Security News
Popular U.S. smoked-meat franchise Dickey's Barbecue Pit has been hit with a data breach, with cybercriminals posting the fat cap of the compromised data - 3 million payment cards - on the popular Joker's Stash underground marketplace this week. "We are utilizing the experience of third parties who have helped other restaurants address similar issues and also working with the FBI and payment card networks. We understand that payment card network rules generally provide that individuals who timely report unauthorized charges to the bank that issued their card are not responsible for those charges."
Cybercriminals have planted a payment card skimmer on the websites of several organizations using the Playback Now conference platform, Malwarebytes reported on Thursday. The customer websites hosted on it - customers receive a dedicated website which they can use to serve their content - had been injected with a payment card skimmer that allowed the attackers to steal the financial information of users purchasing conference materials from those sites.
Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users. Google's latest version of its browser, Chrome 86, is now being rolled out with 35 security fixes - including a critical bug - and a feature that checks if users have any compromised passwords.
UK cashless school payments firm Wisepay has pulled its website offline after spotting a miscreant trying to spoof its card payment page. The Hampshire-based company, which bills itself as "Allowing parents and guardians to make cashless payments to their school or college", said its website was "Down for maintenance".
A credential-phishing email campaign is making the rounds, using the lure of coronavirus tax relief to scam people into giving up their personal information. The emails purport to contain an important document about COVID-19 relief funds from the IRS. Clicking the link in the email leads readers to a SharePoint form that they were told to complete before accessing the document, according to Chetan Anand, co-founder and architect at Armorblox.
A little more than a quarter of companies worldwide are fully compliant with the exacting PCI DSS online payment security standard, according to US telco Verizon. The company's 2020 Payment Security Report found that only 27 per cent of organisations worldwide were in line with the full ambit of the PCI DSS for handling payment card data in online purchases.
Companies that ransomware-hit US organizations hire to facilitate the paying of the ransom are at risk of breaking US sanctions, falling afoul of the US Department of the Treasury's Office of Foreign Assets Control regulations and may end up paying millions in fines. "Ransomware payments made to sanctioned persons or to comprehensively sanctioned jurisdictions could be used to fund activities adverse to the national security and foreign policy objectives of the United States. Ransomware payments may also embolden cyber actors to engage in future attacks. In addition, paying a ransom to cyber actors does not guarantee that the victim will regain access to its stolen data," the OFAC explained.
The U.S. Department of the Treasury this week issued an advisory to warn companies that facilitate ransomware payments of the potential legal implications resulting from sending money to sanctioned entities. The Treasury Department's Office of Foreign Assets Control says there has been a rise in ransomware attacks on U.S. organizations, which has resulted in an increase in the demand for ransomware payments.
Password manager 1Password and virtual card platform Privacy.com announced an API integration that lets users create virtual cards in their browser quickly and safely when they need to make a payment. Starting today, users can create, use and save Privacy Cards directly within their 1Password extension whenever they're needed.
This allowed the two devices to read data from the credit card chip and exchange information with payment terminals. To obtain unauthorized funds from a third-party credit card, the first mobile phone is used to scan the necessary data from the credit card and transfer it to the second phone.