Security News

Security analysts have found security issues in the payment system present on Xiaomi smartphones that rely on MediaTek chips providing the trusted execution environment that is responsible for signing transactions. Considering how common mobile payments and Xiaomi phones are, especially in Asian markets, the money pool hackers could tap into is estimated to be in the billions of U.S. dollars.

In this Help Net Security video, Charl van der Walt, Head of Security Research, Orange Cyberdefense, discusses whether criminalizing ransomware payments could quell the current crime wave by...

Cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion, according to Juniper Research. As a comparison, this equates to over 350% of Apple's reported net income in the 2021 fiscal year, showing the massive extent of these losses.

Ransomware statistics from the second quarter of the year show that the ransoms paid to extortionists have dropped in value, a trend that continues since the last quarter of 2021. Ransomware remediation firm Coveware has published a report today with ransomware data from the second quarter of 2022 showing that although the average payment increased, the median value recorded a significant drop.

Multiple npm packages are being used in an ongoing malicious campaign dubbed LofyLife to infect Discord users with malware that steals their payment card information. "All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign 'LofyLife'."

The U.S. Department of Justice has announced the seizure of $500,000 worth of Bitcoin from North Korean hackers who extorted digital payments from several organizations by using a new ransomware strain known as Maui. The DoJ did not disclose where the rest of the payments originated from.

Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. "Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites," the company noted in an advisory published on July 22.

Three restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS were the target of two Magecart skimming campaigns that resulted in the compromise of at least 311 restaurants. "The online ordering platforms MenuDrive and Harbortouch were targeted by the same Magecart campaign, resulting in e-skimmer infections on 80 restaurants using MenuDrive and 74 using Harbortouch," cybersecurity firm Recorded Future revealed in a report.

Federal law enforcement officials this week said they seized about $500,000 that healthcare facilities in the United States paid to the Maui ransomware group. In the case involving the Kansas healthcare facility, the hospital paid the $100,000 ransom but also contacted the FBI, which traced the payment through the blockchain and identified accounts used by money launderers in China who were working with the North Korean-backed ransomware group.

Cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion, according to Juniper Research. Online payment fraud includes losses across the sales of digital goods, physical goods, money transfer transactions and banking, as well as purchases like airline ticketing.