Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Financial Data. Show all posts
private
Agent Tesla Email Financial Data malware private

Tesla Users Targeted by Dangerous New Malware: What You Should Know

 



Tesla has often made headlines lately, but this new problem is not connected to Elon Musk or his cars. Instead, it involves cybercriminals who are trying to steal people’s private information using a dangerous software called Agent Tesla.

Here’s a clear explanation of how the attack works and what you need to stay safe.


Attackers Use Clever Tricks to Spread Malware

Researchers from Unit 42, the security team at Palo Alto Networks, have reported a new online threat. This time, hackers are sending fake emails to people, pretending that important documents like invoices or payment receipts are attached.

When someone opens the file, it quietly triggers a hidden script. This script then downloads a second program called PowerShell, which runs silently from the computer’s temporary folder, making it much harder for antivirus software to detect.

Once the script is active, the attack can follow one of two different paths: it either launches a .NET file or an AutoIt dropper. Depending on which one is used, different types of harmful programs are installed on the victim’s device. Although each step of the attack is simple, when combined, they make the entire process harder to spot and stop.


What is Agent Tesla?

One of the main threats delivered by this campaign is Agent Tesla. Agent Tesla is a type of malware known as a Remote Access Trojan (RAT). It allows hackers to secretly access and steal important information from an infected device. Once inside, it can gather:

1. Usernames and passwords

2. Email contacts and communication details

3. Financial data

4. Saved information from web browsers

5. Screenshots from the user’s computer

6. Information from email apps

7. Records of everything typed (keystrokes)

It can even read private email and chat messages, making it very dangerous for both individuals and businesses.

The same attack campaign was also seen using other malware like Remcos RAT and XLoader, but Agent Tesla was a major part of the operation because of its strong data theft abilities.


Be Careful With Unknown Emails

Since the attack begins with a simple email, it’s important to stay cautious. Avoid opening attachments you weren't expecting, especially if the email asks you to check a payment or invoice you do not recognize.

Read more »
Sensitive Information
Data Breach Financial Data Landmark Sensitive Information

Landmark Admin Hack: Massive Data Leak Hits 1.6 Million Americans

 



Landmark Admin, a company based in Texas that works with insurance firms across the country, has shared new details about a cyberattack it suffered last year. According to the latest update, the number of people whose personal data may have been accessed has now reached more than 1.6 million.


How It Started

In May 2024, Landmark noticed something suspicious on its computer network. After looking into the issue, it found out that hackers had broken in and accessed files containing sensitive details of many individuals.

At first, the company believed the attack had affected around 806,000 people. However, in a recent filing with the Maine Attorney General’s Office, Landmark revealed that the total number of impacted people is now estimated at 1,613,773. They also said that this number might change again as the investigation continues.


What Information Was Stolen?

The hackers were able to get their hands on private data. This could include a person’s name, home address, Social Security number, or details from their passport or driver’s license. Some people’s financial information, health records, and insurance policy numbers may also have been exposed.

Not everyone had the same information stolen. The company has promised to send each affected person a letter that clearly mentions which of their details were accessed in the attack.


What Is Being Done to Help?

Landmark is still reviewing the situation with cybersecurity experts. They are in the process of informing everyone who may have been affected. People who get a notice from Landmark will also receive 12 months of free credit monitoring and identity theft protection to reduce the chances of further harm.

Those affected are encouraged to keep an eye on their credit activity. They may also consider placing a fraud alert or even freezing their credit to stay protected from possible misuse.

The full extent of the breach is still being investigated, which means the number of victims may grow. In the meantime, people are advised to stay alert, review their financial statements, and take steps to protect their identities.


Read more »
OCC
Banks bloomberg Cyber Attacks Data Sharing digital data email security financial attack Financial Data Hacker attack OCC

Top U.S. Banks Cut Off Digital Data Sharing With OCC After Major Cyberattack

 

Several of the largest banks in the United States have curtailed or reassessed how they share sensitive data with the Office of the Comptroller of the Currency (OCC), after a significant cyberattack compromised the regulator’s email system. 

According to Bloomberg, JPMorgan Chase and Bank of New York Mellon have paused all electronic communications with the OCC. Bank of America is continuing to share data, but through what it considers more secure digital channels. The decision follows the discovery that hackers had accessed over 100 email accounts at the OCC for more than a year—a breach labeled a “major incident” by both the OCC and the U.S. Treasury Department. 

The hackers reportedly obtained highly sensitive information related to financial institutions, although their identities remain unknown. The OCC, a bureau under the Treasury, oversees over 1,000 national banks and savings associations, including the U.S. branches of foreign institutions. Among the materials potentially exposed are reports on cybersecurity protocols, internal vulnerability assessments, and National Security Letters—documents that may contain classified intelligence regarding terrorism or espionage. 

Banks have raised concerns about the extent of the breach and the OCC’s communication about the incident. Some financial institutions reportedly did not learn of the scope of the compromise until media coverage surfaced. As a result, there is growing distrust among regulated institutions regarding how the OCC has handled disclosure and mitigation. The OCC said it is actively working with independent cybersecurity experts, including Mandiant and Microsoft, to investigate the breach and determine whether stolen data has surfaced on the dark web. 

A contractor is also reviewing two internal communication systems—BankNet and another used for transferring large files—to assess whether they were affected. While JPMorgan and BNY Mellon have suspended digital transmissions, Citigroup has continued data sharing due to its existing consent order with the OCC. It remains unclear whether other major banks like Wells Fargo or Goldman Sachs have taken similar steps. Experts warn that the breach could enable targeted cyberattacks or extortion attempts, as the stolen material may offer insight into institutional vulnerabilities. 

According to former Treasury CIO Eric Olson, the exposed data is “as sensitive as it gets.” The incident has drawn attention from Congress, with both the House Financial Services Committee and the Senate Banking Committee seeking more information. Experts view the banks’ decision to reduce data sharing as a sign of eroding trust in the OCC’s ability to safeguard critical regulatory communications.
Read more »
US Regulator
Data Breach Data Leak Financial Data OCC US Regulator

US regulator OCC Claims Email Hack Exposed Sensitive Bank Details

 

The US Office of the Comptroller of the Currency (OCC), a key banking regulator, officially classified a significant breach of its email system as a "major information security incident" after learning that malicious actors accessed highly sensitive bank supervisory data for eight to nine months before being detected. 

