card

now browsing by tag

 
 

A new #way to #spread #malware and #problems with a #programmable #credit #card

A new way to use Microsoft Office to spread malware, hackers move fast to leverage another Adobe Flash exploit, and problems with a programmable credit card.

Criminals often try to trick users into infecting themselves by opening a zipped Microsoft Office document attached to an email. The document has a link to a malicious website. Barracuda Networks said this week the latest scam is to disguise that link so it fetches the website not through a web browser but through a communications protocol called Samba. Then malicious code is downloaded. Often it starts with victims get a message with something like ‘Your bill is attached.’

One thing you can do it beware of web page links in messages that start with “file://” rather than the expected “http://”

Barracuda says employees also should be regularly trained and tested to increase their security awareness.

Adobe Flash has long been a favoured way for attackers to get malware onto your computer. You download what’s supposed to be a Flash update or a Flash-based presentation, and instead you’re infected. A new hole was just discovered and patched by Adobe. However, Security Affairs reports that a researcher has discovered the popular ThreadKit exploit kit used by hackers is already now trying to use that exploit.

What can you do? A lot of these exploits are spread through email, so you’ve got to be wary of opening messages with attachments. Savvy criminals may target you, so don’t assume that because a message is from your boss, a friend or a relative that it’s valid. Many people disable Flash as a precaution. Those who don’t make sure their Flash is updated from a reputable site.

Finally, a California company named BrilliantTS has a problem with its Fuze Card, a smart card with a programmable security chip that looks like a credit card. The idea is you program the chip with data from several of your credit cards so you only carry the Fuze Card. However, Ars Technica reports two researchers have discovered a way that uses Bluetooth to impersonate the Android app that loads credit card data onto the smart cards. BrilliantTS says a fix will be released April 19th.

I don’t know if the card can be used in Canada. Your local bank or organization behind credit and debit cards has to approve its use for their processes. But it’s another lesson that there’s no quick fix for any problem in your wallet.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, your Alexa Flash Briefing or wherever else you listen to podcasts. Thanks for listening.

advertisement:

The post A new #way to #spread #malware and #problems with a #programmable #credit #card appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cash #Converters is #HACKED: Cyber #criminals hold UK #customer #credit card numbers, addresses and #passwords to #ransom after major #security breach

Source: National Cyber Security – Produced By Gregory Evans

Hackers who attacked the now defunct website of second hand goods store Cash Converters may have access to the account details of thousands of customers.

Usernames, passwords, delivery addresses and potentially partial credit card numbers are among the data believed to have been stolen.

The culprits are said to be holding the information to ransom while the firm works with law enforcement authorities to investigate the incident.

It is not known exactly how many customers were impacted in the hack or when it happened.

 

Cash Converters operates high street stores where customers can trade items like jewellery and electronics for money.

The affected website, which was put out of action in September 2017 and replaced with an updated version, lets people purchase these products online.

As well as cash trade ins, the company offers small financial loans to its customers.

The data breech is only believed to affect customers of the Perth-founded firm who are based in the UK.

In a breach notification email sent to customers, a Cash Converters spokesman said: ‘Please be reassured that, alongside the relevant authorities, we are investigating this as a matter of urgency and priority.

‘We are also actively implementing measures to ensure that this cannot happen again.

‘Although some details relating to the cybersecurity breach remain confidential while Cash Converters works with the relevant authorities, we will continue to provide as much detail as possible as it becomes available.

‘The current webshop site was independently and thoroughly security tested as part of its development process.

‘We have no reason to believe it has any vulnerability, however additional testing is being completed to get assurance of this.

‘Our customers truly are at the heart of everything we do and we are both disappointed and saddened that you have been affected.

‘We apologise for this situation.’

Cash Converts reportedly received an email from hackers who claiming to have gained access to the data.

They threatened to release the data if they were not paid, which means anyone who used the old site before September 22 could be at risk.

Customers have been to advised to change their passwords and the firm has forced a reset for all UK webshop users.

Speaking about the breach, Jon Topper, CEO of UK webhosting firm The Scale Factory, said: ‘When migrating away from old solutions it’s important to bear in mind that old digital assets will still be running and available online until such time as they are fully decommissioned.

‘As a result they should still be treated as ‘live” which means maintaining a good security posture around them, keeping up with patching and so forth.

‘In their customer notification, Cash Converters were quick to point out that the old site was operated by a third party, possibly intending to deflect responsibility for this breach.

‘This definitely won’t fly under General Data Protection Regulation regulations coming into force next year.

‘Companies running server infrastructure that handles customer data should be engaging with experts to review their security posture ahead of that, in order to avoid being slapped with a large fine.’

The post Cash #Converters is #HACKED: Cyber #criminals hold UK #customer #credit card numbers, addresses and #passwords to #ransom after major #security breach appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

MP police #cyber cell busts #Indo-Pak gang involved in #credit card fraud

Source: National Cyber Security – Produced By Gregory Evans

MP police #cyber cell busts #Indo-Pak gang involved in #credit card fraud

Busting an international gang of credit card hackers, the cyber wing of Madhya Pradesh Police has arrested two persons on Monday who are accused of making large-scale online purchases by hacking information on credit cards. The two accused, both residents of Mumbai, are suspected to be associated with a gang of international cyber criminals, run by Pakistani citizen Shaikh Afzal aka Shozi.

Speaking after the arrest of credit card hackers, Superintendent of Police (SP) of State Cyber Cell of Indore unit, Jitendra Singh said that two Indian members of this gang, identified as Ramkumar Pillai and Ramprasad Nadar, were arrested following a complaint made by a bank official from Agar Malwa district.

