Patricia Hurtado and David Voreacos report: Federal prosecutors broadened a case linked to what the U.S. called a multiyear criminal enterprise centering on hacks of publishing and financial firms including JPMorgan Chase & Co., according to court records in Manhattan. […] In a revised indictment, Anthony Murgio and his co-conspirators are accused of knowingly exchanging…
Category: Financial Sector
Failed blackmail nets ex-Leumi Card employee 11 years in jail
Gur Megiddo reports a follow-up on an insider breach that occurred in 2014 and was previously covered here and here: A former Leumi Card employee convicted of stealing information from the credit card company’s database as a precursor to blackmail has been sentenced to 11 years in prison. Eliran Rosnis admitted the charges against him…
Flaws in Worldpay’s Merchant Portal Allow Attackers to Modify Payment Forms
Catalin Cimpanu reports: Vulnerabilities known as IODR (Insecure Direct Object References) were found and fixed in Worldpay, an online secure payments platform, security researcher Randy Westergren reports. An IODR vulnerability is when users have access to information they should not see, either because it belongs to another user or originates from an account with higher privileges. In…
Lessons from the Olympus Mortgage vs. Guaranteed Rate Case
Craig Nazarro of Baker Donelson writes about an insider breach case previously covered on this blog: Late last month a jury awarded Mount Olympus Mortgage Company (MOMC) more than $25 million for their claims against Guaranteed Rate (Guaranteed), which alleged Guaranteed along with other former employees of MOMC illegally transferred hundreds of loan files from…
Russian hacker group targetting largest EU banks
SC Magazine reports: The Russian government has begun working with Russia’s Central Bank to develop a package of measures aimed at fighting Buhtrap, the recently discovered hacker group, which, to date, has stolen around RUB 4 billion (£42 million) from Russian and Western banks, and is reportedly planning further attacks on the EU banking system….
‘Inadvertent’ cyber breach hits 44,000 FDIC customers
Joe Davidson reports: In yet another example of fragile security in federal cyber systems, data for 44,000 Federal Deposit Insurance Corp. customers was breached by an employee leaving the agency. The breach occurred in February and was outlined in an internal FDIC memorandum obtained by The Washington Post. The March 18 memo from Lawrence Gross Jr.,…