Articles about Financial Institutions

What do we do about a problem like Uber? Tom Slee speaks his brains

Interview Veteran software pro Tom Slee was one of the first critics of so-called “Sharing Economy” outfits like Uber and AirBnB. His forthcoming book What’s Yours Is Mine: Why The Sharing Economy Isn’t draws attention to the dark side of their operations – and strongly argues for regulation. But this creates a dilemma. They’re hugely …
Andrew Orlowski, 15 Jan 2016

Half of UK financial institutions vulnerable to well-known crypto flaws

Fifty per cent of UK high street financial institutions utilise weak SSL certificates on their secure authentication portals, according to a new study by Xiphos Research. An assessment of 84 UK- and foreign-owned banking institutions in November by the international information security firm, and published on Monday, found …
John Leyden, 05 Jan 2016
Huawei_Shenzhen_HQ

Huawei: Hey, storage bigshots – we're coming for your top 3 spot

China is coming to shake up our cosy storage world, with Huawei hoping for a top three supplier spot by 2018. Fan Ruiqi, Huawei’s storage products president, told Reuters: “We don't want to just be number one in China ... We want to be at least the top three in the world by 2018” in the storage business. That means acquiring …
Chris Mellor, 08 Dec 2015

Target settles with banks for $40m after data breach

Retail giant Target has agreed to shell out $39.4m to banks and credit unions who had pursued the company following losses suffered after an enormous data breach. Target has now resolved the class-action claims following lenders seeking to hold the company to account for reimbursing defrauded customers. $20.25m will be paid to …

UK joins US financial institutions for industry resilience tests

The UK teamed up with US authorities to run a banking industry resilience exercise, dubbed Operation Resilient Shield, last week. The paper-based transatlantic exercise focused on improving information sharing and planning in the context of a cyber attack rather than fending off Red Team hackers. Leading (but unnamed) global …
John Leyden, 19 Nov 2015

Read the Economist last weekend? You may have fetched more than just articles (yup, malware)

Third bathroom reading material The Economist served malware from its website via the compromised PageFair network. The biz mag today alerted readers that it put their PCs at risk last weekend. "If you visited economist.com at any time between Oct. 31, 23:52 GMT and 01:15 GMT, Nov. 1, using Windows OS and you do not have …
Shaun Nichols, 06 Nov 2015

FBI takes down Dridex botnet, seizes servers, arrests suspect

The FBI has teamed up with security vendors to disrupt the operations of Dridex banking Trojan. Multiple command-and-control (C&C) servers used by the Dridex Trojan have been taken down and seized in a co-ordinated action after the FBI obtained court orders. The take-down operation is geared towards crippling the malware’s …
John Leyden, 14 Oct 2015
ZFS_Appliances

Oracle ZFS appliance sales hit $1 billion

Oracle blogs it’s sold more than a billion dollars’ worth of its ZFS appliance, with almost 15,000 systems installed by more than 5,000 customers. It is “currently one of the fastest growing products within the Oracle Server and Storage Systems business unit.” Sounds impressive, particularly with EMC saying it has sold a …
Chris Mellor, 09 Oct 2015

Russian hacker, nabbed in Spain, cops 4+ years for Citadel botnet

Dimitry Belorossov – a Russian cyber-criminal who used the Citadel banking trojan – has been sentenced to four years and six months in a US prison after pleading guilty to conspiring to commit computer fraud. Belorossov, who was known by criminal associates as Rainerfox, was alleged to have operated a Citadel command and …
US cashpoint. Pic: Tax Credits

'Self-deleting' Mexican ATM malware let sneaky miscreants slurp cash

Security researchers have lifted the lid on a new ATM malware strain, dubbed GreenDispenser, which gives crooks the ability to walk up to a compromised machine and drain its cash. When installed, GreenDispenser displays an “out of service” message on the ATM – but attackers who enter the correct pin codes can then drain the …
John Leyden, 25 Sep 2015
trolley_shopping_648

