Security News

IBM and FireEye have spotted a campaign that relies on fake "COVID-19 Payment" emails to deliver the Zeus Sphinx banking trojan to people in the United States, Canada and Australia. The emails have the subject line "COVID-19 payment" and they carry malicious documents named "COVID 19 relief."

Though Tupperware never responded to multiple attempts at contact by researchers, as of March 25, after research was publicly disclosed detailing the card skimmer, the malicious code was removed from the homepage. Researchers first came across the card skimmer during a web crawl, when they identified a suspicious iframe - responsible for displaying the payment form fields presented to online shoppers - that was loaded on the Tupperware[.

Infosec firm Malwarebytes, which made the discovery, has gone public with its findings today after alleging Tupperware ignored attempts to alert it and to get the malware removed from its payment processing pages. "On March 20, Malwarebytes identified a targeted cyberattack against household brand Tupperware and its associated websites that is still active today. We attempted to alert Tupperware immediately after our discovery, but none of our calls or emails were answered," said Malwarebyes in a statement.

Operators of the Sodinokibi Ransomware as a Service recently published over 12GB of data that allegedly belongs to one of its victims - Brooks International - that refused to pay ransom. Sodinokibi - a GandCrab derivative blamed for numerous attacks that took place last year - is a prime example of RaaS. BleepingComputer shared a screengrab of one such hacker forum post that showed a member advertising a link to the stolen data for 8 credits: that's worth about €2.

Saturday is the delayed deadline for UK banks and financial institutions to have implemented two-factor authentication for payment transactions. James Stickland, chief executive officer at authentication platform Veridium, said the huge growth in use of digital services made better authentication vital.

Behavioral biometrics can play an important role in thwarting ever more sophisticated payment fraud schemes, says Robert Capps of Mastercard, who provides a fraud-fighting update. In a video interview with Information Security Media Group at RSA 2020.

Online payment fraud attempts increased by 73 percent in 2019, according to a report from Sift. Additional findings in the report reveal that cybercriminals are using mobile devices more than desktops or laptops to commit payment fraud.

Mobile payment fraud is growing, and is growing faster in the mobile ecosystem than anywhere else. Just as the targets have evolved with the emergence of mobile as the fraud platform of choice, so too have the payment types evolved.

The company said it discovered the breach recently, after being notified by a third-party that "There may have been unauthorized access to data from payment cards that were used at some Rutter's locations." Rutter's investigation revealed on January 14 that hackers had planted malware on payment processing systems, allowing them to obtain information from credit and debit cards used at point-of-sale devices at fuel pumps and convenience stores.

That's because hackers have finally put up payment card details of more than 30 million Wawa breach victims on sale at Joker's Stash, one of the largest dark web marketplaces where cybercriminals buy and sell stolen payment card data. Now it turns out that the Wawa breach marked itself in the list of largest credit card breaches ever happened in the history of the United States, potentially exposing 30 million sets of payment records.