Key INFOREX 跨站脚本漏洞

Key INFOREX is a financial and banking management system developed by the Turkish company Key. The Key INFOREX version 2025 and earlier versions had a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation, which could allow cross-site...

Israel-Tied Predatory Sparrow Hackers Are Waging Cyberwar on Iran’s Financial System

After an attack on Iran’s Sepah bank, the hyper-aggressive Israel-linked hacker group has now destroyed more than $90 million held at Iranian crypto exchange Nobitex...

Money Laundering 101, and why Joe is worried

Welcome to this week's edition of the Threat Source newsletter. Howdy friends! One of things I learned early on in cyber security is that crime does, in fact, pay. It can pay very well, actually. If it didn't, we wouldn't have ransomware cartels raking in obscene amounts of money year after year...

U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions

The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022. This includes Bitpapa IC FZC LLC, Crypto Explorer DMCC...

Anonymous Sudan, MOVEit, and Cl0p

There are three concurrent events of significant concern: 1. An Anonymous Sudan group chat on Telegram has revealed imminent threats from Russia to the US financial system, specifically targeting the SWIFT network. The motive behind this attack is disruption. By attacking SWIFT and inducing...

Nick Weaver on Regulating Cryptocurrency

Nicholas Weaver wrote an excellent paper on the problems of cryptocurrencies and the need to regulate the space--with all existing regulations. His conclusion: Regulators, especially regulators in the United States, often fear accusations of stifling innovation. As such, the cryptocurrency space...

CVE-2022-43872

IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information e.g. event log entries about the FTM SWIFT system. IBM X-Force ID: 239708...

Over 30 Countries Pledge to Fight Ransomware Attacks in US-led Global Meeting

Representatives from the U.S., the European Union, and 30 other countries pledged to mitigate the risk of ransomware and harden the financial system from exploitation with the goal of disrupting the ecosystem, calling it an "escalating global security threat with serious economic and security...

BEC Hotshot with Opulent Social Media Presence to Face U.S. Charges

A Dubai resident with an elaborate lifestyle that he touted on social media – think designer clothes, expensive watches, luxury cars and charter jets – has arrived in the United States to face criminal charges. He is charged with conspiring to engage in money laundering, as part of a business ema...

North Korean Actors Spear Phish U.S. Electric Companies

We can confirm that FireEye devices detected and stopped spear phishing emails sent on Sept. 22, 2017, to U.S. electric companies by known cyber threat actors likely affiliated with the North Korean government. This activity was early-stage reconnaissance, and not necessarily indicative of an...

Hackers Steal $60 Million from Taiwanese Bank; Two Suspects Arrested

A Taiwanese bank has become the latest to fall victim to hackers siphoning off millions of dollars by targeting the backbone of the world financial system, SWIFT. SWIFT, or Society for Worldwide Interbank Telecommunication, is a global financial messaging system that thousands of banks and...

North Korean Actors Spear Phish U.S. Electric Companies

We can confirm that FireEye devices detected and stopped spear phishing emails sent on Sept. 22, 2017, to U.S. electric companies by known cyber threat actors likely affiliated with the North Korean government. This activity was early-stage reconnaissance, and not necessarily indicative of an...

Why Is North Korea So Interested in Bitcoin?

In 2016 we began observing actors we believe to be North Korean utilizing their intrusion capabilities to conduct cyber crime, targeting banks and the global financial system. This marked a departure from previously observed activity of North Korean actors employing cyber espionage for traditiona...

CVE-2017-10018

Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products subcomponent: Strategic Sourcing. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

金融化一卡通系统越权添加管理员

/managerNManager.action http://.../xykcx/managerNManager.action...

North Korea Sanctions Handed Out in Sony Hack

President Obama today signed an Executive Order authorizing sanctions against North Korea for its alleged involvement in the Sony hack. The FBI on Dec. 19 formally blamed the hack on the North Korean government; the attack destroyed workstations and resulted in the loss of employee personal and...

SchoolMation 2.3 - SQLi and XSS Vulnerability

No description provided by source. ==================================================== SchoolMation Version 2.3 SQLi and XSS Vulnerability ==================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...

The Next Security Scandal Will Be An Attack on High Frequency Trading Systems

The U.S. Securities and Exchange Commission voted on Tuesday to impose new rules to help oversee what experts warn is a burgeoning and little understood shadow market of ultra high-speed, computer based trading. But one security expert warns that new reporting rules are only part of the problem...

Sony CEO Warns "Bad New World" Will See More High Profile Hacks

In the aftermath following April’s mammoth Sony PlayStation Network breach, the company’s Chief Executive warns of a “bad new world” of cyber crime in an interview with The Wall Street Journal on Tuesday. Howard Stringer of Sony Corp. spoke with the newspaper on security, hackers and how the atta...

Operation Icarus : Will Anonymous shut down the NYSE (New York Stock Exchange) ?

Operation Icarus : Will Anonymous shut down the NYSE New York Stock Exchange ? Anonymous Hackers starts Operation Icarus , They Release a Press Release Regarding This, as Posted Below : Operation Icarus Attention Brothers: The opportunity to create financial chaos and public unrest and from that,...