Comparex: Just two buyers left in sales negotiations

Microsoft reseller titan Comparex has whittled down its list of prospective buyers to just two, The Channel can reveal. A sales process for the pan-regional reseller began some months ago with investment bank Jefferies sending out a commercial prospectus or Information Memorandum. Sources in the investment community told us …
Paul Kunert, 18 Sep 2015
firing range - target in cross hairs

Banks team to paint shared target on Target

Financial institutions pursuing retailer Target have had a significant win after the US District Court said they can run a class action against the company. Target infamously managed to leak 40 million credit card numbers in 2013 and has been paying for its mistake ever since, spending up big on laywers and handing over US$ …
Simon Sharwood, 17 Sep 2015
shutterstock_213172012

Visa mobilises its money out of mobile money firm Monitise

Once a stock market darling, mobile money expert Monitise is to lose Visa Europe as a major shareholder. The finance multinational has announced that it will “reduce its shareholding over time”. Visa Europe has steadily bought into Monitise, spending £2.1m in August 2012 when shares were around 30p, £15.6m in August 2013 when …
Simon Rockman, 08 Jul 2015
fbservers_648

Open Compute Project testing is a 'complete and total joke'

Comment Facebook's Open Compute Project testing is sub-standard and doesn't follow well-established industry procedures, according to The Register's sources. The Open Compute Project (OCP) was formed in 2011 and involves the Facebook-initiated design of bare-bones computer equipment that can supposedly be built, installed and operated …
Chris Mellor, 07 Jul 2015
Policeman claps in London street

Europol and Barclays shack up for steamy security shenanigans

EU law enforcement body Europol and Barclays have signed a Memorandum of Understanding (MoU) to formalise their cooperation in combating cybercrime targeting the financial sector. The agreement establishes a formal means for Europol and Barclays to "exchange strategic information, information on trends, expertise and …

The Great Windows Server 2003 migration: How to plan your trip

Think switching OS is bad? There are just weeks left to migrate away from Windows Server 2003 before support for the operating system runs out. At this point, if a CIO hasn’t yet taken action, CEOs should be getting involved. After all, if a business is insecure and non-compliant, that’s a corporate governance issue On July …
Danny Bradbury, 29 Jun 2015

Dyre banking VXers LOVE Mondays, Symantec says

Nobody can accuse trojan coders of being lazy; the masterminds behind the Dyre banking malware are putting in full five-day working weeks to maintain some 285 command and control servers handling stolen banking credentials. The malware is one of the worst in circulation using its fleet of command and control servers to handle …
Darren Pauli, 25 Jun 2015
Central Intelligence Agency

CIA-funded spy data safe Palantir doubles in value in 18 months

CIA-backed Big Data analytics outfit Palantir is about to embark on a fundraising round that will value the biz at $20bn (£13bn), according to reports. The funding comes off the back of bumper forward revenues this year, sources have told The Financial Times [paywall]. It means Palantir will become one of the most valuable …
Kat Hall, 24 Jun 2015

Phone scamming up 30 percent last year: Report

Retail and finance call centre phone scamming in the US is up 30 percent according to research. The 2014 findings are based on some 86 million scam calls a month picked up by Pindrop Security in which attackers aimed to obtain personal information on potential victims. The phone security company says one in 2200 calls are …
Darren Pauli, 18 Jun 2015
Blackmail

Bitcoin blackmail gang start hurling DDoSes at Scandinavia

Bitcoin extortionists DD4BC have begun targeting Scandinavian companies with complex DDoS attacks. DD4BC is blackmailing targets by asking them to pay 40 bitcoins or more to avoid their central services being subject to DDoS attacks. Extortionate demands typically appear in emails around an hour after targets are blitzed off the …
John Leyden, 09 Jun 2015
shutterstock_263560157-nfc

