Alcasec, “Robin Hood of Spanish Hackers,” Jailed for 31 Months Over Data Theft

Alcasec, the "Robin Hood of Spanish Hackers," is jailed for 31 months after admitting to stealing and selling Spanish citizens' banking data...

CVE-2023-54163

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...

CVE-2023-54163

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...

Elasticsearch Leak Exposes 6 Billion Records from Scraping, Old and New Breaches

An Elasticsearch leak exposed 6 billion records from global data breaches and scraping sources, including banking and personal details tied to multiple regions...

EUVD-2010-4186

Malware in sbrugna...

EUVD-2017-1745

Malware in sbrugna...

Under the Hood of BlotchyQuasar: DLL-Based RAT Campaigns against Latin America

A sophisticated malspam campaign was recently uncovered targeting Latin American countries, with a particular focus on Brazil. This operation utilizes a highly deceptive phishing email to trick users into executing a malicious MSI file, initiating a multi-stage infection. The core of the attack...

CVE-2020-6311

Banking services from SAP 9.0 Bank Analyzer, version - 500, and SAP S/4HANA for financial products subledger, version � 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create...

CVE-2023-50975

The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled i.e., ELECTRONRUNASNODE can be used in production. This makes it easier for a compromised process to access banking information...

New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3

Cybersecurity researchers have discovered a new version of malware called Rilide that targets Chromium-based web browsers to steal sensitive data and steal cryptocurrency. "It exhibits a higher level of sophistication through modular design, code obfuscation, adoption to the Chrome Extension...

When Efforts to Contain a Data Breach Backfire

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexicos second-largest bank was fake news and harming the banks...

Hackers Distributing Fake Shopping Apps to Steal Banking Data of Malaysian Users

Threat actors have been distributing malicious applications under the guise of seemingly harmless shopping apps to target customers of eight Malaysian banks since at least November 2021. The attacks involved setting up fraudulent but legitimate-looking websites to trick users into downloading the...

CVE-2020-6311

Banking services from SAP 9.0 Bank Analyzer, version - 500, and SAP S/4HANA for financial products subledger, version � 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create...

Authorization

Banking services from SAP 9.0 Bank Analyzer, version - 500, and SAP S/4HANA for financial products subledger, version ? 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create...

CVE-2020-6311

Banking services from SAP 9.0 Bank Analyzer, version - 500, and SAP S/4HANA for financial products subledger, version � 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create...

New Android Malware Steals Banking Passwords, Private Data and Keystrokes

A new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes. Called "EventBot" by Cybereason researchers, the malware is...

New Gustuff Android malware targets cryptocurrency & messaging apps

By Waqas Gustuff Android malware from Russia with love. Group-IB, a cybersecurity firm, has discovered a new breed of Trojan horse malware called Gustuff, which specifically targets Android phones to steal banking credentials and digital assets of users. The malware targets customers of...

Thousands of Mobile Apps Expose Their Unprotected Firebase Hosted Databases

Mobile security researchers have discovered unprotected Firebase databases of thousands of iOS and Android mobile applications that are exposing over 100 million data records, including plain text passwords, user IDs, location, and in some cases, financial records such as banking and cryptocurren...

The Uber platform coming out of authentication vulnerabilities, exploit the vulnerability can reset any account password-loophole warning-the black bar safety net

Italian security expert Vincenzo C. Aka found the Uber platform authentication vulnerabilities, any account can use this vulnerability to reset the password, this discovery yesterday officially announced. In fact, the initiator of the“authentication crisis”the vulnerability is in the seven months...

ShadowBrokers Expose NSA Access to SWIFT Service Bureaus

The NSA used exploits to target two SWIFT Service Bureaus in order to access banking data from a number of financial institutions in the Middle East. The access was likely used to monitor funding for terrorist operations, experts said today as analysis continues of the latest ShadowBrokers dump o...