Category Archives: payment cards

Flaws allow attackers to bypass payment limits on Visa contactless cards

Posted on by

Flaws that allow attackers to bypass the payment limits on Visa contactless cards have been discovered by researchers Leigh-Anne Galloway and Tim Yunusov at Positive Technologies. The attack was tested with five major UK banks, successfully bypassing t… Continue reading Flaws allow attackers to bypass payment limits on Visa contactless cards

Another fast-food hack, this time at Checkers and Rally’s restaurants

Posted on by

Checkers Drive-In Restaurants says hackers compromised payment machines at more than 100 of the fast-food company’s locations, providing the latest example of how buying a drive-through cheeseburger can come with the risk of a data breach. Point-of-sale malware was lurking at 102 of Checkers and Rally’s locations in 20 states, the Florida-based company said in a bulletin Wednesday. Thieves collected data stored on magnetic card strips, including cardholders names, payment card numbers, card verification codes and expiration dates — everything they would need to steal to conduct their own transactions or re-sell that data on cybercriminal forums. The exposure period for many of the affected stores ended in April, though some locations were vulnerable dating back to 2016 or 2015, in the case of one California restaurant. The company did not specify the number of customers affected. Checkers didn’t offer many details about the hack, but the almost non-stop breach disclosures from similar […]

The post Another fast-food hack, this time at Checkers and Rally’s restaurants appeared first on CyberScoop.

Continue reading Another fast-food hack, this time at Checkers and Rally’s restaurants

Alleged FIN7 hacking director Andrii Kolpakov set to be extradited to the U.S.

Posted on by

One of three men who allegedly helped lead the FIN7 hacking group, which the U.S. Department of Justice says is behind the theft of 15 million payment card numbers, is scheduled to be extradited to the U.S., CyberScoop has learned. Andrii Kolpakov, will plead not guilty when he arrives in court from Spain to face charges in U.S. District Court for the Western District of Washington, according to his attorney, Vadim Glozman, who took over the case in April. Glozman said the timing of the extradition is unclear, but another source familiar with the matter said it will be “in the coming weeks.” Spanish police arrested Koplakov in June 2018 at the behest of U.S. authorities. The Ukrainian national, who was 30 when he was taken into custody, faces 26 criminal counts in the U.S., including aggravated identity theft, intentional damage to a protected computer and wire fraud, according to a U.S. […]

The post Alleged FIN7 hacking director Andrii Kolpakov set to be extradited to the U.S. appeared first on CyberScoop.

Continue reading Alleged FIN7 hacking director Andrii Kolpakov set to be extradited to the U.S.

Financial crime outpaces espionage as top motivation for data breaches, Verizon report finds

Posted on by

Once again, it all comes back to the money. Seventy-one percent of the data breaches that occurred in the last year were financially motivated, according to Verizon’s annual Data Breach Investigations Report. While there’s been uptick in espionage targeting the manufacturing sector, the overwhelming majority of cybercrime still is carried out by hackers primarily interested in making a buck. Just ask the financial companies: For the first time last year, they reported more instances of fraud when a physical card was not used than when a card was present. “It’s not necessarily that attackers are changing their techniques, or even evolving,” said Alex Pinto, head of security research at Verizon, of the findings. “It’s that attackers are keen to go after whoever is the easiest target … and there was a very sharp uptick on financially motivated social engineering.” Verizon’s DBIR has become a well-regarded barometer of threats, hacking techniques and […]

The post Financial crime outpaces espionage as top motivation for data breaches, Verizon report finds appeared first on CyberScoop.

Continue reading Financial crime outpaces espionage as top motivation for data breaches, Verizon report finds

Latest Pakistan bank-card fraud looks like an actual breach, researchers say

Posted on by

A spike in payment-card fraud in Pakistan over the past six months now appears to involve a possible breach of at least one bank’s internal systems, according to researchers with New York-based threat intelligence company Gemini Advisory. Previous reports — including research by Moscow-based cybersecurity company Group-IB — had noted two major dumps of Pakistani payment-card data on the dark web market Joker’s Stash in October and November, as well as further sales in January of this year. Gemini Advisory says it now appears that the card-information dumps point to a more aggressive level of hacking beyond point-of-sale attacks. “While fraudsters generally acquire card and PIN data with card skimmers and cameras or overlays, the January 24 and January 30, 2019 breach included such data in large quantities pertaining to a single bank – Meezan Bank Ltd.,” Gemini Advisory says. “Gemini analysts therefore assess with moderate confidence that the compromised records posted […]

The post Latest Pakistan bank-card fraud looks like an actual breach, researchers say appeared first on CyberScoop.

Continue reading Latest Pakistan bank-card fraud looks like an actual breach, researchers say

Post-exploitation scanning tool scavenges for useful information

Posted on by

Philip Pieterse, Principal Consultant for Trustwave’s SpiderLabs, has demonstrated at Black Hat Arsenal Europe 2018 a new tool for penetration testers called Scavenger. About Scavenger Scavenger is a multi-threaded post-exploitation scanning tool… Continue reading Post-exploitation scanning tool scavenges for useful information