Verizon splits with carrier-led bonking and invests in SimplyTapp

Verizon Ventures has invested in NFC technology company SimplyTapp. What makes this interesting is that SimplyTapp is a cloud-based service using Host Card Emulation (HCE) for the security element in Android phones. Operators have traditionally supported the rival Single Wire Protocol (SWP) standard and Vodafone recently …
Simon Rockman, 08 Jun 2015

Bank-heist malware's servers phone home to Russian spookhaus

Trend Micro researcher Maxim Goncharov says one of the world's most sophisticated and dangerous bank-robbing trojans is now pointing to Russia's Federal Security Service (FSB). Goncharov says the Carbanak trojan's command and control servers now point to the FSB in what could be a joke or gaffe by malware authors. Carbanak in …
Darren Pauli, 25 May 2015

Starbucks denies mobile app hack, blames careless customers

Starbucks has rebuffed claims that its mobile app has been hacked, in the wake of reports that scores of its US customers have suffered from credit card fraud. The coffee chain’s US customers have been reporting the theft of hundreds of dollars from their credit cards, in a series of scams seemingly linked to auto top-ups on the …
John Leyden, 15 May 2015
Bitcoin is the future of money CC 2.0 by Jonathan Waller https://www.flickr.com/photos/whitez/

The United States' first official BitCoin exchange goes live

The first government-approved BitCoin exchange in the US has gone live. As we predicted last week, the New York State Department of Financial Services (NYFDS) has given itBit Trust Company the first charter to be a virtual currency in the world's financial center. NYFDS superintendent Benjamin Lawsky said of the decision: "We …
Kieren McCarthy, 07 May 2015
Bank vault

Romanian rozzers round up alleged $15 MILLION ATM cybercrim gang

Romanian police have arrested 25 people who are suspected of being part of a cyber-crime gang that organised $15m in fraudulent bank withdrawals. The Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) searched 42 houses across the country on Sunday in connection with more than 34,000 fraudulent cash …
Headshot of Trojan horse

Banking trojan scourge gallops on, despite more fences

RSA 2015 Banking botnets persist as a threat despite recent high-profile takedowns which only achieve a temporary calming effect, according to a new study from Dell SecureWorks. Between mid-2014 and early 2015, coordinated efforts involving law enforcement and private-sector industry disrupted three of the most active banking botnets ( …
John Leyden, 23 Apr 2015

America was founded on a dislike of taxes, so how did it get the IRS?

The eXpat files Welcome again to the eXpat files, our now-occasional visit with readers who've moved to a new land in search of adventure, sunshine and, in the case of this week's chap, bewildering and labyrinthine tax and credit regulations. The chap in question is David Hough, currently resident in Newark, California (not New Jersey). David …
Simon Sharwood, 19 Apr 2015

Sydney's Bugcrowd lands $6m from venture capitalists

Vulnerability mercenary outfit Bugcrowd has scored $6 million in Venture Capital funding. The Series A funds for the crowd-sourced security testing outsourcer have been provided by Costanoa Venture Capital, Rally Ventures, Paladin Capital Group and Australian outfit Blackbird Ventures. Bugccrowd founder Casey Ellis says the …
Darren Pauli, 16 Mar 2015
Minority report precogs

Mind-reading DNS security analysis offers early warning for APT attacks

The application of predictive algorithms to DNS data may be able to spot malware sites before they serve up nasties. Security firm OpenDNS is applying ideas from natural language processing to automatically identify malicious domains using a prototype tool called NLPRank, as a blog post by the firm explains. Utilising natural …
John Leyden, 06 Mar 2015

Visa: One million bonks a month for Europeans from next year

There is a quote attributed to Visa International that NFC has had “more pilots than the RAF”. Well, that may or may not be true, but what's beyond doubt right now – according to Jeremy Nicholds, Executive Director, Mobile, Visa Europe – is that people will soon be using mobile phones to tap to pay. And he’s prepared to put a …
Simon Rockman, 26 Feb 2015
Bank vault

