Security News

Credit card PINs can be guessed even when covering the ATM pad
2021-10-18 12:00

Researchers have proven it's possible to train a special-purpose deep-learning algorithm that can guess 4-digit card PINs 41% of the time, even if the victim is covering the pad with their hands. The attack requires the setting up of a replica of the target ATM because training the algorithm for the specific dimensions and key spacing of the different PIN pads is crucially important.

Dark web prices drop for credit cards but soar for PayPal accounts
2021-09-08 18:26

A new report from consumer website Comparitech looks at dark web selling prices for credit cards and PayPal accounts in particular. Credit cards are sold on the dark web either as digital items or physical clones of real cards.

1M Stolen Credit Cards Hit Dark Web for Free
2021-08-10 13:47

Threat actors have leaked 1 million stolen credit cards for free online as a way to promote a fairly new and increasingly popular cybercriminal site dedicated toselling payment-card credentials. The leaked credit cards include the following fields: Credit-card number, expiration date, CVV, name, country, state, city, address, ZIP code, email and phone number, according to threat actors.

One million stolen credit cards leaked to promote carding market
2021-08-09 22:19

A threat actor is promoting a new criminal carding marketplace by releasing one million credit cards stolen between 2018 and 2019 on hacking forums. Carding is the trafficking and use of stolen credit cards.

Credit-card-stealing, backdoored packages found in Python's PyPI library hub
2021-08-02 18:58

Malicious libraries capable of lifting credit card numbers and opening backdoors on infected machines have been found in PyPI, the official third-party software repository for Python. A package dubbed noblesse, and five variants, would, we're told, look on Windows systems for Discord authentication tokens, and browser-stored credit card numbers, and siphon them off to remote systems.

PyPI packages caught stealing credit card numbers, Discord tokens
2021-07-30 12:18

The Python Package Index registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting code execution capabilities to attackers. Malware steals credit card numbers, browser files, Discord tokens.

Magecart Hackers Hide Stolen Credit Card Data Into Images for Evasive Exfiltration
2021-07-11 21:00

Cybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within comment blocks and encoding stolen credit card data into images and other files hosted on the server, once again demonstrating how the attackers are continuously improving their infection chains to escape detection. "One tactic that some Magecart actors employ is the dumping of swiped credit card details into image files on the server [to] avoid raising suspicion," Sucuri Security Analyst, Ben Martin, said in a write-up.

FIN7 Supervisor Gets 7-Year Jail Term for Stealing Millions of Credit Cards
2021-06-27 20:04

A Ukrainian national and a mid-​level supervisor of the hacking group known as FIN7 has been sentenced to seven years in prison for his role as a "Pen tester" and perpetuating a criminal scheme that enabled the gang to compromise millions of customers debit and credit cards. FIN7, also called Anunak, Carbanak Group, and the Navigator Group, is said to have engaged in a sophisticated malware campaign at least since 2015 targeting restaurant, gambling, and hospitality industries in the U.S. to plunder credit and debit card numbers that were then used or sold for profit on underground forums.

Mercedes-Benz data breach exposes SSNs, credit card numbers
2021-06-25 19:26

Mercedes-Benz USA has just disclosed a data breach impacting some of its customers. The company assessed 1.6 million customer records which included customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact.

Eggfree Cake Box suffer data breach exposing credit card numbers
2021-06-17 21:47

Eggfree Cake Box has disclosed a data breach after threat actors hacked their website to stole credit card numbers. Cake Box is a UK chain of stores selling fresh cream celebration cakes made without eggs.