Security News

See Tickets discloses 2.5 years-long credit card theft breach
2022-10-25 19:46

According to a data breach notification shared with the Montana Attorney General's office, See Tickets discovered the breach in April 2021, when they started an investigation with the help of a forensics firm. After engaging with forensic experts and Visa, MasterCard, American Express, and Discover to investigate the incident further, See Tickets concluded on September 12, 2022, that unauthorized parties may have accessed customer credit card information.

Cybercriminals Used Two PoS Malware to Steal Details of Over 167,000 Credit Cards
2022-10-25 11:33

Two point-of-sale malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. While a significant proportion of attacks aimed at gathering payment data rely on JavaScript sniffers stealthily inserted on e-commerce websites, PoS malware continues to be an ongoing, if less popular, threat.

Payment terminal malware steals $3.3m worth of credit card numbers – so far
2022-10-24 22:11

Cybercriminals have used two strains of point-of-sale malware to steal the details of more than 167,000 credit cards from payment terminals. The security firm's threat intelligence unit identified the C2 server in April, and determined the operators stole payment info belonging to tens of thousands of credit card holders between February 2021 and September 8, 2022.

Store credit card numbers in a debug log, lose millions of accounts. Cost? $1.9m
2022-10-14 19:37

Online retailer Zoetop will fork out $1.9 million after account data belonging to 46 million customers was stolen in 2018. About those hashed passwords: "The method Zoetop had used to hash the passwords left them susceptible to password cracking attacks, through which attackers could identify the original, unhashed password," the New York probe found.

Darkweb market BidenCash gives away 1.2 million credit cards for free
2022-10-09 15:12

A dark web carding market named 'BidenCash' has released a massive dump of 1,221,551 credit cards to promote their marketplace, allowing anyone to download them for free to conduct financial fraud. Carding is the trafficking and use of credit cards stolen through point-of-sale malware, magecart attacks on websites, or information-stealing malware.

LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data
2022-10-07 12:59

Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang. Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with the group operating for over a year with the goal of stealing credit card data as well as user accounts associated with Discord Nitro, gaming, and streaming services.

Upgraded Prilex Point-of-Sale malware bypasses credit card security
2022-09-29 07:05

Security analysts have observed three new versions of Prilex PoS-targeting malware this year, indicating that its authors and operators are back in action. Prilex started as ATM-focused malware in 2014 and it pivoted to PoS devices in 2016.

Multi-million dollar credit card fraud operation uncovered
2022-09-23 10:00

A massive operation that has reportedly siphoned millions of USD from credit cards since its launch in 2019 has been exposed and is considered responsible for losses for tens of thousands of victims. The site operators, thought to originate from Russia, operate an extensive network of bogus dating and customer support websites and use them to charge credit cards bought on the dark web.

Credit Card Fraud That Bypasses 2FA
2022-09-20 11:29

Phones, of course, can be made inaccessible with the use of passwords and face or fingerprint unlocking. Once they have the phone and the card, they register the card on the relevant bank's app on their own phone or computer.

Authorities Shut Down WT1SHOP Site for Selling Stolen Credentials and Credit Cards
2022-09-07 12:56

An international law enforcement operation has resulted in the dismantling of WT1SHOP, an online criminal marketplace that specialized in the sales of stolen login credentials and other personal information. The website peddled over 5.85 million records of personally identifying information, including approximately 25,000 scanned driver's licenses/passports, 1.7 million login credentials for various online shops, 108,000 bank accounts, 21,800 credit cards, the U.S. Justice Department said.