Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label News. Show all posts
trending news
AI Artificial Intelligence Cyber Security mobile fraud News Payment Fraud trending news

Payment Fraud on the Rise: How Businesses Are Fighting Back with AI

The threat of payment fraud is growing rapidly, fueled by the widespread use of digital transactions and evolving cyber tactics. At its core, payment fraud refers to the unauthorized use of someone’s financial information to make illicit transactions. Criminals are increasingly leveraging hardware tools like skimmers and keystroke loggers, as well as malware, to extract sensitive data during legitimate transactions. 

As a result, companies are under mounting pressure to adopt more advanced fraud prevention systems. Credit and debit card fraud continue to dominate fraud cases globally. A recent report by Nilson found that global losses due to payment card fraud reached $33.83 billion in 2023, with nearly half of these losses affecting U.S. cardholders. 

While chip-enabled cards have reduced in-person fraud, online or card-not-present (CNP) fraud has surged. Debit card fraud often results in immediate financial damage to the victim, given its direct link to bank accounts. Meanwhile, mobile payments are vulnerable to tactics like SIM swapping and mobile malware, allowing attackers to hijack user accounts. 

Other methods include wire fraud, identity theft, chargeback fraud, and even check fraud—which, despite a decline in paper check usage, remains a threat through forged or altered checks. In one recent case, customers manipulated ATM systems to deposit fake checks and withdraw funds before detection, resulting in substantial bank losses. Additionally, criminals have turned to synthetic identity creation and AI-generated impersonations to carry out sophisticated schemes.  

However, artificial intelligence is not just a tool for fraudsters—it’s also a powerful ally for defense. Financial institutions are integrating AI into their fraud detection systems. Platforms like Visa Advanced Authorization and Mastercard Decision Intelligence use real-time analytics and machine learning to assess transaction risk and flag suspicious behavior. 

AI-driven firms such as Signifyd and Riskified help businesses prevent fraud by analyzing user behavior, transaction patterns, and device data. The consequences of payment fraud extend beyond financial loss. Businesses also suffer reputational harm, resource strain, and operational disruptions. 

With nearly 60% of companies reporting fraud-related losses exceeding $5 million in 2024, preventive action is crucial. From employee training and risk assessments to AI-powered tools and multi-layered security, organizations are now investing in proactive strategies to protect themselves and their customers from the rising tide of digital fraud.
Read more »
Smishing attack
cyber attack Data Theft News Smishing attack

Smishing Surge Expected in 2025 Driven by Sophisticated Phishing-as-a-Service Platform

Security researchers are sounding the alarm on a looming global wave of smishing attacks, warning that a powerful phishing-as-a-service (PhaaS) platform named Lucid—run by Chinese-speaking threat actors—is enabling cybercriminals to scale operations across 88 countries. 

According to threat intelligence firm Catalyst, Lucid has evolved from local-level operations into a globally disruptive tool, with a sharp increase in activity anticipated by early 2025. The platform allows attackers to send malicious links via Apple iMessage and Android’s Rich Communication Services, bypassing traditional telecom network filters. It also features a credit card validator, helping criminals confirm stolen financial information in real time. 

Lucid’s architecture offers an automated, subscription-based model that supports customizable phishing campaigns, leveraging anti-detection strategies like IP blocking, user-agent filtering, and time-limited URLs to avoid scrutiny. Threat actors using Lucid are increasingly impersonating trusted entities—such as government agencies, postal services, and toll collection services—to deceive victims and steal sensitive data. 

The U.S. has been hit particularly hard, with smishing scams prompting alerts from the FBI, FTC, state governments, and attorneys general. What sets Lucid apart is its efficiency and scale: researchers say it can send over 100,000 phishing messages per day. Its structure includes roles ranging from administrators to guest users, with weekly licensing options and automatic suspensions for non-renewal. 

These campaigns are notably effective, with a reported success rate of 5%. By operating over the internet and using device fingerprinting and geo-targeted phishing pages, Lucid boosts its reach while staying under the radar. 

