To buy or not to buy: How cybercriminals capitalize on Black Friday

The global e‑commerce market is accelerating faster than ever before, driven by expanding online retail, and rising consumer adoption worldwide. According to McKinsey Global Institute, global e‑commerce is projected to grow by 7–9% annually through 2040. At Kaspersky, we track how this surge in...

EUVD-2016-0266

Malware in sbrugna...

EUVD-2016-4133

Malware in sbrugna...

Unraveling the U.S. toll road smishing scams

Cisco Talos has observed a widespread and ongoing financial theft SMS phishing smishing campaign since October 2024 that targets toll road users in the United States of America. We observed that the campaign targets people across several states in the U.S. according to the domain names used in th...

Security Bulletin: Financial Transaction Manager for Digital Payments, High Value Payments and Corporate Payment Services are impacted by multiple vulnerabilities.

Summary The vulnerabilities addressed include access control, sensitive information disclosure, cross site scripting and directory traversal. Vulnerability Details CVEID:CVE-2020-5002 DESCRIPTION: IBM Financial Transaction Manager could allow an authenticated user to perform unauthorized actions...

Security Bulletin: Financial Transaction Manager for Digital Payments is impacted by multiple vulnerabilities in IBM Java SE

Summary Multiple vulnerabilities were addressed in Financial Transaction Manager 3.2.13 for Digital Payments, Corporate Payment Services and High Value Payments. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow...

Security Bulletin: Financial Transaction Manager for Digital Payments is impacted by multiple vulnerabilities in IBM Java SE

Summary Multiple vulnerabilities were addressed in Financial Transaction Manager 3.2.13 for Digital Payments, Corporate Payment Services and High Value Payments. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow...

Security Bulletin: IBM Financial Transaction Manager v3.2.x is vulnerable to XML External Entity Injection (XXE)

Summary An XML External Entity Injection XXE vulnerability in Java based XML parsers within IBM Financial Transaction Manager was addressed. Vulnerability Details CVEID:CVE-2023-35892 DESCRIPTION: IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity...

Security Bulletin: Apache Commons FileUpload vulnerability affects IBM Financial Transaction Manager (CVE-2023-24998)

Summary A vulnerability in Apache Commons FileUpload and Tomcat that could cause a Denial Of ServiceDoS attack was addressed. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of reque...

Security Bulletin: Dojo vulnerability affects IBM Financial Transaction Manager for Digital Payments, High Value Payments and Corporate Payment Services [CVE-2021-23450]

Summary A vulnerability in Dojo that could allow arbitrary code execution was addressed. CVE-2021-23450 Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the setObject function. By...

Security Bulletin: Financial Transaction Manager is affected by a vulnerability in Apache log4j (CVE-2021-44228)

Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Financial Transaction Manager to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to...

Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential caching vulnerability (CVE-2020-5003

Summary Potential web serivces XML Enternal Entity Injection XXE attack. Vulnerability Details CVEID: CVE-2020-5003 DESCRIPTION: IBM Financial Transaction Manager is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Financial Transaction Manager for Corporate Payment Services. The applicable CVEs have been addressed. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate yo...

Security Bulletin: Financial Transaction Manager for Corporate Payment Services v2.1.1 is affected by a potential logout session timeout (CVE-2020-4555)

Summary Login session may not be invalidated in a timely manner on timeout. Vulnerability Details CVEID: CVE-2020-4555 DESCRIPTION: IBM Financial Transaction Manager for High Value Payments for Multi-Platform does not invalidate session after logout which could allow an authenticated user to...

Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential logout session timeout (CVE-2020-4555)

Summary Login session may not be invalidated in a timely manner on timeout. Vulnerability Details CVEID: CVE-2020-4555 DESCRIPTION: IBM Financial Transaction Manager for High Value Payments for Multi-Platform does not invalidate session after logout which could allow an authenticated user to...

Top Security and Data Privacy Regulations for Financial Services

Regulatory compliance has become an increasingly more important part of the financial services industry in recent years. And it’s a trend that’s likely to continue due to the upsurge in cloud computing, the use of mobile applications, and a shift to IoT devices, all of which are driving exponenti...

Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services (CVE-2020-2654)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7 or Version 8 used by Financial Transaction Manager for Corporate Payment Services. Financial Transaction Manager for Corporate Payment Services FTM CPS has addressed the applicable CVE.brIf you run your own Java code usi...

Security Bulletin: Financial Transaction Manager for Corporate Payment Services v2.1.1 is affected by a validation vulnerability (CVE-2019-4518)

Summary IBM Financial Transaction Manager for Corporate Payment Services FTM CPS for Multi-Platform has addressed the following vulnerability. A potential validation vulnerability does not properly validate input which could allow an authenticated user to issue server commands or modify data in t...

Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services v2.1.1 (CVE-2020-2654)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7 used by Financial Transaction Manager for Corporate Payment Services v2.1.1. Financial Transaction Manager for Corporate Payment Services FTM CPS v2.1.1 has addressed the applicable CVE.brIf you run your own Java code...

Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential validation vulnerability (CVE-2019-4517)

Summary IBM Financial Transaction Manager for Corporate Payment Services FTM CPS for Multi-Platform has addressed the following vulnerability. A potential validation vulnerability could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Vulnerability Details CVEID...