Catalin Cimpanu reports: Vulnerabilities known as IODR (Insecure Direct Object References) were found and fixed in Worldpay, an online secure payments platform, security researcher Randy Westergren reports. An IODR vulnerability is when users have access to information they should not see, either because it belongs to another user or originates from an account with higher privileges. In…
Category: Financial Sector
Lessons from the Olympus Mortgage vs. Guaranteed Rate Case
Craig Nazarro of Baker Donelson writes about an insider breach case previously covered on this blog: Late last month a jury awarded Mount Olympus Mortgage Company (MOMC) more than $25 million for their claims against Guaranteed Rate (Guaranteed), which alleged Guaranteed along with other former employees of MOMC illegally transferred hundreds of loan files from…
Russian hacker group targetting largest EU banks
SC Magazine reports: The Russian government has begun working with Russia’s Central Bank to develop a package of measures aimed at fighting Buhtrap, the recently discovered hacker group, which, to date, has stolen around RUB 4 billion (£42 million) from Russian and Western banks, and is reportedly planning further attacks on the EU banking system….
‘Inadvertent’ cyber breach hits 44,000 FDIC customers
Joe Davidson reports: In yet another example of fragile security in federal cyber systems, data for 44,000 Federal Deposit Insurance Corp. customers was breached by an employee leaving the agency. The breach occurred in February and was outlined in an internal FDIC memorandum obtained by The Washington Post. The March 18 memo from Lawrence Gross Jr.,…
Sweden Military Servers Hacked, Used in 2013 Attack on US Banks
Sometimes it takes years before we find out more details about a particular attack. On Friday, AFP reported that the source of months-long DDoS attacks on U.S. banks in 2012-2013 were compromised Swedish military computers that were used to launch the attacks. An Iranian hacktivist group had claimed responsibility for the attacks. Speaking to AFP, military…
NY: Ringleader In Orange County Bank Fraud And Identity-Theft Scheme
There’s an update to a case noted previously on this site. Attorney General Eric T. Schneiderman today announced the sentencing of ringleader Tyrone “Reece” Lee, 29, for running an identity-theft ring that stole over $457,000 from customers of Wachovia Bank (now Wells Fargo) in Newburgh, N.Y. In February, following a trial in Orange County Court,…