It sources phone numbers through data breaches, OSINT, and darknet markets, making it one of the most sophisticated PhaaS platforms today—alongside others like Darcula and Lighthouse. As cybercriminals continue to embrace this plug-and-play model, experts fear smishing will become an even more pervasive threat in the months ahead.
Read more »
Trojan
Android Banking Trojan malware Malware Attack News Trojan

New Android Banking Trojan 'Crocodilus' Emerges as Sophisticated Threat in Spain and Turkey

 

A newly identified Android banking malware named Crocodilus is making waves in the cybersecurity world, with experts warning about its advanced capabilities and targeted attacks in Spain and Turkey. Discovered by Dutch mobile security firm ThreatFabric, the malware represents a major leap in sophistication, emerging not as a prototype but as a fully-developed threat capable of device takeover, remote control, and stealth data harvesting through accessibility services. 

Unlike many early-stage banking trojans, Crocodilus comes armed with a broad range of functionalities from its inception. Masquerading as Google Chrome via a misleading package name ("quizzical.washbowl.calamity"), the malware bypasses Android 13+ restrictions and initiates its attack by requesting accessibility permissions. Once granted, it connects to a command-and-control (C2) server to receive a list of targeted financial applications and corresponding HTML overlays to steal login credentials. 

The malware also targets cryptocurrency users with a unique social engineering strategy. Instead of spoofing wallet login pages, it pushes alarming messages urging users to back up their seed phrases within 12 hours or risk losing access. This manipulative tactic prompts victims to expose their seed phrases, which are then harvested via accessibility logging—giving attackers full access to the wallets. 

Crocodilus operates continuously in the background, monitoring app launches, capturing screen elements, and even intercepting one-time passwords from apps like Google Authenticator. It conceals its malicious activity by muting sounds and deploying a black screen overlay to keep users unaware. Key features include launching apps, removing itself from devices, sending SMS messages, retrieving contacts, requesting device admin rights, enabling keylogging, and modifying SMS management privileges. The malware’s ability to dynamically update C2 server settings further enhances its adaptability. 

ThreatFabric notes that the malware’s sophistication, especially in its initial version, suggests a seasoned developer behind its creation—likely Turkish-speaking, based on code analysis. The emergence of Crocodilus underscores the evolving threat landscape of mobile banking malware, where adversaries are deploying complex and evasive techniques earlier in development cycles. In a related development, Forcepoint reported a separate phishing campaign using tax-themed emails to spread the Grandoreiro banking trojan in Latin America and Spain, indicating a broader uptick in banking malware activity across platforms and regions.
Read more »
trending news
Africa under cyber threats bfsi BFSI cyber security Cyber Security News trending news

Cyber Threats Surge Across Africa’s Financial Sector, Urging Stronger Cybersecurity Defenses

 

In 2024, the financial landscape in Africa has been rocked by a series of high-impact cyberattacks, underscoring the urgent need for enhanced digital defenses across the Banking, Financial Services, and Insurance (BFSI) sector. From Uganda to Zimbabwe and South Africa, institutions are increasingly in the crosshairs of sophisticated cybercriminal groups. One of the most alarming incidents involved the Bank of Uganda, which reportedly lost approximately $16.8 million to an offshore hacking group known as “Waste.” 

In a similar breach of security, ZB Financial Holdings in Zimbabwe suffered a ransomware attack in July that led to substantial data exposure, compromising both customer details and operational systems. South Africa’s Standard Bank also confirmed a recent data breach that affected limited personal and financial data, highlighting how widespread and varied these threats have become. Interpol’s 2024 African Cyberthreat Assessment paints a grim picture—cyberattacks on African businesses surged by 23% in 2023, with ransomware and data breaches being the most prevalent. 

These figures reflect not only a rising frequency but also the growing sophistication of cybercrime on the continent. The IBM 2024 Cost of a Data Breach report further reveals that the average cost of a data breach in South Africa has risen sharply to R53.1 million, a significant jump from R49.45 million the previous year. Historical incidents continue to serve as cautionary tales. The 2020 Experian breach compromised 24 million personal records, while the 2023 Medusa ransomware attack on the Bank of Africa’s Malian unit resulted in the leak of 2TB of sensitive data. 