On February 11, 2025, the OCC became aware of "unusual interactions" between a system administrative account and user mailboxes in its office automation environment. By February 12, the agency had determined that the activity was unauthorised, engaged its incident response mechanisms, reported the problem to CISA (Cybersecurity Infrastructure and Security Agency), and blocked the compromised administrative accounts, effectively terminating the unauthorised access.

However, subsequent investigations, including internal evaluations and those conducted by independent third parties, revealed that the infiltration was much larger than previously thought. According to Bloomberg News, citing sources familiar with the investigation, the unauthorised access began in May or June 2024 and was discovered in February 2025. During this prolonged period, the attackers gained access to around 150,000 emails from 100 to 103 accounts, including those of senior OCC executives and workers.

On April 8, 2025, the OCC formally informed the United States Congress that the breach satisfied the threshold for a "major incident" under the Federal Information Security Modernisation Act (FISMA). This classification is based on the fact that the stolen emails and attachments contained "highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes.”

Acting Comptroller of the Currency Rodney E. Hood stated unequivocally that "long-held organisational and structural deficiencies" led to the incident and promised "full accountability for the vulnerabilities identified and any missed internal findings." The OCC is conducting a thorough audit of its IT security rules and procedures, and it has engaged third-party cybersecurity experts for review. Additional experts may be brought in to analyse internal cyber incident processes. 

The prolonged, undetected access to highly sensitive regulatory information about the health and oversight of US national banks constitutes a severe security flaw within a critical financial regulatory body. Exposure to such data increases the risk of its misuse for market manipulation, espionage, or enabling targeted assaults on financial institutions. While the OCC claimed in February that there was "no indication of any impact to the financial sector," the sensitivity of the exposed data may potentially cause "demonstrable harm to public confidence.”
Read more »
Financial Data
Athenian Tech Classified Information Data Breach Defence Ministry Financial Data

Cyberattack Exposes Confidential Defence Data, Raising Security Concerns

 



A massive collection of classified defence documents has reportedly been stolen by hackers and put up for sale. The stolen information includes blueprints for a weapon, details about an upcoming Air Force facility, procurement strategies, and India's defence partnerships with other countries.  

Cybersecurity firm Athenian Tech, which analyzed the data, believes it was taken from the personal device of a former Defence Ministry official. Among the leaked files are emergency evacuation procedures for high-ranking government officials, including the President and Prime Minister, in the event of an aerial attack. This has raised serious concerns about national security.  


Defence Agency denies data breach

The Defence Research and Development Organisation (DRDO), which is responsible for developing military technology, is known for its strict security rules. Employees are not even allowed to carry personal mobile phones in certain areas. However, the stolen data has been linked to DRDO, raising concerns about how such critical information was accessed.  

Despite these claims, DRDO officials have denied that their systems were breached. They stated that the stolen files do not belong to their organization but have not provided further details to clarify the situation.  


Hackers Claim Responsibility 

A ransomware group called Babuk Locker 2.0 announced on March 10, 2025, that it was behind the attack. The hackers claim to have stolen 20 terabytes of sensitive defence data from DRDO’s servers, including classified military documents and login credentials. They released a small portion of this data, approximately 753 MB, as proof of their claims.  

The sample files include technical details about upgrades to the T9 Bhishma Tank, along with records of India’s defence collaborations with countries such as Finland, Brazil, and the United States.  

Athenian Tech examined conversations between the hackers and found that they were communicating in Indonesian, suggesting they may be based in Indonesia. However, after further analysis, the firm believes the hackers might have exaggerated the scale of the breach.  

The report indicates that much of the leaked data is linked to Puneet Agarwal, who served as a Joint Secretary in the Defence Ministry between 2019 and 2021. His personal information, including Aadhaar details, financial records, and travel documents, were found in the files. This suggests that the breach might have come from his personal device rather than DRDO’s secured internal network.  


Major Security Risks 

The exposure of such sensitive information highlights major cybersecurity vulnerabilities. It raises concerns about insider threats and whether India’s defence infrastructure is adequately protected from sophisticated cyberattacks.  

Athenian Tech has stressed the need for stronger security measures, tighter access controls, and constant monitoring to prevent such incidents from happening again.  

One of the biggest concerns is that classified documents were stored on a personal device, which indicates serious gaps in data security policies. If the hackers also obtained login credentials, they could use them to infiltrate more secure systems and gain access to additional classified information.  

Read more »
Security Incident
Data Breach Data Leak Financial Data Fintech Security Incident

Fintech Giant Finastra Breach Exposed Private Data, Company Notifies Victims

 

The financial technology behemoth Finastra is alerting victims of a data breach after unidentified hackers initially gained access to its networks in October 2024 and took their personal data. More than 8,100 financial institutions in 130 countries, including 45 of the top 50 banks in the world, rely on London-based Finastra to supply financial services software applications.

The security incident was discovered on November 7 after Finastra detected malicious activity on some of its systems, as the business warned in breach notification letters given to those impacted by the breach. 

"Our investigation revealed that an unauthorized third party accessed a Secure File Transfer Platform (SFTP) at various times between October 31, 2024 and November 8, 2024. Findings from the investigation indicate that on October 31, 2024, the unauthorized third party obtained certain files from the SFTP," the fintech giant noted. 

"Finastra has no indication the unauthorized third party further copied, retained, or shared any of the data. We have no reason to suspect your information has or will be misused. As a result, we believe the risk to individuals whose personal data was involved is low.” 

At least 65 people in the state whose financial account information was stolen received breach notification letters from Finastra last week, although the company has not yet disclosed the number of victims or the type of data that was compromised (apart from the names of the victims), according to filings with the Massachusetts Attorney General's office. 

Additionally, the financial services organisation offers those whose information was compromised or stolen in the incident two years of free credit monitoring and identity restoration services through Experian.

