Security Flaw Puts UK Bank Customers At Risk

Uploaded on 2019-03-30 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Royal Bank of Scotland (RBS) customers have been put at risk of cyber-attack after being recommended flawed security software. Since January, the banking group has begun to offer its business banking customers a product called Thor Foresight Enterprise free of charge.

Heimdal Security sells it as "next generation protection" against cyber-threats. Security researchers uncovered a flaw in it that made customers less secure. 

The bug has now been fixed with Heimdal Security estimating that about 50,000 people were using the vulnerable software. RBS said it had only affected NatWest customers as it was not yet being offered to its RBS and Ulster banks. The company would not disclose how many of its customers would have been at risk.

Fallen Short
Pen Test Partners discovered the security flaw which they say is extremely serious.Security Researcher Ken Munro told the BBC: "We were able to gain access to a victim's computer very easily. Attackers could have had complete control of that person's emails, internet history and bank details." 

"To do this we had to intercept the user's internet traffic but that is quite simple to do when you consider the unsecured public Wi-FI out there, and it's often all too easy to compromise home Wi-FI set ups.

"Heimdal Thor is security software that runs at a high level of privilege on a user's machine. It's essential that it is held to the highest possible standards. We feel they have fallen far short."

The security software acts as a filter and aims to spot and stop common cyber-attacks that try to steal data or lock it away in ransomware. Heimdal was quick to respond to the discovery and has now fixed the flaw and thanked the security researchers for disclosing the bug. In a statement, Heimdal's chief executive Morten Kjaersgaard said: "We naturally treat information like this very seriously. We issued a fix and automatically updated 97% of all affected endpoints within four days of being informed, and the rest shortly after."

The company said that the vulnerability was only "in the wild" for about three weeks and affected around 50,000 computers, 8% of the number of machines running the Thor software.

An RBS spokesperson said: "We were made aware of a potential software issue that could apply to a small number of our early-adopting customers."

The banking group praised Heimdal's speed in fixing the issue and went on to claim that "no customers suffered any adverse consequences".

BBC

You Might Also Read: 

Bank of England Testing Banks' Cyber Resilience:

 

 

« Company Directors Must Become Cyber Aware
Facebook Removes Suspicious Accounts For 'inauthentic behavior' »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Pen Test Partners LLP

Pen Test Partners LLP

Pen Test Partners provides penetration testing, security assessment and training services.

CDNetworks

CDNetworks

CDNetworks is a global content delivery network with a fully integrated cloud security solution, offering unparalleled speed, security and reliability for the almost instant delivery of web content.

UL

UL

UL is a safety, security and compliance consulting and certification company. Areas covered include cyber security.

VivoSecurity

VivoSecurity

VivoSecurity is a pioneer in cyber risk quantification based on data science. Our products and services help organizations achieve optimal information security and GRC programs.

Sikur

Sikur

Sikur have developed a communication platform that sets new boundaries for corporate privacy and security.

HoxHunt

HoxHunt

HoxHunt is an automated cyber training program that transforms the way your employees react and respond to the growing amount of phishing emails.

ECOS Technology

ECOS Technology

ECOS Technology specializes in the development and sale of IT solutions for high-security remote access as well as the management of certificates and smart cards.

Digital Innovation Hub Slovenia (DIH)

Digital Innovation Hub Slovenia (DIH)

DIH Slovenia is a central hub providing services to grow digital competencies in areas including robotics, IoT, cyberphysical systems and cybersecurity.

Corvid

Corvid

Corvid is an experienced team of cyber security experts who are passionate about delivering innovative, robust and extensive defence systems to help protect businesses against cyber threats.

Scout Ventures

Scout Ventures

Scout Ventures is an early stage venture capital firm that is making the world a better, safer place by cultivating standout frontier technologies.

Cyber Risk Institute (CRI)

Cyber Risk Institute (CRI)

CRI is a not-for-profit coalition of financial institutions and trade associations working to protect the global economy by enhancing cybersecurity and resiliency through standardization.

LANCOM Systems

LANCOM Systems

LANCOM Systems is the leading European manufacturer of secure, reliable and future-proof networking (WAN, LAN, WLAN) and firewall solutions for the public and private sectors.

Entro Security

Entro Security

Entro is the first holistic secrets security platform that detects, safeguards, and enriches with context your secrets across code, vaults, chats, and platforms.

Oz Forensics

Oz Forensics

Oz Forensics is a global leader in preventing biometric and deepfake fraud. It is a developer of facial Liveness detection for Antifraud Biometric Software with high expertise in the Fintech market.

Espria

Espria

Espria is a leading independent managed service provider with expertise in Cloud, IT, Communications and Document Solutions.

Razilio

Razilio

Razilio is a boutique cybersecurity consultancy located in Sydney, Australia and serving the world.