Security News

Collection of South Korean, U.S. Payment Cards Emerges on Underground Market
2020-04-27 11:26

A collection of approximately 400,000 payment card records, mainly from South Korea and the United States, has emerged on the dark web this month, Group-IB reports. Uploaded on a popular darknet cardshop on April 9, this collection represents the largest sale of South Korean records on underground markets this year, the cyber-security company warns.

Stripe is absolutely logging your mouse movements on websites' payment pages – for your own good, says CEO
2020-04-22 21:50

Stripe CEO Patrick Collison insists his company's collection of e-commerce customers' site interactions, mouse metrics, and identifiers is solely for fighting fraud - though he allows that the payment platform's disclosure could be better. On Tuesday, developer Michael Lynch questioned Stripe's data collection in a blog post, noting that the biz's JavaScript library, used by web merchants to implement client-side aspects of Stripe's payment system, records browsing activity and reports the data back to the company.

Bad news: Cognizant hit by ransomware gang. Worse: It's Maze, which leaks victims' data online after non-payment
2020-04-21 01:36

New Jersey IT services provider Cognizant has confirmed it is the latest victim of the Maze ransomware. Maze is unusual among ransomware strains in that it not only encrypts the data on infected Windows machines, it siphons off copies of the originals as well.

Scammers exploiting stimulus payments with phishing attacks and malicious domains
2020-04-20 12:30

Since January, more than 4,000 domains related to coronavirus stimulus packages have been registered, many of them malicious or suspicious, according to Check Point Research. These attacks typically take the form of malicious apps, phishing emails, and phony websites.

PCI Pal Rapid Remote: Enabling orgs to quickly handle payments even when working remotely
2020-04-15 01:45

PCI Pal Rapid Remote delivers PCI compliant payment services at pace, and enables organizations to quickly continue handling customer payments in a secure and compliant way even when working remotely or from home with minimal notice. With many contact centre agents, and other back-office staff who take payments, now working from home during these unprecedented times, Rapid Remote gives organizations the ability to securely handle payments, while also complying with PCI DSS rules.

New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments
2020-04-10 21:46

People drawing Social Security payments from the government will receive stimulus payments the same way. A review of the Web site set up to accept bank account information for the stimulus payments reveals few other mandatory identity checks to complete the filing process.

Rubean, CCV, Intertrust and Riscure launch jointly developed contactless Android payment app
2020-04-08 00:30

Rubean and CCV, in partnership with Intertrust and Riscure, announced the launch of a jointly developed contactless payment application that transforms Android handsets running 8.0 Oreo or later into contactless payment terminals, supporting PIN entry with no additional hardware. "Combining whiteCryption, our world-class application shielding for zero-trust environments, with Riscure's penetration testing and certification, has brought down barriers for Rubean and CCV to deliver streamlined payment capabilities to the market."

Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data
2020-04-03 03:52

Cybersecurity researchers today uncovered an ongoing new Magecart skimmer campaign that so far has successfully compromised at least 19 different e-commerce websites to steal payment card details of their customers. MakeFrame attacks have been attributed to Magecart Group 7 for its approach of using the compromised sites to host the skimming code, load the skimmer on other compromised websites, and siphon off the stolen data.

Corporate Workers Warned of 'COVID-19 Payment' Emails Delivering Banking Trojan
2020-03-30 14:59

IBM and FireEye have spotted a campaign that relies on fake "COVID-19 Payment" emails to deliver the Zeus Sphinx banking trojan to people in the United States, Canada and Australia. The emails have the subject line "COVID-19 payment" and they carry malicious documents named "COVID 19 relief."

Tupperware Cyberattack Stores Away Customer Payment Cards
2020-03-26 18:16

Though Tupperware never responded to multiple attempts at contact by researchers, as of March 25, after research was publicly disclosed detailing the card skimmer, the malicious code was removed from the homepage. Researchers first came across the card skimmer during a web crawl, when they identified a suspicious iframe - responsible for displaying the payment form fields presented to online shoppers - that was loaded on the Tupperware[.