FTC tackles tech support scams by chasing payment processor firms

A multinational payment processing company and two of its executives are facing a potential $650k fine as a result of allegedly processing credit card payments for tech support scammers. While this fine isnt exactly massive in comparison to some of the privacy breaches and other incidents seen do...

Diebold Nixdorf ProCash 2100xe USB ATM does not adequately secure communications between CCDM and host

Overview Diebold Nixdorf 2100xe USB automated teller machines ATMs are vulnerable to physical attacks on the communication channel between the cash and check deposit module CCDM and the host computer. An attacker with physical access to internal ATM components may be able to exploit this...

Wawa Breach: Hackers Put 30 Million Stolen Payment Card Details for Sale

Remember the recent payment card breach at Wawa convenience stores? If you're among those millions of customers who shopped at any of 850 Wawa stores last year but haven't yet hotlisted your cards, it's high time to take immediate action. That's because hackers have finally put up payment card...

Wawa Breach May Have Affected More Than 30 Million Customers

A recent dump of payment card information being sold on a popular online fraud marketplace suggests that more than 30 million payment cards may have been affected by a malware attack and data breach at Wawa convenience stores and gas stations that was first revealed in December. The Joker’s Stash...

Wawa Breach May Have Compromised More Than 30 Million Payment Cards

In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen...

Fraudsters Claim To Hack Two Canadian Banks

UPDATE Two Canadian banks have reported that they may be targets of a hack, after bad actors claimed that they electronically accessed personal and account information of a combined 90,000 customers. The attackers have asked for a ransom of 1 Ripple XMR from each, which translates to around $1...

WordPress adsense-click-fraud-monitoring phpwhois cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers. adsense-click-fraud-monitoring is one of the malicious click monitoring plugins. phpwhois is a package containing Whois libraries fo...

CVE-2015-3998

phpwhois version 4.2.5 used in the WordPress adsense-click-fraud-monitoring plugin version 1.7.5 is documented to have a cross-site scripting (XSS) vulnerability. An attacker can inject arbitrary script or HTML via the query parameter to whois.php. The linked reports confirm the affected componen...

Morgan Stanley Insider Theft Wealth Management Client Data

The financial services giant Morgan Stanley announced yesterday that that an employee had stolen sensitive information pertaining to more than 900 of the firm’s wealth-management clients. According to a company press release, the wealth management employee in question “has been terminated.”...

Amazon Web Services Combing Third Parties for Credentials

Amazon Web Services is actively searching a number of sources, including code repositories and application stores, looking for exposed credentials that could put users’ accounts and services at risk. A week ago, a security consultant in Australia said that as many as 10,000 secret Amazon Web...

Appeals Court Calls Bank's Security "Commercially Unreasonable"

The United States Court of Appeals on Tuesday reversed a lower court’s decision, ruling that the IT security system used by a domestic bank was not “commercially reasonable” to protect its customers. The ruling PDF, in the case of People’s United Bank formerly Ocean Bank of Maine versus Patco...

Sony: Hackers Nabbed Info Of 70 Million Members

Sony admitted that hackers broke into its PlayStation Network online gaming network made off with the personal information of more than 77 million members in what would be one of the largest reported data breaches in history. A message posted on the PlayStation Network Web site informed customers...