Banking | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. "The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the Philippines, and other countries around the world," Leandro Fróes, senior threat research engineer at Netskope Threat Labs, said in a report shared with The Hacker News. "The campaign also spans multiple industries, including healthcare, banking, and marketing, with the telecom industry having the highest number of organizations targeted." The attack chain begins when a victim visits a compromised website, which directs them to a bogus CAPTCHA page that specifically instructs the site visitor to copy and paste a command into the Run prompt in Windows that uses the native mshta.exe binary to download and execute an HTA file from a remote server. It's worth noting...

As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot . "DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and user interface monitoring," Cleafy researchers Simone Mattia, Alessandro Strino, and Federico Valentini said . "Moreover, it leverages dual-channel communication, transmitting outbound data through MQTT and receiving inbound commands via HTTPS, providing enhanced operation flexibility and resilience." The Italian fraud prevention company said it discovered the malware in late October 2024, although there is evidence to suggest that it has been active since at least June, operating under a malware-as-a-service (MaaS) model for a monthly fee of $3,000. No less than 17 affiliate groups have been identified as paying for access to the offering. ...

When people think of cybersecurity threats, they often picture external hackers breaking into networks. However, some of the most damaging breaches stem from within organizations. Whether through negligence or malicious intent, insiders can expose your organization to significant cybersecurity risks. According to Verizon's 2024 Data Breach Investigations Report , 57% of companies experience over 20 insider-related security incidents a year, with human error involved in 68% of data breaches. With that, insider attacks result in the highest costs, averaging USD 4.99 million per attack, as per the 2024 Cost of a Data Breach Report by IBM Security.  What are insider threats? An insider threat originates from within an organization – it's the potential for anyone with authorized access to your critical systems to misuse their access, harming your organization. The worst part is that insiders are already within your IT perimeter and are familiar with your internal security prot...

A top Interpol chief has expressed concerns about the cybersecurity measures in banks across the region. According to Major Ali Qubaisi, the Interpol team leader for the Middle East and North Africa, and head of the Economic Crimes unit of the Qatari Interior Ministry, banks in the region are "under-protected" against cybercrime. Additionally, legislation is not keeping pace with technological advancements. In an exclusive interview with Emirates 24|7, Major Qubaisi highlighted that the protective measures adopted by Arab banks against cybercrime are insufficient. "Some of these banks are surprised by the number of crimes being committed, but that is due to a lack of protection which should be adopted in this vital sector," he stated. He emphasized that as many as 50% of Arab banks need "electronic patrols." These patrols consist of groups that work online to track and detect any attempts to penetrate a bank's systems. Major Qubaisi explained that mo...