Collaborate Disseminate
The modular malware is highly sophisticated but may not be able to capture credit-card info. Continue reading Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Software
After cybercriminals smoked out 3 million compromised payment cards on the Joker’s Stash marketplace, researchers linked the data to a breach at the popular barbecue franchise. Continue reading Dickey’s BBQ Breach: Meaty 3M Payment Card Upload Drops on Joker’s Stash
It’s complicated, but it’s basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal. That second phone is able to convince the POS terminal to conduct the transaction without requiring the normally required PIN.
From a news article:
The researchers were able to demonstrate that it is possible to exploit the vulnerability in practice, although it is a fairly complex process. They first developed an Android app and installed it on two NFC-enabled mobile phones. This allowed the two devices to read data from the credit card chip and exchange information with payment terminals. Incidentally, the researchers did not have to bypass any special security features in the Android operating system to install the app…
Continue reading Interesting Attack on the EMV Smartcard Payment Standard
The malware is using DNS tunneling to exfiltrate payment-card data. Continue reading Alina Point-of-Sale Malware Spotted in Ongoing Campaign
Attackers are compromising large companies with the Cobalt Strike malware, and then deploying the Sodinokibi ransomware. Continue reading Sodinokibi Ransomware Now Scans Networks For PoS Systems
Britain’s data protection authority said Thursday it has fined Dixons Carphone, a massive electronics retailer, the maximum fine allowed under law for a data breach that exposed financial information from millions of customers. Malicious software lurking inside point-of-sale systems at Dixons Carphone stores from July 2017 through April 2018 collected payment card data of 5.6 million people. Attackers accessed personal information including names, email addresses and details about failed credit checks on some 14 million people. The U.K.’s Information Commissioner’s Office fined the company £500,000 ($653,000) for the incident, the highest penalty authorized under the U.K.’s 1988 Data Protection Act. The ICO found that Dixons Carphone, which reported £10.5 billion (equivalent to $13.7 billion in 2020) in revenue in 2018, broke the law “by having poor security arrangements and failing to take adequate steps to protect personal data.” The company is also known as DSG Retail. Security issues included a […]
The post U.K. regulator dings tech retailer for breach that affected 14 million people appeared first on CyberScoop.
Continue reading U.K. regulator dings tech retailer for breach that affected 14 million people
Gas stations will become liable for card-skimming at their pay-at-the-pump mechanisms starting in October. Continue reading Cybercriminals Fill Up on Gas Pump Transaction Scams Ahead of Oct. Deadline
Landry’s announced that more than 60 of its restaurants may be affected by payment processing system malware. Continue reading Data Breach Affects 63 Landry’s Restaurants
Wawa said that payment-processing system malware had potentially affected all 850 of its locations. Continue reading Wawa Data Breach: Malware Stole Customer Payment Card Info
Have you stopped at any Wawa convenience store and used your payment card to buy gas or snacks in the last nine months?
If yes, your credit and debit card details may have been stolen by cybercriminals.
Wawa, the Philadelphia-based gas and convenienc… Continue reading Hackers Stole Customers’ Payment Card Details From Over 700 Wawa Stores