Bank of England could mint own brand of Bitcoin

The Bank of England (BoE) has issued a piece of research suggesting, among other things, that it may not be a bad idea for it and other central banks to issue digital currencies. The “One Bank Research Agenda Discussion Paper” is the BoE's attempt to kick-start new banking thinking. The paper therefore considers five themes, …
Simon Sharwood, 26 Feb 2015
Night scene of bank station in central london

Finally, a decent use for big data: Weeding out crooked City traders

Financial institutions in London could use "big data" technology to pinpoint malpractice by City traders in future, a panel advising the Bank of England has said. The Market Practitioner Panel (MPP) said existing methods of monitoring for illegal trading practices, such as "key word surveillance", were flawed and that …
OUT-LAW.COM, 24 Feb 2015

Hackers break the bank to the tune of $300 MEEELLION

A series of bank hacker heists have hit more than 100 financial institutions, say Kaspersky researchers, and more than US$300 million appears to have walked as a result. The attacks targeted employees at as-yet-unnamed banks with malware dubbed Carbanak that gave access to corporate networks, giving criminals access for more …
Darren Pauli, 16 Feb 2015
Scrooge McDuck

Oracle data centre offers its back end to banking upstart

Oracle is becoming a British banking back end, with its data centres about to start holding the money and details of some of the UK’s wealthiest citizens. Hampden & Co, due to launch in the first quarter of 2015, has picked Oracle’s Flexcube as its core banking platform, the database giant said Tuesday. Unlike other Flexcube …
Gavin Clarke, 15 Jan 2015

LICK THAT ATM: Diebold and Corning debug displays

Ponder, for a moment, whether the person ahead of you in the queue to use an automatic teller machine (ATM) washed their hands after their last visit to the bathroom. What's that you say? You'll use your card instead? Can't blame you: the prospect of mashing your hands on touch-screens or buttons used by who-knows-how-many …
Simon Sharwood, 09 Jan 2015
Apple phone payement.

UK banks prepare for Apple Pay 'invasion', look to slap on bonking protection

Analysis Apple's attempt to launch its NFC payment solution in the UK could be thwarted by some financial institutions' concerns over privacy and security issues surrounding Cupertino's "invasion" of the banking industry. The system, which has been developed with the credit card companies, has been tried by two million iPhone 6 users …
Simon Rockman, 30 Dec 2014
Headshot of Trojan horse

Vawtrak challenges almighty ZeuS as king of the botnets

Crooks behind Vawtrak, a dangerous banking Trojan, are ramping up its reach and sophistication, security firms have warned. Vawtrak currently ranks as the single most dangerous threat, according to PhishLabs. Only Zeus and its many variants (GameOver, KINS, ZeusVM, Zberp, etc.) taken as a single malware "family" would outrank …
John Leyden, 27 Dec 2014
hands waving dollar bills in the air

Fancy a .trust domain? How's $150,000 sound?

The NCC Group has revealed how much it expects to sell new .trust domains for: $150,000. And that's just the wholesale price. The idea for the new domains is that they will be super-secure. Back in October, NCC Group published an extensive security rulebook that all .trust domains will be expected to follow. The company is …
Kieren McCarthy, 22 Dec 2014
Fraud image

Webcam-snooping spawn of ZeuS hits 150 banks worldwide

The latest evolution of the online bank account raiding Trojan ZeuS is the webcam-spying Chthonic malware, according to researchers. Chthonic infects Windows PCs, and allows criminals to connect to the compromised PC remotely and command it to carry out fraudulent transactions. The software nasty is targeting customers of …
John Leyden, 19 Dec 2014
The Playmobil bank set, complete with armed robber

Banks, UK.gov must work together to beat cyber-nasties

Government must work closely with UK banks to improve financial institutions' infrastructure and resilience to cyber attacks, the Bank of England has warned. Banks currently view cyber attacks as a "technical" problem, rather than an issue which merits "board-level attention," it said on Tuesday in its Financial Stability Report …
Kat Hall, 16 Dec 2014