The hack is believed to be connected to a (now-deleted) post on the BreachForums online cybercrime community by a threat actor called "abyss0" who claimed to sell 400GB of data allegedly stolen from Finastra's network, despite the fact that Finastra only revealed a very small amount of information in filings with Attorney General offices.

Last year in November, when a local media outlet enquired about the forum post, a Finastra spokesperson declined to confirm or deny ownership of the data, stating that the company experienced a limited-scope security incident and is assessing its impact.

"On November 7, 2024 Finastra's Security Operations Center (SOC) detected suspicious activity related to an internally hosted Secure File Transfer Platform (SFTP) we use to send files to certain customers," Finastra added. 

Finastra was also forced to shut down parts of its systems in March 2020 to combat what Tom Kilroy, the company's Chief Operating Officer at the time, described as a ransomware attack. While the company did not disclose how the attackers got access to its systems, cyber threat intelligence firm Bad Packets discovered that Finastra had many unpatched Pulse Secure VPN and Citrix ADC (NetScaler) servers prior to the attack.
Read more »
Personal Data
data attacks Data Breach Data Leak data security Financial Data healthcare data breach HIPAA Medical Data Medical Data breach Personal Data

Medusind Data Breach Exposes Health and Personal Information of 360,000+ Individuals

 

Medusind, a major provider of billing and revenue management services for healthcare organizations, recently disclosed a data breach that compromised sensitive information of over 360,000 individuals. The breach, which occurred in December 2023, was detected more than a year ago but is only now being reported publicly. 

The Miami-based company supports over 6,000 healthcare providers across 12 locations in the U.S. and India, helping them streamline billing processes and enhance revenue generation. According to a notification submitted to the Maine Attorney General’s Office, the breach was identified when Medusind noticed suspicious activity within its systems. 

This led the company to immediately shut down affected systems and enlist the help of a cybersecurity firm to investigate the incident. The investigation revealed that cybercriminals may have gained access to and copied files containing personal and medical details of affected individuals. Information compromised during the breach includes health insurance details, billing records, and medical data such as prescription histories and medical record numbers. Financial data, including bank account and credit card information, as well as government-issued identification, were also exposed. 

Additionally, contact details like addresses, phone numbers, and email addresses were part of the stolen data. In response, Medusind is providing affected individuals with two years of free identity protection services through Kroll. These services include credit monitoring, identity theft recovery, and fraud consultation. The company has advised individuals to stay vigilant by reviewing financial statements and monitoring credit reports for unusual activity that could indicate identity theft. 

This breach highlights the increasing cybersecurity challenges facing the healthcare industry, where sensitive personal information is often targeted. To address these risks, the U.S. Department of Health and Human Services has proposed updates to the Health Insurance Portability and Accountability Act (HIPAA). These proposed changes include stricter requirements for encryption, multifactor authentication, and network segmentation to protect patient data from cyberattacks. The Medusind incident follows a series of high-profile breaches in the healthcare sector.

In May 2024, Ascension reported that a ransomware attack had exposed data for 5.6 million individuals. Later in October, UnitedHealth disclosed a breach stemming from a ransomware incident affecting over 100 million people. As healthcare providers continue to face cyber threats, the urgency to implement robust data security measures grows. Medusind’s experience serves as a reminder of the significant risks posed by such breaches and the importance of safeguarding sensitive information.
Read more »
Healthcare
Ascension Cyber Attacks Financial Data Healthcare

New Finds from The June Ascension Hack




Healthcare industry giant Ascension has broken the silence and revealed more sensitive information concerning the recent hack in June. Through a worker opening a suspicious file without even knowing the malware was actually very harmful to download, it gave room for hackers into their network exposing patient information, among others.


During the past months, the healthcare system has worked with experts in cybersecurity to analyze how the breach affected them and the amount of patient and employee data that was taken. Since the investigation has been concluded, Ascension has informed the public regarding the data stolen and measures undertaken to safeguard the victims.

The investigation established that several kinds of personal information were accessed during the breach. Though the specifics vary for each individual, the leaked information may include:  

  • Medical Records: Medical record numbers, service dates, types of lab tests, and procedure codes.  
  • Financial Data: Credit card numbers, bank account information, and insurance details such as Medicaid and Medicare IDs.
  • Government Identifications: Social Security numbers and other governmental IDs. 

Ascension has come out to clarify that their main Electronic Health Records, which hold extensive patient's medical histories, were unaffected. This means that those operations that are considered most core in healthcare, such as viewing patient records and prescribing drug therapies, remain safe and unimpeded.


How Ascension is Reacting

To make amends for the breach, Ascension is offering free credit monitoring and identity protection services to anyone affected. Those affected will be sent formal notification letters within the next two to three weeks, which will detail step-by-step instructions to enroll in protection services so those affected may protect themselves from potential misuse of their data.

The credit monitoring service will be offered for two years and can be used to track suspicious activity regarding an individual's personal information. Ascension also informed those who had already enrolled in protection services after the initial breach that they could continue coverage without any interruption.


If you receive a notification, enrolling in the complimentary identity protection services is crucial. For assistance, you can visit Ascension’s website or contact their support line at (866) 724-3233 during business hours.  

Additionally, Ascension advises practicing general security measures, such as monitoring bank statements and staying alert for unusual activity. These steps can help minimize potential risks.

Ascension acknowledged the hurdle caused by the cyberattack and gave thanks to its patients, employees, and clinicians for their continued support. The organization highlighted its ability to persevere with such a team, and it assured the community that utmost care will be taken in protecting the information of its patients in the future.




Read more »
iPhones
AirDrop Apple Pay Cyber Security Financial Data iPhones

Debunking the Viral TikTok Myth: Apple Pay and AirDrop Security




Recent viral TikTok videos have raised unnecessary alarm among iPhone users by claiming that hackers can steal financial information from Apple Pay via AirDrop. According to these videos, simply having AirDrop enabled would allow a nearby stranger to gain access to sensitive credit card information. However, cybersecurity experts have thoroughly debunked these claims, confirming that they are baseless and entirely unfounded.

