Security News
The U.S. Justice Department this week announced indictments against 22 individuals who allegedly purchased and used payment cards stolen from a national retail chain. Using point-of-sale malware installed at multiple retail locations of the target company, threat actors stole information of over three million payment cards, including credit, debit, and gift cards used at over 400 of the company's retail stores.
Colonial Pipeline chief executive Joseph Blount has confirmed the company shelled out $4.4 million to purchase a decryption key to recover from the disruptive ransomware attack that caused gasoline shortages in parts of the U.S. A Wall Street Journal report said Colonial Pipeline made the $4.4 million payment on the evening of May 7 in the form of bitcoin. "Colonial Pipeline is critical to the economic and national security of our nation," a company spokesperson told SecurityWeek.
Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a ransomware cyber attack. The announcement from the group comes roughly a week after AXA stated that they would be dropping reimbursement for ransomware extortion payments when underwriting cyber-insurance policies in France.
In emails sent by NatWest and seen by BleepingComputer, the system malfunction meant that the standing orders set up by banking customers over a period of 11 months did not correctly record the number of automated payments that were to be debited, or on what dates should the debits stop. This means automated payments could have continued to be made from the customer accounts, even after a standing order had expired, costing customers money.
In emails sent by NatWest and seen by BleepingComputer, the system malfunction meant that the standing orders set up by banking customers over a period of 11 months did not correctly record the number of automated payments that were to be debited, or on what dates should the debits stop. This means automated payments could have continued to be made from the customer accounts, even after a standing order had expired, costing customers money.
Riskified announced the launch of the latest version of Deco, a real-time solution for recovering orders lost to card-not-present payment authorization failures. "Payment authorization failures are a significant, often hidden, source of revenue loss for eCommerce merchants," said Eido Gal, CEO of Riskified.
Some of the world's top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals...
The number of users of software-based facial recognition to secure payments will exceed 1.4 billion globally by 2025, from just 671 million in 2020, a Juniper Research study reveals. This rapid growth of 120% demonstrates how widespread facial recognition has become; fuelled by its low barriers to entry, a front-facing camera and appropriate software.
RSA has published its latest quarterly fraud report, reinforcing the migration to more precise payment authentication methods and showing a notable spike in brand abuse attacks. Mostly notably, payment transaction volume using the 3-D Secure protocol grew more than 73% globally, while 2.x transaction volume grew 26 times in the Americas alone.
In a novel approach to ransom demands, a new ransomware calling itself 'NitroRansomware' encrypts victim's files and then demands a Discord Nitro gift code to decrypt files. While most ransomware operations demand thousands, if not millions, of dollars in cryptocurrency, Nitro Ransomware deviates from the norm by demanding a $9.99 Nitro Gift code instead. Based on filenames for NitroRansomware samples shared by MalwareHunterteam and analyzed by BleepingComputer, this new ransomware appears to be distributed as a fake tool stating it can generate free Nitro gift codes.