UK banks ill-prepared for return of the rabid POODLE

The latest evolution of a high-profile security flaw potentially exposes UK banks' web site traffic to eavesdropping. The POODLE (Padding Oracle On Downgraded Legacy Encryption) security flaw first surfaced in October and was thought to affect only the obsolete - but still widely used - Secure Sockets Layer (SSL) 3.0 crypto …
John Leyden, 15 Dec 2014
Orange Credit Card

.Bank hires Symantec to check credentials

The launch of new .bank domain names is one step closer with the announcement [PDF] that Symantec has been chosen to act as the credentials verifier for the top-level domain. Dot-bank domains represent a new type of domain name - one restricted to a very specific group of people in order to enhance security. Banks and …
Kieren McCarthy, 10 Dec 2014
Reckless Getaway

Osborne ponders giving fleeing bank customers an API getaway car

Banks will have to use standardised application programming interfaces (APIs) to make it easier for customers to move their accounts to rival services, the British government has said. In his Autumn Statement last week, Chancellor George Osborne announced that the government would launch a "call for evidence" on "how to …
OUT-LAW.COM, 08 Dec 2014

US retail giant Target fails to get banks' MEGABREACH lawsuit slung out of court

Target has failed in is attempt to persuade a judge to reject lawsuit by banks harmed by losses following the US retail giant's megabreach. US District Judge Paul Magnuson ruled that Target played a "key role" in permitting cybercriminals to infiltrate its computer networks. Because of this, a lawsuit by banks seeking to …
John Leyden, 03 Dec 2014
Night scene of bank station in central london

London police chief: City bankers, prepare for a terrorist cyber attack. Again

+Comment Western financial institutions should prepare themselves for cyber attacks from Islamic militants, the head of the City of London police warns. Commissioner Adrian Leppard urged preparations ought to be put at hand during a security conference in New York. According to the FT, he singled Islamic State of Iraq and the Levant ( …
John Leyden, 19 Nov 2014
spark fun electronics rotary dial mobile phone

Lame phone dodgers fleece finance's foolish and fat fingered

Scammers are attempting to fleece a hundred top US financial companies by registering phone numbers close to those in use by the firms, engineer Scott Strong says. Of some 600 top financial institutions across the US, 103 or about 20 percent had scammers register their numbers with only the last few digits altered in a bid to …
Darren Pauli, 19 Nov 2014

World leaders rubber-stamp tax recoup effort at G20 gabfest

The leaders meeting of the G20 group of nations has endorsed existing approaches to combating international legal-but-naughty tax avoidance schemes. Tax was on the agenda of the weekend gabfest because most G20 members are painfully aware that their balance sheets don't look great, in part because multinational companies have …
Simon Sharwood, 16 Nov 2014
Infosec

Cybersecurity? Nothing to do with us, mate – Google and Facebook

Google, eBay, Facebook, Yahoo! foursquare and Microsoft want nothing to do with the proposed new EU cybersecurity law. In an open letter to Europe’s telco ministers last week, CCIA (the Computer & Communications Industry Association) said the proposed Network and Information Security (NIS) Directive should excluding internet …
Jennifer Baker, 12 Nov 2014

BIGGEST THREAT to Europe’s cybersecurity? Hint: not hackers

Forget cyber-espionage, cyber-warfare and cyber-terrorism. The biggest threat to Europe’s infrastructure cybersecurity are power outages and poor communication. On Thursday, ENISA (European Network and Information Security Agency) held its biggest ever cybersecurity exercise involving more than 200 organisations and 400 cyber- …

In dot we trust: If you keep to this 124-page security rulebook, you can own yourname.trust

NCC Group has published a set of security standards that you'll have to follow if you want to operate a .trust website. The company owns the rights to sell dot-trusts, and uploaded the 124-page policy document [PDF] earlier this month. It provides a technical rundown covering network security to secure DNS settings, and NCC …
Kieren McCarthy, 22 Oct 2014