Security News
The Indonesian Ministry of Communication and Information Technology, Kominfo, is now blocking access to internet service and content providers who had not registered on the country's new licensing platform by July 27th, 2022, as the country begins to restrict access to online content providers and services. The first blocks began Friday, a day before the June 26th deadline, and according to internet access monitoring org NetBlocks, some of the service providers include Yahoo, Steam, and PayPal.
A newly discovered phishing kit targeting PayPal users is trying to steal a large set of personal information from victims that includes government identification documents and photos. The kit is hosted on legitimate WordPress websites that have been hacked, which allows it to evade detection to a certain degree.
By misusing the PayPal logo and general design, the phishing kit leads users through a set of pages and forms aimed at collecting information that can later be used to steal the victims' identity and perform money laundering, open cryptocurrency accounts, make fraudulent tax return claims, and much more. The attackers using the kit are targeting legitimate WordPress sites.
A security researcher disclosed details of a clickjacking attack demonstrated against PayPal that could be exploited to steal victims' account balances in a single click. "But during my deep testing, I found that we can pass another token type, and this leads to stealing money from [a] victim's PayPal account."
Cyberattackers are targeting 60 different high-profile companies with the TrickBot malware, researchers have warned, with many of those in the U.S. The goal is to attack those companies' customers, according to Check Point Research, which are being cherry-picked for victimization. The TrickBot malware was originally a banking trojan, but it has evolved well beyond those humble beginnings to become a wide-ranging credential-stealer and initial-access threat, often responsible for fetching second-stage binaries such as ransomware.
Cybercriminals are using Telegram bots to steal one-time password tokens and defraud people through banks and online payment systems, including PayPal, Apple Pay and Google Pay, new research has found. Threat actors are using Telegram bots and channels and a range of tactics to gain account information, including calling victims, and impersonating banks and legitimate services, researchers said.
A new report from consumer website Comparitech looks at dark web selling prices for credit cards and PayPal accounts in particular. Credit cards are sold on the dark web either as digital items or physical clones of real cards.
ACI Worldwide announced a collaboration with PayPal to bring digital wallet payment options to ACI's biller clients like Monroe County Water Authority. PayPal and Venmo will be integrated with ACI Speedpay, giving consumers more options to make bill payments conveniently and securely using the digital methods that suit them best.
Twitter 'Tip Jar' may expose your PayPal shipping address. "For now, a limited group of people around the world who use Twitter in English can add Tip Jar to their profile and accept tips."
Available at millions of global online businesses and continuing to expand over the coming months, PayPal customers with cryptocurrency holdings in the U.S. will be able to choose to check out with crypto seamlessly within PayPal at checkout. "As the use of digital payments and digital currencies accelerates, the introduction of Checkout with Crypto continues our focus on driving mainstream adoption of cryptocurrencies, while continuing to offer PayPal customers choice and flexibility in the ways they can pay using the PayPal wallet," said Dan Schulman, president and CEO, PayPal.