Security News

Netherlands orders Apple to offer more App Store payment methods
2021-10-07 13:16

The Authority for Consumers and Markets in the Netherlands is pressing Apple to lift App Store payment restrictions in the country. ACM hasn't published a relevant report on its portal yet, but Reuters claims that the antitrust authority has already warned Apple to lift the in-app payment restrictions over a month ago.

Massive Twitch hack: Source code and payment reports leaked
2021-10-06 13:13

Twitch source code and streamers' and users' sensitive information were allegedly leaked online by an anonymous user on the 4chan imageboard. The leaker shared a torrent link leading to a 120GB archive containing data allegedly stolen from roughly 6,000 internal Twitch Git repositories.

Ransom Disclosure Act would give victims 48 hours to report payments
2021-10-06 08:22

Victims of ransomware attacks in the United States may soon have to report any payments to hackers within 48 hours, according to a new legislation proposal titled the 'Ransom Disclosure Act'. Require ransomware victims to disclose information about ransom payments no later than 48 hours after the date of payment, including the amount of ransom demanded and paid, the type of currency used for payment of the ransom, and any known information about the entity demanding the ransom;.

Apple Pay Can be Abused to Make Contactless Payments From Locked iPhones
2021-10-01 07:15

Cybersecurity researchers have disclosed an unpatched flaw in Apple Pay that attackers could abuse to make an unauthorized Visa payment with a locked iPhone by taking advantage of the Express Travel mode set up in the device's wallet. Express Travel is a feature that allows users of iPhone and Apple Watch to make quick contactless payments for public transit without having to wake or unlock the device, open an app, or even validate with Face ID, Touch ID or a passcode.

Apple Pay with Visa Hacked to Make Payments via Locked iPhones
2021-09-30 15:26

An attacker who steals a locked iPhone can use a stored Visa card to make contactless payments worth up to thousands of dollars without unlocking the phone, researchers are warning. The problem is due to unpatched vulnerabilities in both the Apple Pay and Visa systems, according to an academic team from the Universities of Birmingham and Surrey, backed by the U.K.'s National Cyber Security Centre.

Apple Pay with Visa Hacked to Make Payments via Unlocked iPhones
2021-09-30 15:26

An attacker who steals a locked iPhone can use a stored Visa card to make contactless payments worth up to thousands of dollars without unlocking the phone, researchers are warning. The problem is due to unpatched vulnerabilities in both the Apple Pay and Visa systems, according to an academic team from the Universities of Birmingham and Surrey, backed by the U.K.'s National Cyber Security Centre.

Apple Pay with VISA lets hackers force payments on locked iPhones
2021-09-30 00:37

Academic researchers have found a way to make fraudulent payments using Apple Pay from a locked iPhone with a Visa card in the digital wallet with express mode enabled. Apple Pay solved the problem with Express Transit, a feature that allows a transaction to go through without unlocking the device.

Hackers Targeting Brazil's PIX Payment System to Drain Users' Bank Accounts
2021-09-29 05:08

Two newly discovered malicious Android applications on Google Play Store have been used to target users of Brazil's instant payment ecosystem in a likely attempt to lure victims into fraudulently transferring their entire account balances into another bank account under cybercriminals' control. "The attackers distributed two different variants of banking malware, named PixStealer and MalRhino, through two separate malicious applications [] to carry out their attacks," Check Point Research said in an analysis shared with The Hacker News.

Suex to be you: Feds sanction cryptocurrency exchange for handling payments from 8+ ransomware variants
2021-09-21 19:59

The US Treasury on Tuesday sanctioned virtual cryptocurrency exchange Suex OTC for handling financial transactions for ransomware operators, an intervention that's part of a broad US government effort to disrupt online extortion and related cyber-crime. According to the US Treasury, more than 40 per cent of the firm's known transaction history involves illicit entities, and that it handled payments from at least eight ransomware variants.

Payment API Bungling Exposes Millions of Users’ Payment Data
2021-09-20 19:02

App developers have once again been accused of having butterfingers when it comes to API keys, leaving millions of mobile app users at risk of exposing their personal and payment data. "But like so much of cybersecurity, it's a could-a, should-a situation:"CloudSEK has observed that a wide range of companies - both large and small - that cater to millions of users have mobile apps with API keys that are hardcoded in the app packages," according to CloudSEK researchers Arshit Jain and Sai Ahladini Tripathy.