These events demonstrate the severe financial and reputational risks African financial institutions face. As the sector increasingly adopts technologies such as artificial intelligence, blockchain, and cloud computing, new avenues for cyber exploitation have emerged. Threats like phishing schemes, insider sabotage, and regulatory compliance issues now loom larger than ever before. “Cybercrime is evolving at an alarming rate, and financial institutions in Africa are prime targets,” said Abe Wakama, CEO of IT News Africa. 

“The BFSI Security Summit will offer a vital platform for industry leaders to collaborate, exchange knowledge, and deploy effective strategies to protect their institutions,” he further added. 

Cybersecurity experts and Chief Information Security Officers (CISOs) across the continent are responding by urging a multi-layered approach to digital defense—deploying AI-powered threat detection systems, implementing zero trust security models, and ensuring compliance with key data privacy regulations like South Africa’s Protection of Personal Information Act (POPIA) and the EU’s GDPR. Additional measures such as continuous monitoring, advanced endpoint protection, and robust incident response planning are becoming standard practice. Equally critical are human factors—regular employee training and rigorous penetration testing play a pivotal role in building organizational cyber resilience.
Read more »
Phishing Attacks
Cyber Attacks cyberattacks trending news Netflix cybersecurity News phishing Phishing Attacks

Netflix Users Warned About AI-Powered Phishing Scam

 

Netflix subscribers are being warned about a sophisticated phishing scam circulating via email, designed to steal personal and financial information. 

The deceptive email mimics an official Netflix communication, falsely claiming that the recipient’s account has been put on hold. It urges users to click a link to resolve the issue, which redirects them to a fraudulent login page that closely resembles Netflix’s official site. 

Unsuspecting users are then prompted to enter sensitive details, including their Netflix credentials, home address, and payment information. Cybersecurity experts caution that phishing scams have become more advanced with the rise of AI-driven tactics. 

According to Jake Moore, Global Cybersecurity Advisor at ESET, artificial intelligence has enabled cybercriminals to launch phishing campaigns at an unprecedented scale, making them appear more legitimate while targeting a larger number of users. 

“Despite these advancements, many scams still rely on urgency to pressure recipients into acting quickly without verifying the sender’s authenticity,” Moore explained. 

Users are advised to remain vigilant, double-check email sources, and avoid clicking on suspicious links. Instead, they should visit Netflix directly through its official website or app to verify any account-related issues.
Read more »
Ransomware
cyberattacks trending news Cybersecurity Attack malware News Ransomware

Cisco Talos Uncovers Lotus Blossom’s Multi-Campaign Cyber Espionage Operations

Cisco Talos has uncovered a series of cyber espionage campaigns attributed to the advanced persistent threat (APT) group Lotus Blossom, also known as Spring Dragon, Billbug, and Thrip. 

The group has been active since at least 2012, targeting government, manufacturing, telecommunications, and media sectors in regions such as the Philippines, Vietnam, Hong Kong, and Taiwan. Talos identified Sagerunex, a backdoor tool used exclusively by Lotus Blossom, as the core malware in these campaigns. 

The investigation revealed multiple variants of Sagerunex, evolving from its original form to leverage third-party cloud services such as Dropbox, Twitter, and Zimbra webmail as command-and-control (C2) tunnels, instead of traditional Virtual Private Servers (VPS). This shift helps the group evade detection while maintaining control over infected endpoints. 

The group has been observed gaining persistence on compromised systems by embedding Sagerunex into the system registry and configuring it to run as a service. The malware operates as a dynamic link library (DLL), executed directly in memory to avoid detection. The campaigns also showcase long-term persistence strategies, allowing attackers to remain undetected for months. 

Beyond Sagerunex, Lotus Blossom employs an arsenal of hacking tools to facilitate credential theft, privilege escalation, and data exfiltration. These include a Chrome cookie stealer from GitHub, a customized Venom proxy tool, a privilege adjustment tool, and an archiving tool for encrypting and stealing data. 

Additionally, the group utilizes mtrain V1.01, a modified HTran proxy relay tool, to route connections between compromised machines and external networks. The attack chain follows a structured multi-stage approach, starting with reconnaissance commands such as “net,” “tasklist,” “ipconfig,” and “netstat” to gather system details. 