The central rumor suggests that if AirDrop is active on an iPhone, a hacker could exploit it to perform a so-called "walk-by hack," thereby gaining unauthorized access to financial data through Apple Pay. Viewers were urged to disable AirDrop to protect themselves from this imagined threat. Despite the buzz, experts, including reports by Apple Insider, have dismissed these claims as misinformation, emphasizing that AirDrop and Apple Pay function independently and cannot interact in the manner described.

AirDrop does not facilitate automatic data transfers, as it requires the recipient to manually accept incoming files. Additionally, the "Everyone" mode is only active for 10 minutes unless reactivated, with most users defaulting to "Contacts Only" or "Off" settings. Similarly, Apple Pay uses advanced encryption and secure technology that makes such a breach impossible. Each card added to Apple Pay generates a unique Device Account Number stored securely within the Secure Element—a tamper-proof chip designed to keep sensitive data isolated from the operating system. Transactions are further protected by biometric authentication like Face ID or Touch ID, along with dynamic security codes, ensuring card details are never reused or exposed.

The confusion surrounding this claim may stem from the introduction of Apple’s **NameDrop** feature in 2023. NameDrop allows users to exchange contact details by bringing two iPhones close together, but this feature only shares basic contact information—not financial data. While this new functionality may have caused some misunderstanding, there is no connection between NameDrop, AirDrop, or Apple Pay’s secure payment system.

Although the viral claims are false, users are encouraged to follow basic smartphone security practices to safeguard their devices. For instance, turning AirDrop off when not needed can reduce exposure to unwanted file sharing. It is also important to rely on trusted sources for information regarding potential security risks instead of viral social media posts. These steps, combined with Apple Pay’s robust security infrastructure, provide comprehensive protection for users’ financial information.

This incident underscores the importance of critically evaluating viral content before sharing it. Spreading unverified rumours can lead to unnecessary panic, despite the lack of credible evidence supporting such claims. Users can rest assured that Apple Pay remains one of the safest payment methods, supported by encryption, biometric authentication, and secure design principles.

Read more »
Personal Data Breach
Cybernews Data Breach Data Leak Financial Data healthcare data breach Healthcare Industry Personal Data Breach

Data Breach at Datavant Exposes Thousands of Minors to Cyber Threats

 

While cybercriminals often target adults for their valuable financial and personal information, children are not exempt from these risks. This was made evident by a recent data breach involving health IT company Datavant, which exposed sensitive information of thousands of minors. This incident highlights the vulnerabilities of even the youngest members of society in today's digital age.

The Datavant Breach: A Timeline of Events

The breach occurred in May following a phishing attack targeting Datavant employees. Hackers sent deceptive emails to trick employees into revealing their login credentials—a tactic relying on human error rather than exploiting technical vulnerabilities. While most employees recognized the phishing attempt, a few fell victim, granting attackers unauthorized access to one of the company’s email accounts.

An investigation revealed that between May 8 and 9, the attackers accessed sensitive data stored in the compromised inbox. Over 11,000 minors were affected, with stolen information including:

  • Names and contact details
  • Social Security numbers
  • Financial account details
  • Driver’s licenses and passports
  • Health information

Implications of the Breach

The stolen data poses severe risks, particularly identity theft and targeted scams. Among these, medical identity theft is particularly alarming. Hackers can use health data to file fraudulent insurance claims or manipulate medical records, which may disrupt access to healthcare services and create significant financial and administrative challenges for victims.

Unlike standard identity theft, medical identity theft carries unique dangers, such as incorrect medical information being added to a person’s records. This could lead to inappropriate treatments or delayed care, further complicating the recovery process for affected families.

Datavant’s Response

In response to the breach, Datavant has implemented additional security measures, including:

  • Strengthened cybersecurity protocols
  • Enhanced employee training on phishing awareness

While these steps aim to prevent future incidents, the emotional and financial toll on affected families remains substantial. For many, the breach represents a loss of security that is not easily restored.

Protecting Affected Families

Families impacted by the breach are advised to take proactive measures to safeguard their children’s identities, including:

  • Monitoring credit reports regularly
  • Freezing their child’s credit if necessary
  • Remaining vigilant against phishing attempts and unusual account activity

Lessons from the Breach

The Datavant breach is a stark reminder of the evolving tactics used by cybercriminals and the devastating consequences of compromised data. Organizations handling sensitive information, particularly data about children, must prioritize cybersecurity practices and invest in training to mitigate risks. For individuals, heightened awareness and vigilance are crucial defenses against potential threats.

Conclusion

As cyberattacks become increasingly sophisticated, incidents like the Datavant breach underscore the importance of robust security measures and proactive steps to protect sensitive information. The digital age brings immense benefits, but it also demands constant vigilance to ensure the safety of personal data—especially when it comes to protecting our youngest and most vulnerable populations.

Read more »
Personal Data
Data Breach Data breaches attacks Data protection Data Theft Financial Data Hacker attack Hackers Personal Data

Set Forth Data Breach: 1.5 Million Impacted and Next Steps

 

The debt relief firm Set Forth recently experienced a data breach that compromised the sensitive personal and financial information of approximately 1.5 million Americans. Hackers gained unauthorized access to internal documents stored on the company’s systems, raising serious concerns about identity theft and online fraud for the affected individuals. Set Forth, which provides administrative services for Americans enrolled in debt relief programs and works with B2B partners like Centrex, has initiated notification protocols to inform impacted customers. The breach reportedly occurred in May this year, at which time Set Forth implemented incident response measures and enlisted independent forensic specialists to investigate the incident. 

However, the full extent of the attack is now coming to light. According to the company’s notification to the Maine Attorney General, the hackers accessed a range of personal data, including full names, Social Security numbers (SSNs), and dates of birth. Additionally, information about spouses, co-applicants, or dependents of the affected individuals may have been compromised. Although there is currently no evidence that the stolen data has been used maliciously, experts warn that it could end up on the dark web or be utilized in targeted phishing campaigns. This breach highlights the ongoing risks associated with storing sensitive information digitally, as even companies with incident response plans can become vulnerable to sophisticated cyberattacks. 

