Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label financial services. Show all posts
Scania
Cyberhackers Cybersecurity CyberThreat Data Breach financial services hensi Industries Malware Threat Moder vehicles Privacy Threat Scania

Scania Targeted in Extortion Attempt Following Data Breach

 


An alarm is triggered in both the automotive and financial industries when Scania Financial Services, based in Sweden, confirms that a cybersecurity incident has compromised sensitive company data, which has raised concerns in the industry. 

The breach was reportedly caused by unauthorised access to the subdomain insurance.scania.com between mid-June 2025 and mid-July 2025. This intrusion has been claimed to have been perpetrated by a threat actor known as "hensi", and the stolen information is allegedly being sold on underground cybercrime forums by a threat actor using the alias "hensi." 

The exposure of confidential insurance-related information is raising concerns about the possibility of misuse of customer data and corporate records. Founded in 1937, Scania is one of the world's leading automotive manufacturers with expertise in the manufacturing of heavy-duty trucks, buses, and industrial as well as marine engines. 

The company operates as one of the key subsidiaries of the Volkswagen Group. Scania, a major player in the European market for commercial vehicles, is one of the most vulnerable organisations in the world when it comes to cyber extortion schemes, which are becoming increasingly sophisticated. While the full extent of the breach is still being investigated, industry experts see this incident as yet another reminder that the threat landscape facing the financial services arm of a multinational corporation is escalating. 

It is well known for the high quality of its engineering and the fuel efficiency of its fuel-efficient, long-lasting engines, which have earned Scania a leading position in the commercial vehicle industry around the world. This company is a global leader in the manufacturing and delivery of vehicles across many international markets. 

It employs more than 59,000 people and generates more than $20.5 billion annually. According to reports, the breach occurred on May 28, 2025, when cybercriminals exploited login credentials that had been harvested through information-stealing malware to gain unauthorised access to Scania's systems. As part of the ongoing cybersecurity crisis, threat intelligence platform Hackmanac found a post from the cybercriminal Hensi made on a well-known hacking forum. 

Additional developments emerged as a result of the ongoing cybersecurity incident. This actor claimed that he had stolen sensitive information from the compromised subdomain insurance.scania.com and then offered the information for sale to a single exclusive buyer in exchange for payment. Even though this discovery added credibility to the extortion attempt, it highlighted the severity of the breach, as well as reinforcing growing concerns surrounding data security within the automotive-financial industry. 

A critical question that arises from the breach is whether third parties are exposed to risk and whether cyber extortion tactics are becoming increasingly sophisticated. Scania is continuing to investigate the breach, and this raises significant concerns. As the hacker team escalated the attack, they began to contact Scania employees directly via a ProtonMail account, threatening to publicly release the compromised information unless they met certain demands. 

In response to this switch from silent intrusion to overt blackmail, the company responded with greater urgency. Although the number of people affected has not been announced officially, the nature of the exposed information suggests that it could include highly sensitive information relating to insurance claims accessed through the compromised platform, such as personal, financial, and perhaps medical information. 

It was in response to this situation that Scania immediately deactivated the affected application and conducted a comprehensive internal investigation, which was undertaken jointly with cybersecurity specialists. As a result, Scania was also required to inform the appropriate authorities regarding data protection violations, based on legal and regulatory requirements. 

A number of vendors have been put under intense scrutiny for the way they manage vendor risk, and this incident has highlighted the increasing reliance on third-party platforms that might not always adhere to adequate security standards. This breach is believed to have occurred in the middle of May 2025, when a threat actor used compromised credentials obtained from a legitimate external user to gain unauthorised access to one of the Scania systems used to drive insurance-related operations for a company in the Czech Republic. 

According to initial analysis, the credentials were harvested using password-stealing malware, which has become an increasingly popular method for cybercriminals to infiltrate corporate networks in order to steal data and manipulate the systems. After getting inside the account, the attacker used the compromised account to download documents pertaining to insurance claims. 

The documents likely contain personal information (PII) as well as potentially sensitive financial or medical information, resulting in a breach of privacy. Though Scania has not yet disclosed the exact number of individuals affected, the nature of the compromised documents indicates that a significant privacy impact could arise for those individuals. Following the initial breach, the incident escalated into a clear case of cyber extortion. 

