Santander downplays 'hack' of PagoFX cash transfer biz, says nothing to worry about

Plus: US govt sanctions Russia for refinery-bothering malware

In brief Spanish financial giant Santander has downplayed claims its international money transfer startup PagoFX was compromised.

At the end of last week, The Register was contacted by an anonymous source who claimed "database schemas, infrastructure docs, digital risk assessments, customer security checks, and Salesforce training material" belonging to PagoFX had been stolen and put up for sale on an underground hacking forum. It is believed the files, nearly 2GB in all, were taken from a third-party software developer used by PagoFX that was compromised.

A Santander spokesperson told us a leak was "detected" in August, though would not comment on any specifics other than to say its core systems are unaffected and "no sensitive personal information or payment data" was accessed. He added that "the claims are quite overstated." Judging from the list of files in the purported leak, it is mostly sample source code, Word docs for internal procedures and cyber-security policies, and so on.

“PagoFX is aware of the claims, however, we can assure customers that none of our internal systems have been compromised and no sensitive personal information or payment data has been accessed," the banking group added in a statement. "Our payments infrastructure remains secure and customers can continue using our services as normal.”

We'll let you know as we get more details. The cyber-intrusion is under investigation by law enforcement.

Are you Nvidia GeForce Experienced? Patch now

Chip biz Nvidia issued a set of patches to close vulnerabilities in its GeForce Experience software, including a flaw (CVE‑2020‑5977) that scored 8.2 on the CVSS scale – not the kind of high score gamers want. The bugs can be exploited to escalate privileges, crash the software, or run arbitrary code.

For example, the GPU giant warned in this advisory: "Nvidia GeForce Experience contains a vulnerability in Nvidia Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure."

US tries to skewer Triton

The US government is calling out Russia for yet another online attack.

In a statement on Friday the US Treasury announced sanctions against the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics, claiming it developed the Triton malware that was used in an effort to physically damage equipment at a Saudi oil and gas facility in 2017.

The malware was designed to give spymasters control of safety systems, and Uncle Sam claims that last year the software nasty probed "at least" 20 American electricity utilities for similar access.

“The Russian government continues to engage in dangerous cyber activities aimed at the United States and our allies,” said Treasury Secretary Steven Mnuchin. “This administration will continue to aggressively defend the critical infrastructure of the United States from anyone attempting to disrupt it.”

Apple OKs Mac malware

Infosec biz Intego claims it has found six cases of the MacOffers malware notarized by Apple to run on macOS.

The malware was dressed up as a Flash update that users are tricked into running, and being notarized by Apple, the software was trusted to run with just a double-click. It then unpacked its hidden payload: adware hidden in a base64-encoded .zip archive file which was itself hidden in a JPEG image file using steganography. This presumably hides the malicious code from antivirus tools, and Apple's notarization process, which is rather less rigorous than its screening of applications for the Mac App Store.

This report comes just months after Intego apparently found Apple had notarized 40 pieces of software containing malware. Some improvement is definitely needed. ®

Similar topics

Other stories you might like

  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading

Biting the hand that feeds IT © 1998–2022