To mitigate the potential damage, Set Forth is offering free access to Cyberscout, an identity theft protection service, for one year to those affected. Cyberscout, which has over two decades of experience handling breach responses, provides monitoring and support to help protect against identity fraud. Impacted customers will receive notification letters containing instructions and a code to enroll in this service. For those affected by the breach, vigilance is critical. Monitoring financial accounts for unauthorized activity is essential, as stolen SSNs can enable hackers to open lines of credit, apply for loans, or even commit crimes in the victim’s name. 

Additionally, individuals should remain cautious when checking emails or messages, as hackers may use the breach as leverage to execute phishing scams. Suspicious emails—particularly those with urgent language, unknown senders, or blank subject lines—should be deleted without clicking links or downloading attachments. This incident serves as a reminder of the potential risks posed by data breaches and the importance of proactive protection measures. While Set Forth has taken steps to assist affected individuals, the breach underscores the need for businesses to strengthen their cybersecurity defenses. For now, impacted customers should take advantage of the identity theft protection services being offered and remain alert to potential signs of fraud.
Read more »
Rhadamanthys malware
AI CAPTCHA cryptocurrency wallet Financial Data malware Rhadamanthys malware

AI-Powered Malware Targets Crypto Wallets with Image Scans

 



A new variant of the Rhadamanthys information stealer malware has been identified, which now poses a further threat to cryptocurrency users by adding AI to seed phrase recognition. The bad guys behind the malware were not enough in themselves, but when added into this malware came another functionality that includes optical character recognition or OCR scans for images and seed phrase recognition-the total key information needed to access cryptocurrency wallets.

According to Recorded Future's Insikt Group, Rhadamanthys malware now can scan for seed phrase images stored inside of infected devices in order to extract this information and yet further exploitation.

So, basically this means their wallets may now get hacked through this malware because their seed phrases are stored as images and not as text.


Evolution of Rhadamanthys

First discovered in 2022, Rhadamanthys has proven to be one of the most dangerous information-stealing malware available today that works under the MaaS model. It is a type of service allowing cyber criminals to rent their malware to other cyber criminals for a subscription fee of around $250 per month. The malware lets the attackers steal really sensitive information, including system details, credentials, browser passwords, and cryptocurrency wallet data.

The malware author, known as "kingcrete," continues to publish new versions through Telegram and Jabber despite the ban on underground forums like Exploit and XSS, in which mainly users from Russia and the former Soviet Union were targeted.

The last one, Rhadamanthys 0.7.0, which was published in June 2024, is a big improvement from the structural point of view. The malware is now equipped with AI-powered recognition of cryptocurrency wallet seed phrases by image. This has made the malware look like a very effective tool in the hands of hackers. Client and server-side frameworks were fully rewritten, making them fast and stable. Additionally, the malware now has the strength of 30 wallet-cracking algorithms and enhanced capabilities of extracting information from PDF and saved phrases.

Rhadamanthys also has a plugin system allowing it to further enhance its operations through keylogging ability, cryptocurrency clipping ability- wallet address alteration, and reverse proxy setups. The foregoing tools make it flexible for hackers to snoop for secrets in a stealthy manner.


Higher Risks for Crypto Users in Term of Security

Rhadamanthys is a crucial threat for anyone involved with cryptocurrencies, as the attackers are targeting wallet information stored in browsers, PDFs, and images. The worrying attack with AI at extracting seed phrases from images indicates attackers are always inventing ways to conquer security measures.

This evolution demands better security practices at the individual and organization level, particularly with regards to cryptocurrencies. Even for simple practices, like never storing sensitive data within an image or some other file without proper security, would have prevented this malware from happening.


Broader Implications and Related Threats

Rhdimanthys' evolving development is part of a larger evolutionary progress in malware evolution. Some other related kinds of stealer malware, such as Lumma and WhiteSnake, have also released updates recently that would further provide additional functionalities in extracting sensitive information. For instance, the Lumma stealer bypasses new security features implemented in newly designed browsers, whereas WhiteSnake stealer has been updated to obtain credit card information stored within web browsers.

These persistent updates on stealer malware are a reflection of the fact that cyber threats are becoming more mature. Also, other attacks, such as the ClickFix campaign, are deceiving users into running malicious code masqueraded as CAPTCHA verification systems.

With cybercrime operatives becoming more sophisticated and their tools being perfected day by day, there has never been such a challenge for online security. The user needs to be on the alert while getting to know what threats have risen in cyberspace to prevent misuse of personal and financial data.


Read more »
Mastercard
AI cybersecurity Credit Card Fraud Credit Card hack Cyber Attacks Financial Data Financial Scam Financial Security Mastercard

Preventing Credit Card Fraud in 2024: Tips to Avoid Declined Transactions and Fraud Alerts

 

Credit card fraud is a growing issue, with over 60% of cardholders experiencing attempted fraud in 2023. The use of AI by cybercriminals has dramatically increased, allowing them to open hundreds of accounts daily. Global losses from card fraud reached $33 billion in 2022, with the U.S. accounting for 40% of these losses. 

Although AI is part of the problem, it is also crucial to the solution. Companies like Visa and Mastercard are using AI to enhance their fraud detection systems, reducing false alerts while improving accuracy. Beyond traditional credit card fraud, criminals are now focusing on stealing other types of personal data, such as social security numbers, to commit more sophisticated financial crimes. This shift highlights the importance of comprehensive fraud prevention systems that account for more than just card theft. 

The decrease in false credit card purchases, down 5.4% from 2023, reflects improvements in fraud detection, with Mastercard noting a 20% increase in fraud detection accuracy thanks to AI technology. To minimize the risk of fraud, consumers should adopt strong security measures such as two-factor authentication, biometric passcodes, and password managers. Shopping on reputable sites and using secure payment methods like tap-to-pay can also help reduce exposure to fraudulent activity. Monitoring services and setting personalized fraud alert thresholds can ensure that consumers are notified only when necessary, cutting down on false alerts. 

