Chinese Silent Skimmer Attack Hits Businesses in APAC and NALA regions

By Deeba Ahmed They Key targets of the Silent Skimmer attack are companies creating/hosting payment infrastructure, including e-commerce platforms and POS point of sales systems providers. This is a post from HackRead.com Read the original post: Chinese Silent Skimmer Attack Hits Businesses in AP...

Lack of Deadline Protection in Key Functions Poses Potential Exploits

Lines of code Vulnerability details Impact The absence of a deadline parameter in key function calls within the EvolvingProteus contract poses a significant vulnerability. Transactions that stay pending in the mempool due to outdated slippage could be executed at a much later time than initially...

FIN7 ‘Pen Tester’ Headed to Jail Amid $1B in Losses

A so-called “pen-tester” for the financial cybergang known as FIN7 will spend seven years in the slammer after being convicted for payment-card theft. According to the Department of Justice, Andrii Kolpakov, a Ukrainian national, was also ordered to pay a tidy $2.5 million in restitution for his...

Sodinokibi Ransomware Now Scans Networks For PoS Systems

Cybercriminals behind recent Sodinokibi ransomware attacks are now upping their ante and scanning their victims’ networks for credit card or point of sale PoS software. Researchers believe this is a new tactic designed to allow attackers to get the biggest bang for their buck – ransom payments an...

TAU Technical Report: New Attack Combines TinyPOS With Living-off-the-Land Techniques for Scraping Credit Card Data

In April of 2020 VMware Carbon Black Threat Analysis Unit TAU researchers worked with an Incident Response IR partner on a piece of malware that was discovered during an ongoing PCI investigation. The combined analysis showed that attackers who previously leveraged a malware family called TinyPOS...

FIN6 and TrickBot Combine Forces in 'Anchor' Attacks

Researchers say, two cybercriminal groups, FIN6 and the operators of the TrickBot malware, have paired up together to target several organizations with TrickBot’s malware framework called “Anchor.” The two threat groups joining forces is a “new and dangerous twist” in an existing trend of...

PoS Malware Exposes Customer Data of Catch Restaurants

Popular NYC restaurants Catch NYC, Catch Roof and Catch Steak discovered and removed malware on their point-of-sale PoS systems — but not before it exposed credit-card information from unknowing diners. Catch Hospitality Group, which owns the three NYC hotspots, said in a data-breach notice this...

PoS Malware ‘TreasureHunter’ Source Code Leaked

Source code for the point-of-sale malware called TreasureHunter has been leaked, according to researchers who said the release offers them unique insights into the malware, but also gives them pause as they brace for expected variants. Not just was TreasureHunter’s source code leaked, but so was...

cardfellow.com XSS vulnerability

Open Bug Bounty ID: OBB-553502 Description| Value ---|--- Affected Website:| cardfellow.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Oracle MICROS POS Vulnerability Puts 300,000 Systems at Risk

Point-of-sale systems are rich targets for attackers, given their status as a gateway to credit card information, customer and back-office data and other goodies. A recently patched vulnerability in Oracle’s MICROS POS system software can lead to attackers gaining full access to the systems, say...

Forever 21 Says PoS Systems Exposed Customer Data for 8 Months

Fashion retailer Forever 21 confirmed a breach made public in November resulted in the theft of credit card data belonging to an undisclosed number of customers. The company had stated that a lack of encryption used on some of its point-of-sales payment terminals could have resulted in unauthoriz...

Forever 21 Confirms Security Breach Exposed Customer Credit Card Details

First notified in November of a data breach incident, popular clothing retailer Forever 21 has now confirmed that hackers stole credit card information from its stores throughout the country for several months during 2017. Although the company did not yet specify the total number of its customers...

The continuing threat of POS malware

Point-of-sale systems have seen numerous changes in recent years. From the shift to chip-card readers and the inclusion of new technology for contactless mobile payments, POS systems aren't just for swiping cards anymore. At the same time, two important factors haven't changed - the criticality o...

Vendetta Brothers: Cyber Crooks Adopt Real World Tactics

Meet Vendetta Brothers Inc., a small-time cybercrime ring that has mastered the art of compromising point-of-sale systems and selling the data online. The group, named after its “Vendetta World” underground marketplace, is unique because of its ability to adopt real-world criminal tricks of the...

Over 1000 Wendy's Restaurants Hit by Credit Card Hackers

The Popular fast-food restaurant chain Wendy's on Thursday admitted that a massive cyber attack had hit more than 1,000 of its restaurants across the country. The burger chain did not speculate how many people may have been affected, though it did confirm that the hackers were able to steal its...

Windows Zero Day Selling for $90,000

Hackers claim to have unearthed a zero-day vulnerability giving attackers admin rights to any Windows machine from Windows 2000 to a fully patched version of Windows 10. The zero day is for sale on the black market for $90,000. Security experts say the zero-day exploit looks legitimate and in the...

Follow The Money: Dissecting the Operations of the Cyber Crime Group FIN6

Cybercrime operations can be intricate and elaborate, with careful planning needed to navigate the various obstacles separating an attacker from a payout. Yet reports on these operations are often fragmentary, as the full scope of attacker activity typically occurs beyond the view of any one grou...

Pro PoS — This Stealthy Point-of-Sale Malware Could Steal Your Christmas

The point of Sale systems are the most tempting target for cyber crooks to steal your credit card information and with this Christmas, you need to be more careful while using your credit cards at retailers and grocery stores. Here's why… Cyber criminals are now selling a new powerful strain of...

ModPOS: Highly-Sophisticated, Stealthy Malware Targeting US POS Systems with High Likelihood of Broader Campaigns

Today, iSIGHT Partners is sharing details about a highly sophisticated criminal malware framework that has been used to target point-of-sale POS systems at US-based retailers. We believe this very hard to detect malware is likely being used in broader campaigns and are disclosing details to help...

Brute-Forcing Botnet Sniffs Out Lax POS Systems

Over a two-week time span earlier this year, a botnet composed of thousands of computers actively sought out and broke into exposed point of sale POS systems that used poor or default passwords. The botnet, dug up and dubbed BrutPOS by security firm FireEye, leveraged more than 5,000 machines and...