• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
online banks servicing uk's smbs found to have 'serious' security

Online banks servicing UK’s SMBs found to have ‘serious’ security flaws

You are here: Home / General Cyber Security News / Online banks servicing UK’s SMBs found to have ‘serious’ security flaws
February 7, 2023

Shutterstock

Some of the premier on the web banks in the UK have been discovered to have “worrying” security vulnerabilities in their items, leaving the UK enterprises they service, and their shoppers, at risk of cyber attacks.

TSB and Virgin Revenue, the two of which offer you business current accounts for SMBs throughout the country, were found to have serious security issues that could put customers at risk, researchers stated.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Scientists at Red Maple Technologies, performing on behalf of Which?, elevated “several concerns” over TSB security practices in specific, revealing that the financial institution nonetheless asks “basic security questions” to recuperate login details.

In addition, Red Maple reported it observed a likely vulnerable subdomain and two out-of-date web programs. which could location buyers at risk. However, the lender verified that the vulnerable subdomain will be eradicated.  

“[TSB] also missing points for applying SMS-based security, not sending alerts when delicate account alterations have been produced and which includes phone quantities in new-payee notifications,” scientists reported.  

A spokesperson for TSB told the purchaser team that it is continuing to devote in on the internet and cell banking solutions and do the job with “globally-major tech corporations to provide the two security and accessibility” to clients.  

“TSB also tracks properly across the field on fraud prevention,” the spokesperson included.

The researchers examined the cyber defences of 13 recent account providers to level their on the internet and cell banking security. 

Virgin Money obtained the least expensive score for on the internet and application banking, in accordance to Purple Maple’s examination.  

The security agency found 6 outdated web apps, an uncovered IP address, and a subdomain using an out-of-date model of TLS.

Of the six outdated web apps, three contained minor security vulnerabilities, scientists revealed. 

Tiny organization security concerns 

Purple Maple’s investigate on banking security will come amidst a period rife with escalating security challenges for tiny companies throughout the UK.  

Research from Close Brothers very last yr identified that around fifty percent of UK-based mostly SMBs have experienced a cyber attack, with 54% suffering a fiscal reduction.

Ransomware attacks had been highlighted as the most widespread attack process among the SMBs, adopted by phishing attacks.

Amongst all those that endured a cyber attack, the review found that two-thirds have been subjected to amplified incidents in the weeks and months following.

Jasson Casey, CTO at Over and above Identity, claimed the exploration from Red Maple is about, and highlights vulnerabilities which are usually qualified by menace actors.  

“It’s worrying to see this most up-to-date report from Which? which has marked banking institutions down on numerous security measures, together with failing to block weak passwords, sending one-time passcodes and delicate info through SMS,” he mentioned.  

“It’s about time these organisations woke up and mounted their big vulnerabilities. Risk actors are consistently taking advantage of out-of-date security steps that make it uncomplicated, and economical to breach devices.” 

Much more broadly, the fiscal products and services sector has also been subjected to developing threats in recent many years. Recent analysis from Imperva observed that the volume of cyber threats directed in the direction of the economical providers and insurance policy business (FSI) has grown fast above the course of 2022.  

Imperva’s investigation located that throughout 2022, more than a quarter of all cyber attacks (28%) hit FSI companies, double that of the next most-focused sector.  

Top-rated financial institutions for security 

Red Maple investigate pointed out that a variety of foremost UK banking companies boast strong security actions and safety for customers.  

Starling, which provides just one of the UK’s most preferred organization latest accounts, was rated top for security.  

The rapidly-expanding challenger financial institution was followed closely by HSBC, NatWest, and Lloyds – all of which experienced solid security actions to guard buyers. 


Some pieces of this short article are sourced from:
www.itpro.co.uk

Previous Post: «the case for an accelerated device refresh cycle The case for an accelerated device refresh cycle
Next Post: Tackling the New Cyber Insurance Requirements: Can Your Organization Comply? tackling the new cyber insurance requirements: can your organization comply?»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.