which will inhibit the continuity of crime, in turn reducing the ‘quantum’ of loss.  

Besides, vigorously following up with police and law authorities, financial institutions have many chances to detect ‘early warning signals’ which they can not afford to ignore, banks should rather use those signals as a trigger to instigate detailed pre-investigations. Cyber security is a ‘many-leveled’ thing conception, blaming the misappropriations on vendors not only demonstrates the banks’ tendency to avoid being a defaulter but also impacts the ‘recoverability aspects’ like effective monitoring for the customers to a great degree.
Read more »
Vulnerability and Exploits
Finance NEFT RBI RTGS Vulnerability and Exploits

Reserve Bank of India Experiences a Technical Glitch; NEFT and RTGS Go Down for Half a Day!


Electronic money transfer is something that has changed the way people used to transact. It has offered a way more convenient method that goes along the lines of modernity and the need of recent times.

The most widely used and popular mediums of transferring money between bank accounts in India are NEFT and RTGS. While NEFT has neither minimum nor maximum limits, RTGS is designed for heavier sums of money with 2 lac being the minimum amount and 10 lac being the maximum per day.

Per reports, National Electronic Funds Transfer (NEFT) and Real-Time Gross Settlement (RTGS) were disrupted for more than half a day. The signs of this started to show from Monday midnight.

Sources mention that this happened because of a technical glitch in the systems of the Reserve Bank of India. Nevertheless, NEFT and RTGS have been reinstated after inactivity of 12 hours.

Several reports reveal that the main issue allegedly was grappled by the Indian Financial Technology and Allied Services (IFTAS), which is an RBI affiliated branch when the “disaster recovery site” was being moved from locale A to B.

Sources impart that the NEFT transactions have as of now been brought back. The “end-of-day” RTGS transactions of the previous day are being worked on to get them to reach completion but the “start-of-day” for RTGS hasn’t ensued yet. Still, the restoration of RTGS is expected soon.

The setup for NEFT was established and supported by the Institute for Development and Research in Banking Technology. People will now be able to use this medium for online transferring of funds and money 24x7. Meaning that holidays or weekends would never come in the way of money transfers and funds would be transferred any day and at any time at all.

NEFT and RTGS are the most commonly used routes for online transfer of funds.

The former medium facilitates a provision for limitless one-to-one transfer of money from and to individuals and corporates with an account in any bank branch in the country. The latter, however, has the aforementioned limits and is a continuous and real-time settlements of fund transfers.

Read more »
Technology
Bitcoin cryptocurrency digital currency Finance Technology

Bitcoin No More the World's Most Used Cryptocurrency, as Tether Takes Over

If someone were to ask you "what's the world's most used cryptocurrency?” you'd probably say "Bitcoin," which accounts for 70% of the world's market value digital assets. But in reality its Tether, which is now the world's most used cryptocurrency.

Although precise numbers on trading measures are arduous to get in this misty business environment, statistics from CoinMarketCap.com point that the Tether is the highest daily and monthly valued cryptocurrency, even though its market capitalization is 30% less.



In April, Tether's profit outdid Bitcoin for the first time, and since early August, it has steadily exceeded it at the rate of $21 billion per day, says CoinMarketCap.com. With its steadily trading volume nearly 18% greater than Bitcoin, Tether has no doubt become one of the most significant coins in the crypto sector.

It's also the leading cause why governors view cryptocurrencies with skepticism and have set a halt on crypto exchange-traded supplies among distress of business administration.

"Without Tether, we would have suffered a heavy cost of the regular amount -- about $1 billion or higher depending on the information reference, ” says Lex Sokolin, co-head, global financial technology at ConsenSys, which extends blockchain technology services.

"Few concerning possible tappings of dealing in the business may begin to drop off,” says Lex.

The reason being is Tether is the most accepted steady coin around the globe, as it avoids price fluctuations through stocks. Tether is also a road to the crypto market for most of the world's existing businesspeople. 'For instance, in China, a trading giant where cryptocurrency is outlawed, people can comfortably spend for cash with tethers on the tables without any uncertainty or mistrusts,' says Lex 'and furthermore they can swap it for bitcoins and distinct cryptocurrencies.'

Is it safe? 

 However, many people don't truly rely on Tether, says Thaddeus Dryja, a research scientist at the Massachusetts Institute of Technology. People think of Tether as some money in their account, without actually realizing that they are using it, he says.

'Some trades unspecified their folios, to send the idea that customers are holding money rather than Tethers,' said Thaddeus.
Read more »
Subscribe to: Posts (Atom)