Security News
Interestingly, WooCommerce suggests that even if attackers had found and exploited this vulnerability, the only information about your logon passwords they'd have been able to steal would have been so-called salted password hashes, and so the company has written that "It's unlikely that your password was compromised". As a result, it's offering the curious advice that you can get away without changing your admin password as long as [a] you're using the standard WordPress password management system and not some alternative way of handling passwords that WooCommerce can't vouch for, and [b] you're not in the habit of using the same password on multiple services.
OpenAI says a Redis client open-source library bug was behind Monday's ChatGPT outage and data leak, where users saw other users' personal information and chat queries.OpenAI took ChatGPT offline to investigate an issue but did not provide details as to what caused the outage.
Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. It impacts versions 4.8.0 through 5.6.1.
A new credit card stealing hacking campaign is doing things differently than we have seen in the past by hiding their malicious code inside the 'Authorize.net' payment gateway module for WooCommcerce, allowing the breach to evade detection by security scans. To evade detection, the threat actors are now injecting malicious scripts directly into the site's payment gateway modules used to process credit card payments on checkout.
An international law enforcement operation has seized the cryptocurrency mixing service 'ChipMixer' which is said to be used by hackers, ransomware gangs, and scammers to launder their proceeds. ChipMixer has been one of the largest cryptocurrency mixing platforms operating on the dark web since 2017, allowing users to convert their money into untraceable "Chips," which are then cashed out on "Clean" cryptocurrency addresses that can be converted to FIAT money.
Kaspersky discovered two new Prilex variants in early 2022 and found a third in November that can target NFC-enabled credit cards and block contactless transactions, forcing payers over to the less-secure PIN machines. "Contactless credit cards offer a convenient and secure way to make payments without the need to physically insert or swipe the card," the researchers wrote.
The Brazilian threat actors behind an advanced and modular point-of-sale malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Having evolved out of ATM-focused malware into PoS malware over the years since going operational in 2014, the threat actor steadily incorporated new features that are designed to facilitate credit card fraud, including a technique called GHOST transactions.
New versions of the Prilex point-of-sale malware can block secure, NFC-enabled contactless credit card transactions, forcing consumers to insert credit cards that are then stolen by the malware. On a payment terminal, contactless transactions use NFC chips embedded in credit cards and mobile devices to conduct close-proximity payments via credit cards, smartphones, or even smartwatches.
Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before. As always, we have to caveat these findings by noting that the true totals are much higher, as there are cryptocurrency addresses controlled by ransomware attackers that have yet to be identified on the blockchain and incorporated into our data.
In 2023, companies will need to have a firm understanding of secure payment methods and be ready to pivot as the legislation landscape evolves in the next 12 months. Emergence of Omnichannel payments within the contact center: By implementing an omnichannel contact center payment strategy, companies can personalize the customer experience, allowing consumers to pay via multiple channels using multi-payment methods.