Security News

The European Cybercrime Centre has again acted against credit card fraud and is poised to reveal success on a similar scale to its 2020 campaign that prevented €40 million of losses. Credit card fraud has also persisted, with crims conducting ongoing campaigns to acquire card numbers and use them to make unauthorised purchases.

Costco Wholesale Corporation has warned customers in notification letters sent this month that their payment card information might have been stolen while recently shopping at one of its stores. Costco discovered the breach after finding a payment card skimming device in one of its warehouses during a routine check conducted by Costco personnel.

Impersonating an Amazon order notification, the attackers end up calling victims to try to obtain their credit card details, says Avanan. A recent campaign spotted by email security provider Avanan spoofs Amazon with both a traditional phishing message and a voice call to try to steal credit card information.

A new Magecart threat actor is stealing people's payment card info from their browsers using a digital skimmer that uses a unique form of evasion to bypass virtual machines so it targets only actual victims and not security researchers. Detecting VMs used by security researchers and sandboxing solutions that are set to pick up Magecart activity is "The most popular method" used to evade detection, Segura said.

SCUF Gaming International, a leading manufacturer of custom PC and console controllers, is notifying customers that its website was hacked in February to plant a malicious script used to steal their credit card information. SCUF Gaming makes high-performance and customized gaming controllers for PCs and consoles, used by both professional and casual gamers.

Researchers have proven it's possible to train a special-purpose deep-learning algorithm that can guess 4-digit card PINs 41% of the time, even if the victim is covering the pad with their hands. The attack requires the setting up of a replica of the target ATM because training the algorithm for the specific dimensions and key spacing of the different PIN pads is crucially important.

A new report from consumer website Comparitech looks at dark web selling prices for credit cards and PayPal accounts in particular. Credit cards are sold on the dark web either as digital items or physical clones of real cards.

Threat actors have leaked 1 million stolen credit cards for free online as a way to promote a fairly new and increasingly popular cybercriminal site dedicated toselling payment-card credentials. The leaked credit cards include the following fields: Credit-card number, expiration date, CVV, name, country, state, city, address, ZIP code, email and phone number, according to threat actors.

A threat actor is promoting a new criminal carding marketplace by releasing one million credit cards stolen between 2018 and 2019 on hacking forums. Carding is the trafficking and use of stolen credit cards.

Malicious libraries capable of lifting credit card numbers and opening backdoors on infected machines have been found in PyPI, the official third-party software repository for Python. A package dubbed noblesse, and five variants, would, we're told, look on Windows systems for Discord authentication tokens, and browser-stored credit card numbers, and siphon them off to remote systems.