Security News

ValidCC, a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. There are dozens of online shops that sell so-called "Card not present" payment card data stolen from e-commerce stores, but most source the data from other criminals.

"As a result of COVID-19 and associated global trends, demand for malicious and illicit goods, services and data have reached new peak highs across dark web marketplaces," said researchers in a Friday analysis. Upon a deep-dive investigation into the underground marketplace, researchers found that the pricing for stolen payment cards has soared in 2020; jumping from $14.64 in 2019 to $20.16 in 2020.

A cybercrime group known for targeting e-commerce websites unleashed a "Multi-stage malicious campaign" earlier this year designed with an intent to distribute information stealers and JavaScript-based payment skimmers. The ultimate goal of the attack, the researchers noted, was to steal payment and user data via several attack vectors and tools to deliver the malware.

Australia will develop the capability to use payment records in the service of coronavirus contact tracing. A National Contact Tracing Review released last Friday called for a raft of information technology responses to the pandemic, on grounds that containment of the novel coronavirus will be needed even after a vaccine emerges.

Texas-based precious metals dealer JM Bullion has informed some customers that their payment card information may have been stolen by cybercriminals, but the disclosure came months after the breach was discovered. The company claims on its website that customer information is kept secure through "256-bit SSL encryption" and that it does not have access to payment card information as it's processed by a third party.

A data set of millions of payment card records apparently stolen from US-based restaurant franchise Dickey's Barbecue Pit has emerged on a Dark Web marketplace, Gemini Advisory reports. There are 469 locations across 42 states that are operating under the Dickey's Barbecue Pit franchise, each of them allowed to use the type of point-of-sale device they like, as well as their preferred processors.

Popular U.S. smoked-meat franchise Dickey's Barbecue Pit has been hit with a data breach, with cybercriminals posting the fat cap of the compromised data - 3 million payment cards - on the popular Joker's Stash underground marketplace this week. "We are utilizing the experience of third parties who have helped other restaurants address similar issues and also working with the FBI and payment card networks. We understand that payment card network rules generally provide that individuals who timely report unauthorized charges to the bank that issued their card are not responsible for those charges."

Cybercriminals have planted a payment card skimmer on the websites of several organizations using the Playback Now conference platform, Malwarebytes reported on Thursday. The customer websites hosted on it - customers receive a dedicated website which they can use to serve their content - had been injected with a payment card skimmer that allowed the attackers to steal the financial information of users purchasing conference materials from those sites.

A little more than a quarter of companies worldwide are fully compliant with the exacting PCI DSS online payment security standard, according to US telco Verizon. The company's 2020 Payment Security Report found that only 27 per cent of organisations worldwide were in line with the full ambit of the PCI DSS for handling payment card data in online purchases.

Biometric payment cards with an integrated fingerprint sensor make contactless payments more convenient, more secure and hygienic. Infineon Technologies and Fingerprint Cards have joined forces to enable mass deployment of this emerging solution.