Fraud, Security, Implementation Hurdles With Fast Payment Program The new FedNow service has been hyped as a way to revolutionize the U.S. approach to payments, thanks to the Federal Reserve’s perception as a stable payments network provider and its access to a built-in customer base of thousands of national, regional and community financial institutions. The large volume of banks with access to an instant payments network may lead to a...

How GPT’s Evil Twin Could Be Used in BEC Attacks A black hat AI tool called Worm GPT is being used to improve the efficacy of phishing emails. This is particularly troubling because a recent survey shows that 1 in 5 people fall for the fake, AI-generated emails, according to cybersecurity researchers. Researchers at SlashNext recently assessed WormGPT, an evil twin of OpenAI’s GPT AI model designed specifically for malicious...

Check fraud increased 84% between 2021 and 2022, to 680,000 reported cases, according to the U.S. Department of the Treasury. Part of this growth stems from the fact that check fraud has become easier and more accessible. Cybercrime groups are openly hawking fraudulent check schemes on the Telegram messaging app. Check fraud started rising during the COVID-19 pandemic partially due to stimulus programs. Criminals made easy money by stealing...

A third-party security study commissioned by Duo Security/Cisco highlights the five most-impactful security activities for an organization. This study builds on one that was previously commissioned in 2020. Broadly speaking, the study focuses on two key security areas: prevention and response. For prevention, the two most impactful areas were having a current tech stack, and having that tech stack integrated with your security systems. They...

The enhanced security provided by EMV chips has significantly impacted card fraud at retail locations. The continued presence of the magnetic stripe as a backup leads to continuing fraud losses. However, as always, where there’s a will, there’s a way, and criminals continue to use a variety of ways to obtain and exploit card information. Several of these ways continue to rely on the presence of the magnetic strip in order to either obtain...

Chinese Hackers and Others Increasingly Favor Unpatched Vulnerabilities According to security researchers, last year was another bonanza in zero-days for Chinese state hackers. They’re also predicting a permanent uptick in nation-state exploitation of yet-unpatched vulnerabilities. Data taken from original research by cybersecurity firm Mandiant and open-source reporting suggests zero-day exploitation fluctuates from year to year but is...

After Surge in 2nd Half, 1,802 Breach Notifications Issued in 2022; Over 440 Million Individuals Affected After a slow start, likely due to geopolitical factors, 2022 was another bumper year for data breaches in the United States. U.S. organizations issued 1,802 data breach notifications in 2022, affecting more than 400 million individuals, the Identity Theft Resource Center reports. That figure is just 60 breaches shy of the 1,862 breaches in...

Bad news for ransomware groups: Experts find that getting a payday is harder as the world fortifies against the onslaught of criminal malware. The good news is that more would-be victims are getting robust defenses in place, including well-rehearsed incident response plans, which make executing a successful attack harder. Also good news, law enforcement agencies mobilize earlier to assist victims, and by doing so, they’re learning better...

Trojan Impersonates More Than 400 Financial and Crypto Exchange Apps The Godfather banking Trojan is causing serious issues in the financial sector due to its ability to mimic the appearance of more than 400 applications, including leading financial and crypto exchange applications. So far, it has targeted institutions in 16 countries. Research from security intelligence firm Group-IB says the Godfather Trojan reappeared in September with...

QBot Backdoor Opens Systems to Loading Cobalt Strike, Ransomware and Other Malware Researchers say the Black Basta group is dropping QBot malware — also called QakBot — in a widespread ransomware campaign targeting mostly U.S.-based companies. QBot malware is a banking Trojan primarily designed to steal banking data, including browser information, keystrokes and credentials. Its previous targets include JPMorgan Chase, Citibank, Bank of...