Security News

Online payment fraud losses accelerate at an alarming rate
2022-08-02 08:00

Cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion, according to Juniper Research. As a comparison, this equates to over 350% of Apple's reported net income in the 2021 fiscal year, showing the massive extent of these losses.

Ransom payments fall as fewer victims choose to pay hackers
2022-07-28 21:35

Ransomware statistics from the second quarter of the year show that the ransoms paid to extortionists have dropped in value, a trend that continues since the last quarter of 2021. Ransomware remediation firm Coveware has published a report today with ransomware data from the second quarter of 2022 showing that although the average payment increased, the median value recorded a significant drop.

Malicious npm packages steal Discord users’ payment card info
2022-07-28 14:13

Multiple npm packages are being used in an ongoing malicious campaign dubbed LofyLife to infect Discord users with malware that steals their payment card information. "All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign 'LofyLife'."

FBI Seizes $500,000 Ransomware Payments and Crypto from North Korean Hackers
2022-07-26 11:52

The U.S. Department of Justice has announced the seizure of $500,000 worth of Bitcoin from North Korean hackers who extorted digital payments from several organizations by using a new ransomware strain known as Maui. The DoJ did not disclose where the rest of the payments originated from.

Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores
2022-07-26 11:50

Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. "Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites," the company noted in an advisory published on July 22.

Magecart Hacks Food Ordering Systems to Steal Payment Data from Over 300 Restaurants
2022-07-25 09:13

Three restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS were the target of two Magecart skimming campaigns that resulted in the compromise of at least 311 restaurants. "The online ordering platforms MenuDrive and Harbortouch were targeted by the same Magecart campaign, resulting in e-skimmer infections on 80 restaurants using MenuDrive and 74 using Harbortouch," cybersecurity firm Recorded Future revealed in a report.

DoJ, FBI recover $500,000 in ransomware payments to Maui gang
2022-07-20 15:45

Federal law enforcement officials this week said they seized about $500,000 that healthcare facilities in the United States paid to the Maui ransomware group. In the case involving the Kansas healthcare facility, the hospital paid the $100,000 ransom but also contacted the FBI, which traced the payment through the blockchain and identified accounts used by money launderers in China who were working with the North Korean-backed ransomware group.

Online payment fraud losses to exceed $343 billion
2022-07-18 03:00

Cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion, according to Juniper Research. Online payment fraud includes losses across the sales of digital goods, physical goods, money transfer transactions and banking, as well as purchases like airline ticketing.

Phishers steal Office 365 users’ session cookies to bypass MFA, commit payment fraud
2022-07-13 10:53

A massive phishing campaign has been targeting Office 365 users in over 10,000 organizations since September 2021 and successfully bypassing multi-factor authentication set up to protect the accounts. The attackers use proxy servers and phishing websites to steal users' password and session cookie.

PCI DSS 4.0 changes help organizations protect payment card data
2022-07-11 02:55

PCI DSS is a global standard that provides a baseline of technical and operational requirements designed to protect account data. This Help Net Security video introduces the most important PCI DSS 4.0 changes.