Security Flaw Puts UK Bank Customers At Risk

Uploaded on 2019-03-30 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Royal Bank of Scotland (RBS) customers have been put at risk of cyber-attack after being recommended flawed security software. Since January, the banking group has begun to offer its business banking customers a product called Thor Foresight Enterprise free of charge.

Heimdal Security sells it as "next generation protection" against cyber-threats. Security researchers uncovered a flaw in it that made customers less secure. 

The bug has now been fixed with Heimdal Security estimating that about 50,000 people were using the vulnerable software. RBS said it had only affected NatWest customers as it was not yet being offered to its RBS and Ulster banks. The company would not disclose how many of its customers would have been at risk.

Fallen Short
Pen Test Partners discovered the security flaw which they say is extremely serious.Security Researcher Ken Munro told the BBC: "We were able to gain access to a victim's computer very easily. Attackers could have had complete control of that person's emails, internet history and bank details." 

"To do this we had to intercept the user's internet traffic but that is quite simple to do when you consider the unsecured public Wi-FI out there, and it's often all too easy to compromise home Wi-FI set ups.

"Heimdal Thor is security software that runs at a high level of privilege on a user's machine. It's essential that it is held to the highest possible standards. We feel they have fallen far short."

The security software acts as a filter and aims to spot and stop common cyber-attacks that try to steal data or lock it away in ransomware. Heimdal was quick to respond to the discovery and has now fixed the flaw and thanked the security researchers for disclosing the bug. In a statement, Heimdal's chief executive Morten Kjaersgaard said: "We naturally treat information like this very seriously. We issued a fix and automatically updated 97% of all affected endpoints within four days of being informed, and the rest shortly after."

The company said that the vulnerability was only "in the wild" for about three weeks and affected around 50,000 computers, 8% of the number of machines running the Thor software.

An RBS spokesperson said: "We were made aware of a potential software issue that could apply to a small number of our early-adopting customers."

The banking group praised Heimdal's speed in fixing the issue and went on to claim that "no customers suffered any adverse consequences".

BBC

You Might Also Read: 

Bank of England Testing Banks' Cyber Resilience:

 

 

« Company Directors Must Become Cyber Aware
Facebook Removes Suspicious Accounts For 'inauthentic behavior' »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

HANDD Business Solutions

HANDD Business Solutions

HANDD are independent specialists in data protection with expertise at every stage of the Protect, Detect and Respond cycle, from consultancy and design, right through to installation.

Nordic IT Security

Nordic IT Security

Nordic IT Security is a cyber security business forum in Scandinavia bringing together the converging worlds of IT, Cyber and Information Security.

Syhunt Security

Syhunt Security

Syhunt is a leading player in the web application security field, delivering its assessment tools to a range of organizations across the globe.

WetStone Technologies

WetStone Technologies

WetStone develops software solutions that support investigators and analysts engaged in eCrime Investigation, eForensics and incident response activities.

Virtru

Virtru

Virtru's Data Protection platform protects and controls sensitive information regardless of where it's been created, stored or shared.

Slovak National Accreditation Service (SNAS)

Slovak National Accreditation Service (SNAS)

SNAS is the national accreditation body for Slovakia. The directory of members provides details of organisations offering certification services for ISO 27001.

MythX

MythX

MythX is the premier security analysis service for Ethereum smart contracts.

Aujus Cybersecurity

Aujus Cybersecurity

Aujas is a pure-play cyber security services company with deep expertise in Identity and Access Management, Managed Security and Security Testing services.

BaXian Group

BaXian Group

BaXian AG is an international consulting company specializing in IT security, data analytics, risk management and compliance.

Tuta

Tuta

Tuta (formerly Tutanota) is an all-in-one email, calendar and contacts app which protects your data with full end-to-end encryption and it requires zero personal information.

iVision

iVision

iVision is a technology integration and management firm that engineers success for clients through objective recommendations, process and technology expertise and best-of-breed guidance.

AVEVA

AVEVA

AVEVA has a long history in providing Supervisory Control and Data Acquisition software for meeting complex and evolving automation requirements.

Xobee Networks

Xobee Networks

Xobee Networks is a Managed Service Provider of innovative, cost-effective, and cutting-edge technology solutions in California.

Theta

Theta

Theta is a New Zealand owned technology consultancy. Our team of over 330 experienced professionals help organisations transform with technology.

Sev1Tech

Sev1Tech

Sev1Tech is a leading provider of IT modernization, cloud, cybersecurity, engineering, fielding, training, and program support services.

ITConnexion

ITConnexion

ITConnexion is an Australian-based Managed IT Service with over 20 years of experience. We offer a complete IT management service for non-profits, SMEs, and enterprises.