Tag Archive for: finance
China suspected in hack of critical entities – Finance & Commerce
RICHMOND, Va. — A cyberespionage campaign blamed on China was more sweeping than previously known, with suspected state-backed hackers exploiting a device meant to boost internet security to penetrate the computers of critical U.S. entities.
The hack of Pulse Connect Secure networking devices came to light in April, but its scope is only now starting to become clear. The Associated Press has learned that the hackers targeted telecommunications giant Verizon and the country’s largest water agency. News broke earlier this month that the New York City subway system, the country’s largest, was also breached.
Security researchers say dozens of other high-value entities that have not yet been named were also targeted as part of the breach of Pulse Secure, which is used by many companies and governments for secure remote access to their networks.
It’s unclear what sensitive information, if any, was accessed. Some of the targets said they did not see any evidence of data being stolen. That uncertainty is common in cyberespionage and it can take months to determine data loss, if it is ever discovered. Ivanti, the Utah-based owner of Pulse Connect Secure, declined to comment on which customers were affected.
But even if sensitive information wasn’t compromised, experts say it is worrisome that hackers managed to gain footholds in networks of critical organizations whose secrets could be of interest to China for commercial and national security reasons.
“The threat actors were able to get access to some really high-profile organizations, some really well-protected ones,” said Charles Carmakal, the chief technology officer of Mandiant, whose company first publicized the hacking campaign in April.
The Pulse Secure hack has largely gone unnoticed while a series of headline-grabbing ransomware attacks have highlighted the cyber vulnerabilities to U.S. critical infrastructure, including one on a major fuels pipeline that prompted widespread shortages at gas stations. The U.S. government is also still investigating the fallout of the SolarWinds hacking campaign launched by Russian cyber spies, which infiltrated dozens of private sector companies and think tanks as well…
Intertrust Releases 2021 Report on Mobile Finance App Security | Business
SAN FRANCISCO–(BUSINESS WIRE)–Jun 2, 2021–
Intertrust, the pioneer in digital rights management (DRM) technology and leading provider of application security solutions, today released its 2021 State of Mobile Finance App Security Report. The report reveals that 77% of financial apps have at least one serious vulnerability that could lead to a data breach.
This report comes at a time where finance mobile app usage has rapidly accelerated, with the number of user sessions in finance apps increasing by up to 49% over the first half of 2020. Over the same period, cyberattacks against financial institutions rose by 118%, according to VMware.
The study’s overall findings suggest that while the COVID-19 pandemic accelerated the world’s shift to digital financial channels and innovative technologies like mobile contactless payments, mobile financial application security is not keeping up.
Cryptographic issues pose one of the most pervasive and serious threats, with 88% of analyzed apps failing one or more cryptographic tests. This means the encryption used in these financial apps can be easily broken by cybercriminals, potentially exposing confidential payment and customer data and putting the application code at risk for analysis and tampering.
Other main findings include:
- One or more security flaws were found in every app tested
- 84% of Android apps and 70% of iOS apps have at least one critical or high severity vulnerability
- 81% of finance apps leak data
- 49% of payment apps are vulnerable to encryption key extraction
- Banking apps contain more vulnerabilities than any other type of finance app
- Nearly three-quarters of high severity threats could have been mitigated using application protection technologies such as code obfuscation, tampering detection, and white-box cryptography
The report analyzed over 150 mobile finance applications split evenly between iOS and Android and delivers insights from four major financial sectors: payments, banking, investment/trading, and lending. The apps investigated originated in the U.S., UK, EU, Southeast Asia, and India. They were analyzed using an array of static application security testing (SAST) and dynamic…