Santander downplays 'hack' of PagoFX cash transfer biz, says nothing to worry about

Plus: US govt sanctions Russia for refinery-bothering malware


In brief Spanish financial giant Santander has downplayed claims its international money transfer startup PagoFX was compromised.

At the end of last week, The Register was contacted by an anonymous source who claimed "database schemas, infrastructure docs, digital risk assessments, customer security checks, and Salesforce training material" belonging to PagoFX had been stolen and put up for sale on an underground hacking forum. It is believed the files, nearly 2GB in all, were taken from a third-party software developer used by PagoFX that was compromised.

A Santander spokesperson told us a leak was "detected" in August, though would not comment on any specifics other than to say its core systems are unaffected and "no sensitive personal information or payment data" was accessed. He added that "the claims are quite overstated." Judging from the list of files in the purported leak, it is mostly sample source code, Word docs for internal procedures and cyber-security policies, and so on.

“PagoFX is aware of the claims, however, we can assure customers that none of our internal systems have been compromised and no sensitive personal information or payment data has been accessed," the banking group added in a statement. "Our payments infrastructure remains secure and customers can continue using our services as normal.”

We'll let you know as we get more details. The cyber-intrusion is under investigation by law enforcement.

Are you Nvidia GeForce Experienced? Patch now

Chip biz Nvidia issued a set of patches to close vulnerabilities in its GeForce Experience software, including a flaw (CVE‑2020‑5977) that scored 8.2 on the CVSS scale – not the kind of high score gamers want. The bugs can be exploited to escalate privileges, crash the software, or run arbitrary code.

For example, the GPU giant warned in this advisory: "Nvidia GeForce Experience contains a vulnerability in Nvidia Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure."

US tries to skewer Triton

The US government is calling out Russia for yet another online attack.

In a statement on Friday the US Treasury announced sanctions against the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics, claiming it developed the Triton malware that was used in an effort to physically damage equipment at a Saudi oil and gas facility in 2017.

The malware was designed to give spymasters control of safety systems, and Uncle Sam claims that last year the software nasty probed "at least" 20 American electricity utilities for similar access.

“The Russian government continues to engage in dangerous cyber activities aimed at the United States and our allies,” said Treasury Secretary Steven Mnuchin. “This administration will continue to aggressively defend the critical infrastructure of the United States from anyone attempting to disrupt it.”

Apple OKs Mac malware

Infosec biz Intego claims it has found six cases of the MacOffers malware notarized by Apple to run on macOS.

The malware was dressed up as a Flash update that users are tricked into running, and being notarized by Apple, the software was trusted to run with just a double-click. It then unpacked its hidden payload: adware hidden in a base64-encoded .zip archive file which was itself hidden in a JPEG image file using steganography. This presumably hides the malicious code from antivirus tools, and Apple's notarization process, which is rather less rigorous than its screening of applications for the Mac App Store.

This report comes just months after Intego apparently found Apple had notarized 40 pieces of software containing malware. Some improvement is definitely needed. ®


Biting the hand that feeds IT © 1998–2020