Category: Uncategorized

Citibank faces a lawsuit for allegedly failing to protect its customers from hacks and fraud. The suit claims the bank didn't implement adequate security measures, resulting in unauthorized access and financial losses for customers. This legal action highlights the increasing scrutiny on financial institutions to ensure robust cybersecurity defenses. 

A severe misconfiguration in Kubernetes, a popular service used by major tech companies like Google, could allow malicious actors unauthorized access to cloud-based applications. A threat actor with access to a Google account could abuse the misconfiguration by using their own Google OAuth 2.0 token to seize control of the cluster for further exploitation. Google is actively addressing the issues and has encouraged its users to deploy recommended detection rules.

EquiLend, a global financial technology firm based in New York, experienced significant operational disruptions due to a cyberattack that occurred on January 22, 2024. The attack led to unauthorized network access and forced the company to take parts of its systems offline. EquiLend is actively working to restore the affected services with the assistance of external cybersecurity experts. The incident comes shortly after EquiLend announced its acquisition by the U.S. private equity firm Welsh, Carson, Anderson & Stowe, a deal expected to close in Q2 2024.

LoanDepot, a large mortgage lender, experienced a ransomware attack that compromised the personal information of approximately 16.6 million people. The breach was initially disclosed earlier in the month and was further detailed in a recent filing with the Securities and Exchange Commission.

Federal Reserve's Vice Chair for Supervision, Michael Barr, addressed historical shortcomings in banks' management of third-party cyber risk during a conference. He expressed concerns about the rising reliance on third-party service providers by banks, leading to increased cyber threats. Barr emphasized the need for banks to not only identify vulnerabilities but also prioritize resilience by developing and testing business continuity plans. He anticipates improvements in quantifying cyber risk through mandatory incident reporting, expecting this to aid threat detection and understanding the broader financial system's interconnectedness.

Aaron Johnson, a 26-year-old criminal, executed a deceptively simple but effective scheme to steal over $300,000 from bank accounts by hacking into iPhones. Between 2021 and 2022, Johnson frequented Minnesota bars, where he would observe and memorize the passcodes of young people as they entered them into their iPhones. Once he had the passcodes, he stole the phones, locked the victims out of their Apple IDs, and enrolled his own face in the devices' Face ID, effectively gaining complete control.