If an infected machine lacks direct internet access, the attackers leverage proxy settings or the Venom tool to establish connectivity. A notable tactic involves storing malicious tools in the “public\pictures” subfolder, a non-restricted directory, to avoid detection.

Talos’ research underscores the growing sophistication of Lotus Blossom, which continues to refine its techniques and expand its capabilities. With high confidence, Cisco attributes these campaigns to Lotus Blossom, highlighting its sustained cyber espionage operations against high-value targets.
Read more »
News
Cyber Security Cyber Threats Cybersecurity Attack financial attack News

Lending App Data Breach Leaves Sensitive Customer Information Unprotected

 

A major digital lending platform has reportedly exposed sensitive customer data due to a misconfigured Amazon AWS S3 bucket that was left unsecured without authentication. Security researchers discovered the breach on November 28, 2024, but the issue remained unresolved until January 16, 2025, leaving the data vulnerable for over a month. While there is no direct evidence that cybercriminals accessed the information, experts warn that only a thorough forensic audit could confirm whether any unauthorized activity took place.  

The exposed data reportedly includes Know Your Customer (KYC) documents, which financial institutions use to verify identity, address, and income details. This type of information is particularly valuable to cybercriminals, as it can be exploited to fraudulently obtain loans, orchestrate identity theft, or carry out sophisticated social engineering attacks. 

According to researchers, attackers could leverage leaked loan agreements or bank details to manipulate victims into making unauthorized payments or providing further account verification. Furthermore, such personal data often ends up being aggregated and sold on the dark web, amplifying risks for affected individuals and making it harder to protect their privacy. 

To minimize the risks associated with such breaches, experts recommend monitoring bank statements and transaction histories for any suspicious activity and immediately reporting irregularities to financial institutions. Users are also advised to set strong, unique passwords for different accounts, especially those containing financial or sensitive information, and to update them immediately if a breach is suspected. Enabling multi-factor authentication (MFA) adds an extra layer of security and can significantly reduce the likelihood of unauthorized access. 

Another major concern following such incidents is the increased likelihood of social engineering attacks like phishing, where criminals use leaked data to craft convincing fraudulent messages. Attackers may impersonate banks, service providers, or even personal contacts to trick victims into revealing sensitive details, clicking malicious links, or scanning fraudulent QR codes. 

Users should remain cautious of unexpected emails or messages, verify the sender’s identity before clicking any links, and contact companies directly through their official websites. It is crucial to remember that banks and legitimate financial institutions will never request sensitive account details via phone or email or ask customers to transfer funds to another account.
Read more »
trending news
Cybersecurity Attack malware News online threats trending news

Beware of Fake Viral Video Links Spreading Malware

 

McAfee Labs has uncovered a rise in cyber scams where fraudsters use fake viral video links to trick people into downloading malware. These attacks rely on social engineering, enticing users with promises of exclusive or leaked content. 

Once a user clicks on the deceptive link, they are redirected through several malicious websites before unknowingly downloading a harmful file. The scheme typically begins with a fake message or document containing a link to a trending video. Clicking the link leads to an unsafe website filled with misleading advertisements, fake download buttons, and sometimes adult content. 

These sites trick users into downloading a file—often a ZIP folder—that seems harmless but actually contains malware hidden within a password-protected archive. Once downloaded and extracted, the file reveals a setup program that, when executed, launches the malware. To make it appear legitimate, a CAPTCHA screen is displayed first. 

However, once the user clicks “OK,” the malware installs itself discreetly, injecting harmful files into the system and running hidden processes that steal data or compromise the device. While McAfee’s security measures have intercepted many such attacks, experts warn that these scams continue to evolve. 

Cybercriminals use clickbait tactics to manipulate people’s curiosity, making it crucial to stay vigilant. To protect yourself, avoid clicking on links that claim to provide exclusive or leaked videos, as these are often traps designed to distribute malware. 

Be cautious of unfamiliar websites that prompt you to download files, as they may contain hidden threats. Always scan downloaded files with reliable security software before opening them. Additionally, keep your antivirus software updated to ensure real-time protection against emerging cyber threats. Since online scams are constantly evolving, staying informed and cautious is the best defense against potential cyber risks.
Read more »
Subscribe to: Posts (Atom)