A few days ago, the attackers started reaching out directly to Scania employees, using a ProtonMail (proton.me) address, and threatened them with disclosure. The attackers were also trying to amplify pressure on the company by sending a second threatening email from a hijacked third-party email account, indicating the intent of the attacker to employ every possible method for coercing compliance from the company. 

After the stolen data was published by a user operating under the alias "Hensi" on dark web forums, which backed up earlier claims and confirmed the breach's authenticity, it was more credible than ever. Consequently, Scania promptly removed the affected application from the network and initiated a thorough forensic investigation in response to the incident. 

By compliance requirements, the company stated that the breach appeared to have a limited impact on the company's business and that appropriate regulatory bodies, including the data protection authority, had been duly informed of these requirements. As a result of this incident, it becomes increasingly clear that enterprise environments should develop better credential hygiene, strengthen third-party oversight, and implement proactive incident response strategies. 

Considering the severity of the Scania cyber incident, the incident serves as a warning for enterprise ecosystems that are increasingly facing cyber threats, especially those that rely heavily on third-party infrastructures. In this context, companies must adopt a zero-trust security architecture, continuously monitor their users' behaviour, and invest in advanced threat detection tools that will allow them to detect credential misuse at the earliest opportunity. 

The organisation must also reevaluate vendor relationships with a strong focus on supply chain security, as well as ensure external service providers follow the same rigorous standards as internal service providers. Moreover, integrating employee awareness training with incident response simulations as a foundational pillar of a resilient cybersecurity posture should not be an optional element, but instead should be included as an integral part of a comprehensive cybersecurity strategy. 

A proactive company will be able to distinguish itself from those reacting too late as cyber extortion tactics become increasingly targeted and disruptive as they become increasingly targeted and disruptive. Investing in a security culture that values data protection as a shared and continuous responsibility across every level of the organisation is one of the key factors in ensuring the success of global corporations like Scania. This is the key to regaining confidence in data protection.
Read more »
Quantum computing security
AI technology AI tools Cyber Security financial services Generative AI Machine learning PQC Quantum computing Quantum computing security

Quantum Computing Could Deliver Business Value by 2028 with 100 Logical Qubits

 

Quantum computing may soon move from theory to commercial reality, as experts predict that machines with 100 logical qubits could start delivering tangible business value by 2028—particularly in areas like material science. Speaking at the Commercialising Quantum Computing conference in London, industry leaders suggested that such systems could outperform even high-performance computing in solving complex problems. 

Mark Jackson, senior quantum evangelist at Quantinuum, highlighted that quantum computing shows great promise in generative AI applications, especially machine learning. Unlike traditional systems that aim for precise answers, quantum computers excel at identifying patterns in large datasets—making them highly effective for cybersecurity and fraud detection. “Quantum computers can detect patterns that would be missed by other conventional computing methods,” Jackson said.  

Financial services firms are also beginning to realize the potential of quantum computing. Phil Intallura, global head of quantum technologies at HSBC, said quantum technologies can help create more optimized financial models. “If you can show a solution using quantum technology that outperforms supercomputers, decision-makers are more likely to invest,” he noted. HSBC is already exploring quantum random number generation for use in simulations and risk modeling. 

In a recent collaborative study published in Nature, researchers from JPMorgan Chase, Quantinuum, Argonne and Oak Ridge national labs, and the University of Texas showcased Random Circuit Sampling (RCS) as a certified-randomness-expansion method, a task only achievable on a quantum computer. This work underscores how randomness from quantum systems can enhance classical financial simulations. Quantum cryptography also featured prominently at the conference. Regulatory pressure is mounting on banks to replace RSA-2048 encryption with quantum-safe standards by 2035, following recommendations from the U.S. National Institute of Standards and Technology. 

Santander’s Mark Carney emphasized the need for both software and hardware support to enable fast and secure post-quantum cryptography (PQC) in customer-facing applications. Gerard Mullery, interim CEO at Oxford Quantum Circuits, stressed the importance of integrating quantum computing into traditional enterprise workflows. As AI increasingly automates business processes, quantum platforms will need to support seamless orchestration within these ecosystems. 

