Security News

eCommerce fraud to merchants to exceed $48 billion / eCommerce merchants must step up their fraud prevention strategies. A Juniper Research study found that the total cost of eCommerce fraud to merchants will exceed $48 billion globally in 2023, from just over $41 billion in 2022.

Cybercriminals are continuing to prey on users searching for cracked software by directing them to fraudulent websites hosting weaponized installers that deploy malware called NullMixer on compromised systems. "When a user extracts and executes NullMixer, it drops a number of malware files to the compromised machine," cybersecurity firm Kaspersky said in a Monday report.

The Federal Bureau of Investigation has issued an alert about hackers targeting healthcare payment processors to route payments to bank accounts controlled by the attacker. Cybercriminals are combining multiple tactics to obtain login credentials of employees at payment processors in the healthcare industry and to modify payment instructions.

Several U.S. states have recently moved to ban local and state agencies and organizations funded by taxpayers' dollars from paying off ransomware gangs, and a few more are gearing up to it. In this Help Net Security video interview, Alex Iftimie, Partner at Morrison & Foerster, talks about the possible repercussions of such legislation and, in general, about the evolving nature of ransomware attacks and the current global efforts aimed at fighting the ransomware threats.

As payment fraud increases, global losses are projected to reach $40.62 billion by 2027. Governments and businesses are turning to meaningful customer authentication to crack down on identity theft.

Security flaws have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices. Specifically, the Israeli cybersecurity firm discovered that a trusted app on a Xiaomi device can be downgraded due to a lack of version control, enabling an attacker to replace a newer, secure version of an app with an older, vulnerable variant.

Smartphone maker Xiaomi, the world's number three phone maker behind Apple and Samsung, reported it has patched a high-severity flaw in its "Trusted environment" used to store payment data that opened some of its handsets to attack. Researchers at Check Point Research revealed last week in a report released at DEF CON that the Xiaomi smartphone flaw could have allowed hackers to hijack the mobile payment system and disable it or create and sign their own forged transactions.

Security analysts have found security issues in the payment system present on Xiaomi smartphones that rely on MediaTek chips providing the trusted execution environment that is responsible for signing transactions. Considering how common mobile payments and Xiaomi phones are, especially in Asian markets, the money pool hackers could tap into is estimated to be in the billions of U.S. dollars.

In this Help Net Security video, Charl van der Walt, Head of Security Research, Orange Cyberdefense, discusses whether criminalizing ransomware payments could quell the current crime wave by...

Cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion, according to Juniper Research. As a comparison, this equates to over 350% of Apple's reported net income in the 2021 fiscal year, showing the massive extent of these losses.