BBC: Android ‘spoofing’ bug helps targets bank accounts. “A ‘major’ security weakness in Google’s Android software has let cyber-thieves craft apps that can steal banking logins, a security firm has found. The bug lets attackers create fake login screens that can be inserted into legitimate apps to harvest data.”
online banking
BetaNews: Banking malware grows as cryptominers decline
BetaNews: Banking malware grows as cryptominers decline. “The latest mid-year Cyber Attack Trends Report from Check Point shows mobile banking malware attacks are up 50 percent compared to the first half of 2018, while the number of organizations hit by cryptominers is down to 26 percent, from 41 percent last year.”
Krebs on Security: SMS Phishing + Cardless ATM = Profit
Krebs on Security: SMS Phishing + Cardless ATM = Profit. “A number of financial institutions are now offering cardless ATM transactions that allow customers to withdraw cash using nothing more than their mobile phones. But this also creates an avenue of fraud for bad guys, who can leverage phished or stolen account credentials to add a new phone number to the customer’s account and then use that added device to siphon cash from hijacked accounts at cardless ATMs.”
ZDNet: Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks
ZDNet: Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks. “Over 100,000 routers have had their DNS settings modified to redirect users to phishing pages. The redirection occurs only when users are trying to access e-banking pages for Brazilian banks. Around 88% of these routers are located in Brazil, and the campaign has been raging since at least mid-August when security firm Radware first spotted something strange.”
SecurityIntelligence: Penetration Tests Discover All Banks Are Susceptible to Web App Bugs
SecurityIntelligence: Penetration Tests Discover All Banks Are Susceptible to Web App Bugs. “A series of penetration tests found that every bank is guilty of web application vulnerabilities and insufficient network security measures. According to a recent report from Positive Technologies, Bank Attacks 2018, 100 percent of banks suffered from these vulnerabilities and inadequacies. The report also found server configuration flaws in all banks — while just over half were found to have improperly managed their user accounts and passwords.”
EurekAlert: Researchers found a security flaw that had 10 million banking app users at risk
EurekAlert: Researchers found a security flaw that had 10 million banking app users at risk. “Researchers from the University of Birmingham have developed a tool to perform semi-automated security testing of mobile phone apps. After running the tool on a sample of 400 security critical apps, they were able to identify a critical vulnerability in banking apps; including apps from HSBC, NatWest, Co-op and Bank of America Health.”
