Category: Uncategorized

Citibank faces a lawsuit for allegedly failing to protect its customers from hacks and fraud. The suit claims the bank didn't implement adequate security measures, resulting in unauthorized access and financial losses for customers. This legal action highlights the increasing scrutiny on financial institutions to ensure robust cybersecurity defenses. 

A severe misconfiguration in Kubernetes, a popular service used by major tech companies like Google, could allow malicious actors unauthorized access to cloud-based applications. A threat actor with access to a Google account could abuse the misconfiguration by using their own Google OAuth 2.0 token to seize control of the cluster for further exploitation. Google is actively addressing the issues and has encouraged its users to deploy recommended detection rules.

EquiLend, a global financial technology firm based in New York, experienced significant operational disruptions due to a cyberattack that occurred on January 22, 2024. The attack led to unauthorized network access and forced the company to take parts of its systems offline. EquiLend is actively working to restore the affected services with the assistance of external cybersecurity experts. The incident comes shortly after EquiLend announced its acquisition by the U.S. private equity firm Welsh, Carson, Anderson & Stowe, a deal expected to close in Q2 2024.

LoanDepot, a large mortgage lender, experienced a ransomware attack that compromised the personal information of approximately 16.6 million people. The breach was initially disclosed earlier in the month and was further detailed in a recent filing with the Securities and Exchange Commission.

Federal Reserve's Vice Chair for Supervision, Michael Barr, addressed historical shortcomings in banks' management of third-party cyber risk during a conference. He expressed concerns about the rising reliance on third-party service providers by banks, leading to increased cyber threats. Barr emphasized the need for banks to not only identify vulnerabilities but also prioritize resilience by developing and testing business continuity plans. He anticipates improvements in quantifying cyber risk through mandatory incident reporting, expecting this to aid threat detection and understanding the broader financial system's interconnectedness.

Aaron Johnson, a 26-year-old criminal, executed a deceptively simple but effective scheme to steal over $300,000 from bank accounts by hacking into iPhones. Between 2021 and 2022, Johnson frequented Minnesota bars, where he would observe and memorize the passcodes of young people as they entered them into their iPhones. Once he had the passcodes, he stole the phones, locked the victims out of their Apple IDs, and enrolled his own face in the devices' Face ID, effectively gaining complete control.

A sophisticated JavaScript malware campaign, detected by IBM Security Trusteer in March 2023, has targeted over 40 financial institutions worldwide, compromising at least 50,000 user sessions across North America, South America, Europe, and Japan. This malware, using JavaScript web injections, primarily aims to steal online banking account credentials.

Carbanak, a notorious banking malware active since at least 2014, has resurfaced with new ransomware tactics. According to an analysis by NCC Group, Carbanak has evolved to incorporate diverse attack vectors, enhancing its effectiveness. It now uses compromised websites to distribute malware, often impersonating popular business-related software like HubSpot, Veeam, and Xero. Originally known for its data exfiltration and remote control capabilities, Carbanak has been a tool for the FIN7 cybercrime syndicate.

The U.S. Securities and Exchange Commission (SEC) has implemented a new rule requiring publicly traded companies to report "material" cybersecurity incidents within four business days. This rule aims to provide investors with more consistent and transparent information about potential cybersecurity risks, addressing the previous inconsistencies in major incident disclosures.

Researchers at Ruhr University Bochum have uncovered a critical vulnerability in the Secure Shell (SSH) protocol known as Terrapin (CVE-2023-48795, CVSS score: 5.9). This vulnerability introduces a novel prefix truncation attack, enabling attackers to compromise the integrity of SSH's secure channel by manipulating sequence numbers during the handshake process, permitting the removal of initial messages without detection.