Security News

Dickey’s BBQ Breach: Meaty 3M Payment Card Upload Drops on Joker’s Stash
2020-10-16 16:13

Popular U.S. smoked-meat franchise Dickey's Barbecue Pit has been hit with a data breach, with cybercriminals posting the fat cap of the compromised data - 3 million payment cards - on the popular Joker's Stash underground marketplace this week. "We are utilizing the experience of third parties who have helped other restaurants address similar issues and also working with the FBI and payment card networks. We understand that payment card network rules generally provide that individuals who timely report unauthorized charges to the bank that issued their card are not responsible for those charges."

Cybercriminals Target Conference Platform With Payment Card Skimmer
2020-10-09 11:05

Cybercriminals have planted a payment card skimmer on the websites of several organizations using the Playback Now conference platform, Malwarebytes reported on Thursday. The customer websites hosted on it - customers receive a dedicated website which they can use to serve their content - had been injected with a payment card skimmer that allowed the attackers to steal the financial information of users purchasing conference materials from those sites.

Google’s Chrome 86: Critical Payments Bug, Password Checker Among Security Notables
2020-10-07 15:50

Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users. Google's latest version of its browser, Chrome 86, is now being rolled out with 35 security fixes - including a critical bug - and a feature that checks if users have any compromised passwords.

Wisepay 'outage' is actually the school meal payments biz trying to stop an intruder from stealing customer card details
2020-10-07 15:01

UK cashless school payments firm Wisepay has pulled its website offline after spotting a miscreant trying to spoof its card payment page. The Hampshire-based company, which bills itself as "Allowing parents and guardians to make cashless payments to their school or college", said its website was "Down for maintenance".

IRS COVID-19 Relief Payment Deadlines Anchor Convincing Phish
2020-10-07 13:14

A credential-phishing email campaign is making the rounds, using the lure of coronavirus tax relief to scam people into giving up their personal information. The emails purport to contain an important document about COVID-19 relief funds from the IRS. Clicking the link in the email leads readers to a SharePoint form that they were told to complete before accessing the document, according to Chetan Anand, co-founder and architect at Armorblox.

Verizon: Just 25% of global businesses comply fully with the Payment Card Industry Data Security Standard
2020-10-06 17:41

A little more than a quarter of companies worldwide are fully compliant with the exacting PCI DSS online payment security standard, according to US telco Verizon. The company's 2020 Payment Security Report found that only 27 per cent of organisations worldwide were in line with the full ambit of the PCI DSS for handling payment card data in online purchases.

Companies that facilitate ransomware payments risk violating US sanctions
2020-10-02 13:16

Companies that ransomware-hit US organizations hire to facilitate the paying of the ransom are at risk of breaking US sanctions, falling afoul of the US Department of the Treasury's Office of Foreign Assets Control regulations and may end up paying millions in fines. "Ransomware payments made to sanctioned persons or to comprehensively sanctioned jurisdictions could be used to fund activities adverse to the national security and foreign policy objectives of the United States. Ransomware payments may also embolden cyber actors to engage in future attacks. In addition, paying a ransom to cyber actors does not guarantee that the victim will regain access to its stolen data," the OFAC explained.

Treasury Department Warns Ransomware Payment Facilitators of Legal Implications
2020-10-01 18:40

The U.S. Department of the Treasury this week issued an advisory to warn companies that facilitate ransomware payments of the potential legal implications resulting from sending money to sanctioned entities. The Treasury Department's Office of Foreign Assets Control says there has been a rise in ransomware attacks on U.S. organizations, which has resulted in an increase in the demand for ransomware payments.

1Password and Privacy.com let consumers create virtual cards to ensure safe online payments
2020-09-25 11:48

Password manager 1Password and virtual card platform Privacy.com announced an API integration that lets users create virtual cards in their browser quickly and safely when they need to make a payment. Starting today, users can create, use and save Privacy Cards directly within their 1Password extension whenever they're needed.

Interesting Attack on the EMV Smartcard Payment Standard
2020-09-14 11:21

This allowed the two devices to read data from the credit card chip and exchange information with payment terminals. To obtain unauthorized funds from a third-party credit card, the first mobile phone is used to scan the necessary data from the credit card and transfer it to the second phone.