#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

online banking | Breaking Cybersecurity News | The Hacker News

New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

Dec 21, 2023 Online Banking / Malware
A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world. The activity cluster, which employs JavaScript web injections, is estimated to have led to at least 50,000 infected user sessions spanning North America, South America, Europe, and Japan. IBM Security Trusteer said it detected the campaign in March 2023. "Threat actors' intention with the web injection module is likely to compromise popular banking applications and, once the malware is installed, intercept the users' credentials in order to then access and likely monetize their banking information," security researcher Tal Langus  said . Attack chains are characterized by the use of scripts loaded from the threat actor-controlled server ("jscdnpack[.]com"), specifically targeting a page structure that's common to several banks. It's susp
BHIM App — How to Send & Receive Money with UPI

BHIM App — How to Send & Receive Money with UPI

Jan 03, 2017
After the lack of supply of cash in India following its Prime Minister step to remove high-denomination banknotes from circulation in November 2016, the country is moving a step closer towards becoming a cashless economy with the launch of Unified Payment Interface ( UPI ). Unified Payment Interface ( UPI ) allows all bank account holders to pay money from their smartphones, both online and offline, without the need to enter credit card details, IFSC code, or net banking userID/passwords. All the users need to do is create a Virtual Payment Address (VPA) of their choice, which will act as their financial address, and link it to their bank account. Now in an effort to boost the adoption of Unified Payments Interface (UPI) as a tool for digital transactions, Indian Government has recently launched a new app called, the Bharat Interface for Money ( BHIM ) app . This new digital payments app, which is believed to be a game-changer for cashless payments in India, is currently av
Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

Feb 13, 2024SaaS Security / Data Breach
The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and vulnerabilities in third-party app integrations demonstrate the complex security challenges facing IT systems. In the case of Midnight Blizzard, password spraying against a test environment was the initial attack vector. For Cloudflare-Atlassian, threat actors initiated the attack via compromised  OAuth tokens  from a prior breach at Okta, a SaaS identity security provider.  What Exactly Happened? Microsoft Midnight Blizzard Breach Microsoft was targeted by the Russian "Midnight Blizzard" hackers (also known as Nobelium, APT29, or Cozy Bear) who are linked to the SVR, the Kremlin's forei
Tesco Bank Hacked — Cyber Fraudsters Stole Money From 20,000 Accounts

Tesco Bank Hacked — Cyber Fraudsters Stole Money From 20,000 Accounts

Nov 07, 2016
Almost 20,000 Tesco Bank customers have had their money stolen from their accounts after the banking arm of UK's biggest retailer fall victim to a hacking attack this weekend. As a result of the hack, Tesco Bank has frozen online transactions in an attempt to protect its customers from, what it described as, the " online criminal activity. " However, customers can still use their debit and credit cards for cash withdrawals and card-based payments. Tesco Bank has not disclosed any details of the cyber attack or how accounts had been compromised, but Benny Higgins, chief executive of Tesco, confirmed that the hack affected 40,000 of its 136,000 accounts, half of which had already been used to withdraw money fraudulently over the weekend. The bank would not disclose the total amount stolen from the accounts, but confirmed that the amount stolen was a " big number but not a huge number. " If you have been affected by this incident, don't worry! Higgins has apo
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
Researcher warns about Security Loopholes in Denmark's Largest Bank

Researcher warns about Security Loopholes in Denmark's Largest Bank

Oct 06, 2015
While accessing your Bank account online, Have you ever thought… ...there could be a Hacker, somewhere in the World, who is after your Money? Maybe NO . Because, you believe that your bank offers Secure banking solution, Right? At The Hacker News, we have reported many incidents of cyber attacks , which proves that Banks are more often being targeted by Hackers, despite robust Banking Security mechanisms. Today we are going to talk about security of one of the  Denmark's Largest Bank , reviewed by Sijmen Ruwhof , an Ethical Hacker, and IT Security Consultant. Ruwhof recently published a blog post, " How I could Hack Internet Bank accounts of Danish Largest Bank in a few minutes ". His In-depth technical post explains the extent to which Danske Bank , one of the largest Danish Bank, is vulnerable to hacking. In August, Ruwhof got intrigued with the idea of testing Bank's security while interacting with a group of Danish hackers at the Chaos Communica
Cybersecurity Resources