Security News

Operators of the Sodinokibi Ransomware as a Service recently published over 12GB of data that allegedly belongs to one of its victims - Brooks International - that refused to pay ransom. Sodinokibi - a GandCrab derivative blamed for numerous attacks that took place last year - is a prime example of RaaS. BleepingComputer shared a screengrab of one such hacker forum post that showed a member advertising a link to the stolen data for 8 credits: that's worth about €2.

Saturday is the delayed deadline for UK banks and financial institutions to have implemented two-factor authentication for payment transactions. James Stickland, chief executive officer at authentication platform Veridium, said the huge growth in use of digital services made better authentication vital.

Behavioral biometrics can play an important role in thwarting ever more sophisticated payment fraud schemes, says Robert Capps of Mastercard, who provides a fraud-fighting update. In a video interview with Information Security Media Group at RSA 2020.

Online payment fraud attempts increased by 73 percent in 2019, according to a report from Sift. Additional findings in the report reveal that cybercriminals are using mobile devices more than desktops or laptops to commit payment fraud.

Mobile payment fraud is growing, and is growing faster in the mobile ecosystem than anywhere else. Just as the targets have evolved with the emergence of mobile as the fraud platform of choice, so too have the payment types evolved.

The company said it discovered the breach recently, after being notified by a third-party that "There may have been unauthorized access to data from payment cards that were used at some Rutter's locations." Rutter's investigation revealed on January 14 that hackers had planted malware on payment processing systems, allowing them to obtain information from credit and debit cards used at point-of-sale devices at fuel pumps and convenience stores.

That's because hackers have finally put up payment card details of more than 30 million Wawa breach victims on sale at Joker's Stash, one of the largest dark web marketplaces where cybercriminals buy and sell stolen payment card data. Now it turns out that the Wawa breach marked itself in the list of largest credit card breaches ever happened in the history of the United States, potentially exposing 30 million sets of payment records.

Combined with its existing Agent Assist and IVR payment solutions, PCI Pal Digital will enable a true omnichannel secure payments environment for contact centers and businesses taking payments across the globe. "As we see the increased adoption of digital channels within organizations, including both our partners and direct customers, we believe that now is the time to introduce our digital payment offering supplementing our existing Agent Assist and IVR solutions," said James Barham, CEO, PCI Pal.

A long-running marketplace for selling stolen payment card data is advertising a large new batch linked to the breach at Wawa convenience stores late last year. Joker's Stash claims its latest dump contains as many as 30 million payment cards from 40 states.

Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground's most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach. A spokesperson for Wawa confirmed that the company today became aware of reports of criminal attempts to sell some customer payment card information potentially involved in the data security incident announced by Wawa on December 19, 2019.