One key trigger for fraud alerts is changes in shopping behavior, such as buying high-ticket items or frequent purchases from new vendors. These patterns raise red flags, prompting card companies to issue alerts or block transactions. To avoid these issues, consumers can notify their card companies of upcoming travel or large purchases in advance, helping to reduce false fraud alerts. Despite the inconvenience of fraud alerts, they are essential in preventing unauthorized transactions. Consumers are encouraged not to ignore these alerts, even if they seem excessive. 

Experts like Satish Lalchand emphasize the importance of vigilance, as fraud is expected to remain a significant threat. Properly understanding fraud alerts and securing personal data is crucial in staying one step ahead of cybercriminals. To further protect against fraud, individuals should avoid using public Wi-Fi for online transactions and consider freezing their credit to limit unauthorized access. Regularly monitoring credit reports and financial accounts for unusual activity is also essential. Using secure mobile payment methods like tap-to-pay or mobile wallet apps adds an extra layer of protection. 

Financial institutions are continuing to enhance their fraud detection systems, and consumers must take proactive steps to stay vigilant. This combination of personal responsibility and advanced security measures can significantly reduce the chances of falling victim to fraud.
Read more »
Vulnerability management
Cyber Security Ethical Hacker Financial Data Threat Landscape Vulnerability management

The Vital Role of Ethical Hacking in Cyber Security

 

The possibility of cyber attacks is a major issue, with the global average cost of a data breach expected to reach $4.45 million in 2023, a 15% increase over the previous three years, according to an IBM analysis. This stark figure highlights the growing financial and reputational threats companies face, emphasising the importance of ethical hacking in an increasingly interconnected world. 

Ethical hackers are the first line of defence, utilising their knowledge to replicate cyber attacks under controlled conditions. These individuals play an important role in averting potentially disastrous data breaches, financial loss, and reputational harm caused by cyber attacks by proactively fixing security vulnerabilities before they are exploited. 

This article explores the importance of ethical hacking, the tactics used by ethical hackers, and how to pursue a career in this vital sector of cyber security. 

What is ethical hacking? 

Ethical hacking, commonly referred to as penetration testing or white-hat hacking, is a technique for testing computer systems, networks, or online applications for security flaws. Unlike criminal hackers, who attempt to make money from vulnerabilities, ethical hackers utilise their expertise to uncover and patch them before they are exploited. 

They utilise their expertise with authorization, hoping to improve security posture before a real hacker exploits vulnerabilities. This preemptive strike against possible breaches is an important part of modern cyber security tactics and a technique of protecting against the most dangerous cyber security threats. Ethical hacking adheres to a fixed code of ethics and legal restrictions. 

Ethical hackers must have clear permission to explore systems and ensure that their actions do not stray into illegal territory. Respect for privacy, data integrity, and the lawful exploitation of uncovered vulnerabilities is critical. 

Methodologies of Ethical Hacking 

Ethical hackers employ a variety of methodologies to assess the security of information systems. These include: 

Risk assessment: Scanning systems and networks to identify known vulnerabilities. 

Penetration testing: Simulating cyber attacks to evaluate the effectiveness of security measures. 

Social engineering: Testing the human element of security through phishing simulations and other tactics. 

Security auditing: Examining the adherence of systems and policies to security standards and best practices. 

Process of ethical hacking

Step 1: Reconnaissance - The ethical hacker collects as much information about the target system or network as possible utilising techniques such as WHOIS databases, search engines, and social media to obtain publically available information. 
 
Step 2: Scanning – They look for live hosts, open ports, services running on those hosts, and vulnerabilities connected with them. Nmap may be used to scan ports, while Nessus or OpenVAS can be used to check for vulnerabilities that can be exploited. 

Step 3: Gaining Access – They use the identified vulnerabilities to gain unauthorised access to the system or network. Metasploit is commonly used to exploit vulnerabilities. Other tools include SQL injection tools for database attacks, as well as password cracking programmes such as John the Ripper or Hydra. 

Step 4: Maintaining Access – Ensure continued access to the target for further exploration and analysis without being detected. Tools like backdoors and trojans are used to maintain access, while ensuring to operate stealthily to avoid detection by security systems.

Step 5: Covering Tracks – Delete evidence of the hacking process to avoid detection by system administrators or security software. Log tampering and the use of tools to clear or modify entries in system logs. Tools such as CCleaner can also be used to erase footprints.
Read more »
Technology
AI technology Financial Data Microsoft Microsoft Copilot Technology

Microsoft Copilot for Finance: Transforming Financial Workflows with AI Precision

 

In a groundbreaking move, Microsoft has unveiled the public preview for Microsoft Copilot for Finance, a specialized AI assistant catering to the unique needs of finance professionals. This revolutionary AI-powered tool not only automates tedious data tasks but also assists finance teams in navigating the ever-expanding pool of financial data efficiently. 

Microsoft’s Corporate Vice President of Business Applications Marketing, highlighted the significance of Copilot for Finance, emphasizing that despite the popularity of Enterprise Resource Planning (ERP) systems, Excel remains the go-to platform for many finance professionals. Copilot for Finance is strategically designed to leverage the Excel calculation engine and ERP data, streamlining tasks and enhancing efficiency for finance teams. 

Building upon the foundation laid by Microsoft's Copilot technology released last year, Copilot for Finance takes a leap forward by integrating seamlessly with Microsoft 365 apps like Excel and Outlook. This powerful AI assistant focuses on three critical finance scenarios: audits, collections, and variance analysis. Charles Lamanna, Microsoft’s Corporate Vice President of Business Applications & Platforms, explained that Copilot for Finance represents a paradigm shift in the development of AI assistants. 

Unlike its predecessor, Copilot for Finance is finely tuned to understand the nuances of finance roles, offering targeted recommendations within the Excel environment. The specialization of Copilot for Finance sets it apart from the general Copilot assistant, as it caters specifically to the needs of finance professionals. This focused approach allows the AI assistant to pull data from financial systems, analyze variances, automate collections workflows, and assist with audits—all without requiring users to leave the Excel application. 

