Tesco Bank has been hit with a £16.4 million ($21.3 million) fine by the U.K.'s Financial Conduct Authority for failing to prevent and more rapidly block thousands of fraudulent transactions that drained £2.3 million ($3 million) directly from customers' bank accounts.
Facebook says that whoever hacked 50 million user accounts, putting the privacy of those users' personal data at risk, did so by abusing its "View As" privacy feature. Facebook says the attack successfully targeted three separate bugs in its video-uploading functionality.
A cybercrime gang called "Silence," which appears to have just two members, has been tied to attacks that have so far stolen at least $800,000, in part via ATM jackpotting or "cash out" attacks, warns cybercrime investigation firm Group-IB.
The FBI warns that cybercriminals are planning a large-scale operation aimed at emptying ATMs, a type of attack that has caused swift and costly losses for financial institutions. The attack may utilize data from a breach of an unknown card issuer, the FBI says.
The annual Infosecurity Europe conference returns to London this week, with a focus on the latest cybersecurity trends and essential practices for organizations. Hot topics range from artificial intelligence and breach response to GDPR and battling cybercriminals and nation-states.
Following 33 arrests, police in Europe say they have dismantled a Romanian-led crime gang that used phishing attacks, online scams and fake invoices to steal more than $9 million from victims in Spain, including individuals as well as organizations ranging from hospitals to government agencies.
Great news: "SunTrust to offer free identity protection ... at no cost on an ongoing basis." Of course, nothing comes for free, at least for 1.5 million customers of the Atlanta bank, whose personal details may have been sold to criminals by a former employee.
Thirty-four companies have signed on to the Microsoft-led Cybersecurity Tech Accord, which is aimed at protecting civilians from cybercriminal and state-sponsored attacks. The agreement crucially includes a pledge not to help governments with cyberattacks
The Department of Justice has charged two men, arrested in Connecticut near the scene of a jackpotting attack against a drive-up ATM, with bank fraud stemming from a malware attack. Police say they recovered $9,000 in $20 bills, as well a black box and other equipment from the suspects' car.
U.S. Secret Service alert: For the first time, malware-using fraudsters have been draining U.S. ATMs of their cash via what's known as a jackpotting or cash-out attack. Two older models of ATMs made by Diebold Nixdorf appear to have been targeted.
Security teams are scrambling to put in place fixes for the Meltdown and Spectre flaws. But Windows users report that Microsoft's security fix for the flaws has been freezing some PCs built with CPUs from chipmaker AMD. Here are workarounds.
Criminals in Mexico have added endoscopes to their ATM-attack toolkits, warns cash-machine manufacturer NCR. Pairing endoscopes with "black box" attacks can enable criminals to defeat sensors and instruct an ATM to dispense all of its cash.
Equifax ex-CEO Richard Smith asserts that a single employee's failure to heed a security alert led to the company failing to install a patch on a critical system, which was subsequently exploited by hackers. But his claim calls into question whether poor patch practices and management failures were the norm.
Attackers are increasingly hacking into banks' networks to gain access to the IT infrastructure connected to their ATMs, security experts warn. Attackers push malware onto ATMs that's designed to allow money mules to "jackpot" or "cash out" the machines, then delete itself.
If the Equifax breach turns out like every other massive data breach we've seen for more than a decade, after a big brouhaha - from Congress, state attorneys general, consumer rights groups and class-action lawsuits - nothing will change, because that would require Congress to give Americans more privacy rights.