“We have learnt that Shozi is a native of Lahore and got married only last year. Shozi visits different countries across the world. He was in Uzbekistan when Nadar and Pillai talked to him last time through Skype. We are trying to confirm these details,” the Superintendent of Police said.

The duo purchased hacked credit card details from some websites on the dark web and later paid for the information through Bitcoin. “If this payment is measured in terms of Indian currency, it costs only Rs 500 to Rs 800 to buy details of every credit card,” Singh added.

The gang members bought air tickets and travel packages of Bangkok, Thailand, Dubai, Hong Kong and Malaysia by using this information of hacked credit cards. They also shopped costly items online using the hacked details, said the official.

Singh said the accused also used to send half the amount, they spent by misusing the credit card details, to Shozi by secret online methods.

The accused also used to select the online e-commerce website, where they do not need a one-time password (OTP) to make a purchase. So, the holders would get the information about the misuse of credit cards only after the payment.

Singh said initial investigation revealed that both the accused have made purchases of about Rs 20 lakh by misusing the details of 17 credit cards so far. However, this figure may go up after further investigation.

He said that the police have been searching for a resident of Jabalpur, who is also learnt to be connected with this gang.

Source:

The post MP police #cyber cell busts #Indo-Pak gang involved in #credit card fraud appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Pizza Hut hack: Thousands of customers’ data stolen as users report fraudulent card transactions

Source: National Cyber Security – Produced By Gregory Evans

Pizza Hut hack: Thousands of customers’ data stolen as users report fraudulent card transactions

Hackers hit Pizza Hut earlier in October and reportedly stole customers’ financial information. Pizza Hut said that its website was hacked and some of its customers who used the fast food chain’s website and app were affected by the breach.

Although Pizza Hut reportedly sent out emails notifying its customers of the breach, the alerts came two weeks after the company’s website was hacked. Some users took to Twitter to complain about the delayed notification. Some customers also reported fraudulent card transactions, which they suspect may have occurred due to the Pizza Hut hack.

“Pizza Hut has recently identified a temporary security intrusion that occurred on our website. We have learned that the information of some customers who visited our website or mobile application during an approximately 28-hour period (from the morning of October 1, 2017, through midday on October 2, 2017) and subsequently placed an order may have been compromised,” the company said in an email sent to affected customers, Bleeping Computer reported.

“Pizza Hut identified the security intrusion quickly and took immediate action to halt it,” the fast food chain added. “The security intrusion at issue impacted a small percentage of our customers and we estimate that less than one percent of the visits to our website over the course of the relevant week were affected.”

It is still unclear as to how many users may have been affected by the breach and whether the hackers were able to get their hands on any corporate data. IBTimes UK has reached out to Pizza Hut for further clarity on the incident and will update this article in the event of a response.

Source:

The post Pizza Hut hack: Thousands of customers’ data stolen as users report fraudulent card transactions appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

NETFLIX PHISHING CAMPAIGN STEALS CUSTOMERS’ CREDIT CARD DETAILS

Source: National Cyber Security – Produced By Gregory Evans

Netflix customers are being targeted by hackers posing as employees of the video streaming website in order to steal their credit card details. Researchers at the cybersecurity firm PhishMe uncovered the phishing campaign, which sent out Netflix-branded emails claiming to be from the company’s support team. Emails in the campaign…

The post NETFLIX PHISHING CAMPAIGN STEALS CUSTOMERS’ CREDIT CARD DETAILS appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Inside Mastercard’s Journey To Predicting Card Fraud

Source: National Cyber Security – Produced By Gregory Evans

Fighting payments fraud can be a daunting battle – especially if the battle is waged with reactions. That is, once you’re under siege, protecting data can be a scramble. Or as hockey great Wayne Gretzky once said, it’s important to skate to where the puck is going to be, and not…

The post Inside Mastercard’s Journey To Predicting Card Fraud appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Watertown Police seeking suspects in credit card theft

Source: National Cyber Security – Produced By Gregory Evans

The Watertown Police Department is currently seeking information to help them locate two individuals suspected of credit card fraud. The Watertown Police Department has active arrest warrants for Erica Saucier, 27, and Christopher Main, 26; both of a last known address of 33 Oak Stree in Thomaston. According to police,…

The post Watertown Police seeking suspects in credit card theft appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Target Gift Card Thief Spent Over $150,000, Pleads Not Guilty, OCDA Says

Source: National Cyber Security – Produced By Gregory Evans

A Stanton woman pleaded not guilty to racking up over $150,000 in purchases over seven months has pleaded not guilty to identity theft. LAKE FOREST, CA — Sure. Everyone loves shopping at Target. But could you spend over $150,000 there in seven months? A 28-year-old Stanton woman is facing charges…

The post Target Gift Card Thief Spent Over $150,000, Pleads Not Guilty, OCDA Says appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

llegal credit card skimmer use on the rise at Florida gas stations

Source: National Cyber Security – Produced By Gregory Evans

Protecting your pin while paying for gas at the pump may not be enough to keep your card’s information safe. State inspectors have found more credit card skimmers in the first seven months of this year — 276 — than during all of 2016 — 219. “Identity theft is the…

The post llegal credit card skimmer use on the rise at Florida gas stations appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers stole credit card data from Buckle stores

Source: National Cyber Security – Produced By Gregory Evans

Hackers stole credit card data from Buckle stores

The Buckle, Inc. has suffered a data breach, the clothing retailer announced this week. The company discovered intruders had planted malware on their cash register systems to steal credit card data from customers over several months. It’s unclear exactly how many cardholders may have been affected, but credit cards used…

The post Hackers stole credit card data from Buckle stores appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures