Security News

Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. It impacts versions 4.8.0 through 5.6.1.

A new credit card stealing hacking campaign is doing things differently than we have seen in the past by hiding their malicious code inside the 'Authorize.net' payment gateway module for WooCommcerce, allowing the breach to evade detection by security scans. To evade detection, the threat actors are now injecting malicious scripts directly into the site's payment gateway modules used to process credit card payments on checkout.

An international law enforcement operation has seized the cryptocurrency mixing service 'ChipMixer' which is said to be used by hackers, ransomware gangs, and scammers to launder their proceeds. ChipMixer has been one of the largest cryptocurrency mixing platforms operating on the dark web since 2017, allowing users to convert their money into untraceable "Chips," which are then cashed out on "Clean" cryptocurrency addresses that can be converted to FIAT money.

Kaspersky discovered two new Prilex variants in early 2022 and found a third in November that can target NFC-enabled credit cards and block contactless transactions, forcing payers over to the less-secure PIN machines. "Contactless credit cards offer a convenient and secure way to make payments without the need to physically insert or swipe the card," the researchers wrote.

The Brazilian threat actors behind an advanced and modular point-of-sale malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Having evolved out of ATM-focused malware into PoS malware over the years since going operational in 2014, the threat actor steadily incorporated new features that are designed to facilitate credit card fraud, including a technique called GHOST transactions.

New versions of the Prilex point-of-sale malware can block secure, NFC-enabled contactless credit card transactions, forcing consumers to insert credit cards that are then stolen by the malware. On a payment terminal, contactless transactions use NFC chips embedded in credit cards and mobile devices to conduct close-proximity payments via credit cards, smartphones, or even smartwatches.

Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before. As always, we have to caveat these findings by noting that the true totals are much higher, as there are cryptocurrency addresses controlled by ransomware attackers that have yet to be identified on the blockchain and incorporated into our data.

In 2023, companies will need to have a firm understanding of secure payment methods and be ready to pivot as the legislation landscape evolves in the next 12 months. Emergence of Omnichannel payments within the contact center: By implementing an omnichannel contact center payment strategy, companies can personalize the customer experience, allowing consumers to pay via multiple channels using multi-payment methods.

The PCI Security Standards Council published a new standard designed to support the evolution of mobile payment acceptance solutions. PCI Mobile Payments on COTS builds on the existing PCI Software-based PIN Entry on COTS and PCI Contactless Payments on COTS Standards, which individually address security requirements for solutions that enable merchants to accept cardholder PINs or contactless payments using a smartphone or other commercial off-the-shelf mobile device.

E-commerce fraud is expected to cost merchants in excess of US$48 billion globally in 2023, up from over $41 billion in 2022 according to Juniper Research. It predicted that this growth will be accelerated by increasing use of alternative payment methods, such as digital wallets and BNPL, which are creating new fraud risks.