U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

British banks downplay security breaches

Banks and financial institution in the UK are reportedly failing to disclose the full extent security breaches they are experiencing. UK banks are reportedly failing to disclose the full extent of the number and nature of security incidents they are experiencing due to a fear of financial punishment and negative publicity. Banking execs and security […]

Xsolis

Banks and financial institution in the UK are reportedly failing to disclose the full extent security breaches they are experiencing.

UK banks are reportedly failing to disclose the full extent of the number and nature of security incidents they are experiencing due to a fear of financial punishment and negative publicity.

Banking execs and security experts have stated that the banks are using grey areas in reporting structures in order to downplay the extent of which they are being targeted on a daily basis.

According the UK’s financial regulation authority, the FSA, where banks have an obligation to report any incident to, have claimed last month that last year there were only a total of 75 incidents.

This in itself is a marked increase from the declared 27 in 2015 and 5 in 2014. Any active members of the security industry will recognize these figures as incredibly low and unrealistic given the nature of today’s security and malware environment.

“Banks are dramatically under-reporting attacks, they do what’s legally required but out of embarrassment or fear of punishment they aren’t giving the whole picture,” was the claim from an anonymous source within the cyber security space of the banking sector.

security breaches

Mark James, a security specialist from ESET stated “Reporting every one of those attempts would indeed clog systems with lots of unnecessary information and I’m sure there will be a lot that never makes the light of day,”

He went on to add “However, the problem of course is perceived security, as more and more breaches happen and more malware is being used to target financial systems, then the damage caused when things go wrong can be so great decisions will be made to keep it quiet. However, with the public becoming more aware of the damage caused by lapsed security, this may influence the decision on who is to look after their savings and daily finances in the future.”

These figures could be set to change as the reporting parameters are expected to be tightened with the imminent EU General Data Protection Regulation (GDPR) which will introduce a mandatory reporting structure that all UK banks and lenders will be compelled to comply with.

This will require mandatory notification within 72 hours of security breaches and will instate the possibility of fines of up to £18M GBP or 4% of annual turnover for what’s deemed as a serious non-compliance and infractions.

Written by: Steven Boyd

Steven Boyd

Steven is a security consultant, researcher, ethical hacker and freelance writer with over 16 years of experience in the industry. He has provided security consultancy to some of the world’s biggest banks, the private sector as well as public services and defense. He is the owner and creator of security blog www.CybrViews.com.

Twitter: @CybrViews

 

 

 

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – security breaches, cyber security)