Attacks/Breaches

2/20/2018
02:30 PM
50%
50%

SWIFT Network Used in $2 Million Heist at Indian Bank

The theft at India's City Union Bank comes on the heels of news that attackers stole $6 million from a Russian bank via SWIFT network last year.

In an attack reminiscent of the one on Bangladesh Bank in 2016, attackers this weekend made $2 million in unauthorized transfers from India's City Union Bank via the SWIFT financial network, Reuters reports. One of the transfers, for $500,000, was stopped.

The attack comes on the heels of a Friday report that an unnamed Russian bank had suffered a $6 million theft via the SWIFT network last year, and reports last week that insiders at India's Punjab National Bank had conspired in a $1.8 billion fraud case. 

The unauthorized transfers from City Union Bank - which were being made to lenders in Dubai, Turkey, and China through City Union Bank's correspondent financial institutions - were discovered by a private lender Saturday. 

City Union's CEO N. Kamakodi told Reuters there is "so far no evidence of any internal staff involvement," but said "we are very clear now the account holders are part of this conspiracy."

The Committe on Payments and Market Infrastructure, in September, called for greater security of inter-bank messaging services like SWIFT.  

For more information, click here.

 

 

Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Google to Delete 'Secure' Label from HTTPS Sites
Kelly Sheridan, Staff Editor, Dark Reading,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-2598
PUBLISHED: 2018-05-23
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
CVE-2018-1124
PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution ...
CVE-2018-1126
PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
CVE-2018-11396
PUBLISHED: 2018-05-23
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
CVE-2018-8176
PUBLISHED: 2018-05-23
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office.