While only a few companies have quantum machines with logical qubits today, the pace of development suggests that quantum computing could be transformative within the next few years. With increasing investment and maturing use cases, businesses are being urged to prepare for a hybrid future where classical and quantum systems work together to solve previously intractable problems.
Read more »
PayPal
2FA Data Breach financial services Passwords PayPal

PayPal Fined $2 Million for Data Breach: A Wake-Up Call for Cybersecurity

 


PayPal has been fined $2 million by the New York State Department of Financial Services (DFS) for failing to protect customer data, resulting in a significant security breach. The incident, which occurred in December 2022, exposed sensitive information, including social security numbers, names, and email addresses of thousands of users. This breach has raised serious concerns about PayPal’s cybersecurity practices and its ability to safeguard customer data.

How Did the Breach Happen?

The breach occurred during an update to PayPal’s system to grant access to IRS Form 1099-Ks, which is used to report income. The employees responsible for implementing these changes lacked proper cybersecurity training, leaving the system vulnerable to exploitation. Cybercriminals used a technique called credential stuffing, where stolen login credentials from previous breaches are tested on other platforms. Since many users reuse passwords across multiple sites, this method often succeeds.

Due to these security flaws, hackers gained access to sensitive customer data, putting affected users at risk of identity theft, financial fraud, and phishing scams. The breach highlights the critical importance of robust cybersecurity measures and well-trained personnel.

Following an investigation, DFS concluded that PayPal lacked qualified cybersecurity personnel and failed to provide adequate training to its workforce. These shortcomings directly contributed to the breach. Adrienne A. Harris, Superintendent of DFS, emphasized the need for companies handling financial data to prioritize cybersecurity.

"Qualified cybersecurity personnel are the first line of defense against potential data breaches. Companies must invest in proper training and effective security policies to protect sensitive data and mitigate risks," Harris stated.

Data breaches like this one can have severe consequences for users. When personal information such as social security numbers and email addresses is leaked, cybercriminals can exploit it for identity theft, financial fraud, or phishing attacks.

Expert Recommendations for Users

To protect themselves from similar breaches, cybersecurity experts recommend the following steps:

  1. Enable Two-Factor Authentication (2FA): Adding an extra layer of security can significantly reduce the risk of unauthorized access.
  2. Use Unique Passwords: Avoid reusing passwords across multiple accounts to prevent credential stuffing attacks.
  3. Monitor Financial Activity: Regularly check bank statements and credit reports for any suspicious transactions.

The Bigger Picture: Cybersecurity in Financial Institutions

This incident underscores a growing problem in the financial sector: inadequate cybersecurity measures. Despite being a global payment giant, PayPal’s failure to implement reasonable security measures left its users vulnerable to cyberattacks. Financial institutions must prioritize cybersecurity by investing in advanced technologies, hiring skilled professionals, and providing comprehensive employee training.

DFS has been taking strict action against companies that fail to meet cybersecurity standards. This case serves as a reminder that regulatory bodies are increasingly holding organizations accountable for lapses in data protection.

While PayPal has yet to issue an official response to the fine, the company is expected to strengthen its security policies and enhance its cyber defenses to avoid future penalties. This incident should serve as a wake-up call for all companies handling sensitive customer information. In an era of escalating cyber threats, cybersecurity cannot be an afterthought—it must be a top priority.

The PayPal data breach highlights the critical need for robust cybersecurity measures in the financial sector. Companies must invest in skilled personnel, advanced technologies, and employee training to protect customer data effectively. For users, adopting best practices like enabling 2FA and using unique passwords can help mitigate risks. As cyber threats continue to evolve, both organizations and individuals must remain vigilant to safeguard sensitive information.

Read more »
Willow
Bitcoin Ethereum financial services Quantum computing Technology Willow

Bitcoin Hits $100,000 for the First Time Amid Market Volatility

 


The cryptocurrency market reached a historic milestone this week as Bitcoin closed above $100,000 for the first time in history. This marks a defining moment, reflecting both market optimism and growing investor confidence. Despite reaching a peak of $104,000, Bitcoin experienced significant price volatility, dropping as low as $92,000 before stabilizing at $101,200 by the end of the week. These sharp fluctuations resulted in a massive liquidation of $1.8 billion, primarily from traders holding long positions.

BlackRock's Record-Breaking Bitcoin ETF Purchase

In a major development, BlackRock's IBIT ETF purchased $398.6 million worth of Bitcoin on December 9. This acquisition propelled the fund's total assets under management to over $50 billion, setting a record as the fastest-growing ETF to reach this milestone in just 230 days. BlackRock's aggressive investment underscores the increasing institutional adoption of Bitcoin, solidifying its position as a mainstream financial asset.