Microsoft's strategic move towards role-based AI reflects a broader initiative to gain a competitive edge over rivals. Copilot for Finance has the potential to accelerate impact and reduce financial operation costs for finance professionals across organizations of all sizes. By enabling interoperability between Microsoft 365 and existing data sources, Microsoft aims to provide customers with seamless access to business data in their everyday applications. 

Despite promising significant efficiency gains, the introduction of AI-driven systems like Copilot for Finance raises valid concerns around data privacy, security, and compliance. Microsoft assures users that they have implemented measures to address these concerns, such as leveraging data access permissions and avoiding direct training of models on customer data. 

As Copilot for Finance moves into general availability later this year, Microsoft faces the challenge of maintaining data governance measures while expanding the AI assistant's capabilities. The summer launch target for general availability, as suggested by members of the Copilot for Finance launch team, underscores the urgency and anticipation surrounding this transformative AI tool. 

With over 100,000 organizations already benefiting from Copilot, the rapid adoption of Copilot for Finance could usher in a new era of AI in the enterprise. Microsoft's commitment to refining data governance and addressing user feedback will be pivotal in ensuring the success and competitiveness of Copilot for Finance in the dynamic landscape of AI-powered financial assistance.
Read more »
User Privacy
Cyber Fraud Financial Data KYC Scam RBI Threat Landscape User Privacy

RBI Issues Warning Against Scam Via KYC trick

 

On February 2, 2024, the Reserve Bank of India (RBI) reiterated its prior warning to the public, offering further suggestions in response to a rising tide of scams involving Know Your Customer (KYC) updates. RBI amplified the cautionary tips issued earlier to the public on September 13, 2021, citing continuing incidents/reports of consumers falling victim to scams being perpetrated in the name of KYC updation. 

Modus operandi 

Customers typically receive unsolicited calls, texts, or emails requesting personal information, account or login credentials, or the installation of unapproved apps via links in the message. 

Frequently, the messages intentionally instil a false feeling of urgency by threatening to freeze or close the customer's account if they don't cooperate. Customers provide fraudsters unauthorised access to their accounts and enable them to commit fraudulent operations when they divulge critical private details or login credentials. 

Quick reporting 

The Reserve Bank of India (RBI) advised victims of financial cyber fraud to report the incident right away on the National Cyber Crime Reporting Portal (www.cybercrime.gov.in) or by calling the cybercrime hotline in 1930. 

Preventive measures 

To prevent people from becoming victims of KYC fraud, the RBI published a list of dos and don'ts. Critical data such as card details, PINs, passwords, OTPs, and account login credentials should never be shared with third parties, the RBI cautions the public. 

Individuals are also advised not to click on dubious or unverified links they receive via email or mobile devices, nor share KYC documents with unrecognised or unknown parties. "Do not share any sensitive information through unverified/unauthorised websites or applications," the central bank advised.

For confirmation and help, get in touch with the bank or financial institution immediately when you get a request for KYC updates. Get phone numbers for customer service or contact information exclusively from the official website or other sources. Report any incidents of cyber fraud to the bank right away. Ask the bank about the possible ways to update your KYC information.
Read more »
TransUnion
Data Breach Financial Data hack N4ughtySecTU Group Personal Data Ransomware Groups SABRIC South Africa data breach TransUnion

Hackers Threaten to Leak South Africa’s Private Financial Data, Demand R1.1 Billion Ransom


In a recent cyber threat, hackers have threatened to release all of South Africa’s private financial data unless TransUnion and Experian, the two biggest consumer credit reporting companies in the country, agree to pay ransom of R1.1 billion.  

The companies – TransUnion and Experian – were the ones that were hit by the cybercrime attack. 

According to Times Live, the hackers, the Brazil-based N4ughtySecTU Group, who had previously breached TransUnion's security and firewalls, claimed to have successfully evaded the safeguards of the company once again, following which they stole the data.  

Apparently, the hackers have demanded $30m [about R565m] from TransUnion and $30m from Experian.

The hackers, in a message sent to the managers and directors of the impacted companies, stated: “Ensure your response teams contact us on Session [a private communication platform] for payment instructions.”

While acknowledging the demands, TransUnion and Experian refuted the group's allegations of an ongoing hack on their systems.

“Following recent media coverage, TransUnion South Africa confirms it is aware of a financial demand from a threat actor asserting they have accessed TransUnion South Africa’s data. We have found no evidence that our systems have been inappropriately accessed or that any data has been exfiltrated,” TransUnion said.

“We’ve likewise seen no change to our operations and systems in South Africa related in any way to this claim. We are continuing to monitor closely. We treat matters regarding our information security seriously, and data security remains our top priority,” they continued. 

Not the First Attempt to Hack

Previously, in March 2022, N4ughtysecTU claimed responsibility for targeting TransUnion in their ransomware campaign. 

TransUnion South Africa later confirmed the hack, confirming that at least 3 million individuals were affected.  

Apparently, the threat actors gained access to the personal data of over 54 million people, which included information about their dates of birth, ID numbers, gender, marital status, and other sensitive facts. 

Experian also suffered a data breach in August 2020, reported by the South African Banking Risk Centre (SABRIC). The data breach compromised the personal information of around 24 million individuals and several business entities to a fraudster. 

Karabo Phungula, an Experian data fraudster, was given a 15-year prison sentence in March by the Specialized Commercial Crimes Court for obtaining the dataset under false pretence.   

Read more »
Ransomware attack
Australian Government Critical Data Cyber Security Financial Data Malicious actor Payment Ransomware attack

Australia's Cyber Strategy: No Ransomware Payment Ban

Australia has recently unveiled its new Cyber Security Strategy for 2023-2030, and amidst the comprehensive plan, one notable aspect stands out – the absence of a ban on ransomware payments. In a world grappling with increasing cyber threats, this decision has sparked discussions about the efficacy of such a strategy and its potential implications.

The strategy, detailed by the Australian government, outlines a sweeping resilience plan aimed at bolstering the nation's defenses against cyber threats. However, the decision not to ban ransomware payments raises eyebrows and prompts a closer examination of the government's rationale.