Ripple made headlines this week with the approval of its RLUSD stablecoin by the New York Department of Financial Services. Designed for institutional use, the stablecoin will initially be launched on both Ripple's XRPL network and Ethereum. Analysts suggest this development could bolster Ripple's market standing, especially as rumors circulate about potential future partnerships, including discussions with Cardano's founder.

El Salvador created a buzz after announcing the discovery of $3 trillion worth of unmined gold. This announcement comes as the country negotiates with the International Monetary Fund (IMF) regarding its Bitcoin law. Reports indicate that El Salvador may make Bitcoin usage optional for merchants as part of an agreement to secure financial aid. This discovery adds an intriguing dimension to the nation’s economic strategy as it continues to embrace cryptocurrency alongside traditional resources.

Google’s Quantum Computing Progress and Bitcoin Security

Google showcased advancements in its quantum computing technology with its Willow chip, a quantum processor capable of solving problems exponentially faster than traditional supercomputers. While concerns have been raised about the potential impact on Bitcoin's security, experts confirm there is no immediate threat. Bitcoin's encryption, based on CDSA-256 and SHA-256, remains robust. With Willow currently at 105 qubits, it would take quantum technology reaching millions of qubits to penetrate Bitcoin's encryption methods effectively.

Market Outlook

Bitcoin's surge past $100,000 is undoubtedly a significant achievement, but analysts predict a short-term consolidation phase. Experts anticipate sideways price action as traders and investors take profits before year-end. Meanwhile, Ethereum experienced a 10% decline this week, reflecting broader market adjustments amid declining trading volumes.

The crypto space continues to evolve rapidly, with milestones and challenges shaping the future of digital assets. While optimism surrounds Bitcoin’s rise, vigilance remains essential as market dynamics unfold.

Read more »
phishing
2FA bypass Account security Accounts Argentina Cyber Security Cybersecurity Digital Payment financial services fraud prevention Hacked online money transfer Payoneer phishing

Accounts on Payoneer in Argentina Compromised in 2FA Bypass Incidents

 

A significant number of Payoneer users in Argentina have reported unauthorized access to their 2FA-protected accounts, resulting in the theft of funds while they were asleep. Payoneer, a financial services platform facilitating online money transfer and digital payments, is particularly popular in Argentina for its ability to enable earnings in foreign currencies without adhering to local banking regulations.

Starting last weekend, users with 2FA-protected accounts experienced sudden loss of access or discovered empty wallets upon login, with losses ranging from $5,000 to $60,000. Prior to the incidents, victims received SMS messages requesting approval for a password reset on Payoneer, which they did not authorize. Some users claim they did not click on the provided URLs, and a few only noticed the SMS after the funds were stolen.

The stolen funds were reportedly sent to unfamiliar email addresses using the 163.com domain. Investigations reveal that many affected users were customers of mobile service providers Movistar and Tuenti, with the majority using Movistar. Suspicions arose regarding a recent Movistar data leak, but the leaked data did not include user email addresses necessary for Payoneer password resets.

One theory suggests a breach in the SMS provider delivering OTP codes, granting threat actors access to codes sent by Payoneer. However, an official statement from Movistar denies responsibility for messages sent through its network and mentions blocking the numbers used in the smishing campaign.

Payoneer, while acknowledging the issue, has not provided specific details about the attack, attributing it to phishing and cooperating with authorities. Tech reporter Juan Brodersen received a statement from Payoneer blaming users, alleging they clicked on phishing links in SMS texts and entered login details on fraudulent pages. Affected users refute this, accusing Payoneer of deflecting responsibility and not addressing potential platform errors or vulnerabilities.

Despite Payoneer's SMS-based 2FA and password recovery process, which relies solely on SMS codes, users argue that the platform should not have had access to later OTP codes required for transactions if the attack was purely phishing-based.

The exact mechanism of the attack remains unclear, with various hypotheses under consideration. Payoneer users in Argentina are advised to withdraw funds or disable SMS-based 2FA and reset passwords until the situation is clarified.

In an update on January 20, a Payoneer spokesperson acknowledged instances of fraud where customers were lured into clicking on phishing links, leading to compromised account credentials or mobile phones. The company asserted swift action to contain fraud attempts and emphasized collaboration with regulators, mobile carriers, and law enforcement agencies. While restitution details vary, Payoneer is actively working to protect customers' funds and recover possible losses.
Read more »
Subscribe to: Posts (Atom)