According to reports, the Australian government aims to adopt a pragmatic approach to ransomware, acknowledging the complex nature of these attacks. Instead of an outright ban, the strategy focuses on improving cybersecurity, enhancing incident response capabilities, and fostering collaboration between government agencies, businesses, and the wider community.

Critics argue that allowing ransom payments may incentivize cybercriminals, fueling a vicious cycle of attacks. The concern is that paying ransoms may encourage hackers to continue their activities, targeting organizations with the expectation of financial gain. In contrast, proponents of the strategy contend that banning payments may leave victims with limited options, especially in cases where critical data is at stake.

Australia's decision aligns with a growing trend in some parts of the world where governments are grappling with finding a balance between protecting national security and providing victims with avenues for recovery. The approach reflects an understanding that rigid and one-size-fits-all policies may not be effective in the ever-evolving landscape of cyber threats.

The new Cyber Security Strategy also emphasizes the importance of international cooperation to combat cyber threats. Australia aims to actively engage with international partners to share threat intelligence, collaborate on investigations, and collectively strengthen global cybersecurity.

Australia's experiment with a more nuanced approach to ransomware payments is being watched by the whole world, and the results will probably have an impact on how other countries formulate their cybersecurity laws. The continuous fight against cyber dangers will depend on finding the ideal balance between deterring illegal activity and helping victims.

In contrast to other nations that have taken more restrictive measures, Australia has decided not to outlaw ransomware payments in its new Cyber Security Strategy. In light of the always-changing cybersecurity landscapes, it underscores the significance of a comprehensive, cooperative, and flexible approach and demonstrates a practical recognition of the difficulties presented by cyber attacks. The future course of international cybersecurity regulations will surely be influenced by this strategy's success.

Read more »
Wall Street Market
China Data Breach Financial Data Financial Sector ICBC cyberattack Ransomware Attacks. servers Threat actor Wall Street Market

Ransomware Shakes ICBC: Global Financial Markets on High Alert

In a startling turn of events, Wall Street was rocked by a devastating ransomware attack that affected China's Industrial and Commercial Bank of China (ICBC), the country's biggest lender. The attack disrupted trade and brought attention to the growing threat of cybercrime in the financial sector.

The attack, which targeted ICBC, was not only a significant blow to the bank but also had far-reaching implications on the global financial landscape. Wall Street, closely intertwined with international markets, experienced a temporary halt in trade as the news of the cyber assault reverberated across financial news outlets.

The ransomware attack on ICBC serves as a stark reminder of the vulnerability of even the most robust financial institutions to sophisticated cyber threats. The attackers, exploiting weaknesses in ICBC's cybersecurity infrastructure, managed to compromise critical systems, causing widespread disruptions and raising concerns about the broader implications for the global financial ecosystem.

As information about the attack unfolded, reports indicated that ICBC struggled to contain the breach promptly. The incident prompted regulatory bodies and financial institutions worldwide to reevaluate their cybersecurity measures, recognizing the urgent need for robust defenses against evolving cyber threats.

The consequences of such attacks extend beyond financial disruptions. They underscore the importance of collaborative efforts among nations and private enterprises to strengthen global cybersecurity frameworks. The interconnected nature of the modern financial system demands a united front against cyber threats, with a focus on information sharing, technological innovation, and proactive defense strategies.

In the aftermath of the ICBC attack, financial markets witnessed increased scrutiny from regulators, urging institutions to fortify their cybersecurity postures. This incident serves as a wake-up call for the industry, emphasizing the need for continuous investment in cybersecurity measures, employee training, and the adoption of cutting-edge technologies to stay ahead of evolving threats.

The broader implications of the ICBC ransomware attack are not limited to the financial sector alone. They underscore the need for a collective and proactive approach to cybersecurity across industries, as cyber threats continue to grow in scale and sophistication. As nations and businesses grapple with the aftermath of this attack, it becomes increasingly evident that cybersecurity is a shared responsibility that transcends borders and industries.

Read more »
Skimmer
ATM Bank Credentials Card Skimming Credit Card Cyber Security Financial Data Financial Security Phishing Attacks Skimmer

Taking Measures to Prevent Card Skimming and Shimming

Protecting your financial information is crucial in the digital era we live in today. Credit card skimming and shimming have grown to be serious risks to customers all around the world with the emergence of sophisticated cybercrime techniques. Maintaining your financial stability depends on your ability to recognize and resist these approaches.

Credit card skimmers, according to PCMag, are deceptive gadgets installed on legal card readers, such as ATMs or petrol pumps, with the purpose of capturing and storing your card information. Cybercriminals have adapted by utilizing shimmers, which are extremely thin devices inserted into the card reader slot, according to KrebsOnSecurity, which cautions that even with the switch to chip-based cards, they have done so. These shimmers allow them to intercept the data from the chip.

The Royal Canadian Mounted Police (RCMP) provides valuable insights into how criminals install skimmers. They often work quickly and discreetly, making it hard for victims to notice. They may place a fake card reader on top of the legitimate one or install a small camera nearby to capture PIN numbers.

To protect yourself, it's important to be vigilant. MakeUseOf suggests a few key steps:

  • Inspect the Card Reader: Before using an ATM or a card reader at a gas pump, take a moment to examine the card slot. Look for any unusual devices or loose parts.
  • Cover Your PIN: Use your hand or body to shield the keypad as you enter your PIN. This simple step can prevent criminals from capturing this crucial piece of information.
  • Monitor Your Accounts: Regularly review your bank and credit card statements for any unauthorized transactions. Report any suspicious activity to your bank immediately.
  • Choose ATMs Wisely: Whenever possible, use ATMs located in well-lit, high-traffic areas. Avoid standalone ATMs in secluded or poorly monitored locations.
  • Stay Informed: Keep up-to-date with the latest scams and techniques used by cybercriminals. Knowledge is your best defense.
Remaining vigilant and well-informed is your primary defense against credit card skimmers and shimmers. By adopting these practices and staying aware of your surroundings, you can significantly reduce the risk of falling victim to these insidious forms of cybercrime. Remember, your financial security is well worth the extra effort.


Read more »
Subscribe to: Posts (Atom)