#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

BlackPOS | Breaking Cybersecurity News | The Hacker News

New Point-of-Sale Malware Compromises 1,500 Devices Worldwide

New Point-of-Sale Malware Compromises 1,500 Devices Worldwide

May 24, 2014
In past few months, the malware developers are more focusing on proliferating and upgrading malicious malwares to target Point-of-Sale (POS) machines. Due to the lack of concern and security measures, point-of-sale (POS) systems have become an attractive target for cybercriminals and malware writers. BlackPOS malware caused massive data breaches in various US retailers targeting POS machines and the largest one is TARGET data breach occurred during the last Christmas holidays. The third-largest U.S. Retailer in which over 40 million Credit & Debit cards were stolen, used to pay for purchases at its 1500 stores nationwide in the U.S. Neiman Marcus, Michaels Store were also targeted involving the heist of possibly 110 million Credit-Debit cards, and personal information. BlackPOS malware was embedded in point-of-sale (POS) equipment at the checkout counters to collect secure data as the credit cards were swiped during transactions. Now the latest one is the ' Nemanj
Book Review: Hacking Point of Sale, In-Depth Study on Payment Applications

Book Review: Hacking Point of Sale, In-Depth Study on Payment Applications

May 20, 2014
Point-of-sale (POS) is the hottest topic in payment structures and its one of the most popular technology topics as well. A Point-of-sale (POS) machine is a computerized replacement for a cash register. It has ability to quickly process a customer's transaction, accurately keep the records, process credit and debit cards , connect to other systems in a network, and manage inventory. A basic POS system would consist of a computer as its core part provided with application specific programs for the particular environment in which it will serve, along with a cash drawer, barcode scanner, receipt printer and the appropriate POS software. Point-of-sale (POS) terminals are used in most industries that have a point of sale such as a service desk, including restaurants, lodging, entertainment, and museums. Due to the better track inventory and accuracy of records, the Point-of-sale (POS) machine is used worldwide and it can be easily set-up, depending on the nature of the busi
How to Achieve the Best Risk-Based Alerting (Bye-Bye SIEM)

How to Achieve the Best Risk-Based Alerting (Bye-Bye SIEM)

Feb 19, 2024Network Detection and Response
Did you know that Network Detection and Response (NDR) has become the most effective technology to detect cyber threats? In contrast to SIEM, NDR offers adaptive cybersecurity with reduced false alerts and efficient threat response. Are you aware of  Network Detection and Response (NDR)  and how it's become the most effective technology to detect cyber threats?  NDR massively upgrades your security through risk-based alerting, prioritizing alerts based on the potential risk to your organization's systems and data. How? Well, NDR's real-time analysis, machine learning, and threat intelligence provide immediate detection, reducing alert fatigue and enabling better decision-making. In contrast to SIEM, NDR offers adaptive cybersecurity with reduced false positives and efficient threat response. Why Use Risk-Based Alerting? Risk-based alerting is an approach where security alerts and responses are prioritized based on the level of risk they pose to an organization's system
Tor-enabled Point-of-Sale malware 'ChewBacca' stole Credit Card data from 11 Countries

Tor-enabled Point-of-Sale malware 'ChewBacca' stole Credit Card data from 11 Countries

Jan 31, 2014
After the massive data breaches at U.S retailers Target and Neiman Marcus in which financial credentials of more than 110 million and 1.1 million customers were compromised respectively, shows that the Point of Sale (POS) system has become a new target for the cyber criminals. Despite the BlackPOS malware of Point of Sale (POS) system that comes out as the major cause of these data breaches, malware writers are upgrading and developing more Trojans to target POS system. In December, the security researchers at anti-virus firm Kaspersky Lab discovered a Tor-based banking trojan , dubbed " ChewBacca ", that was initially categorized as a Financial trojan, but recently security researchers at RSA have uncovered that 'ChewBacca' is also capable of stealing credit card details from point of sale systems. ' ChewBacca ', a relatively new and private Trojan, used in the 11 countries as a POS malware is behind the electronic theft. ChewBacca communicat
cyber security

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
Possible Data Breach at Arts and Crafts Retailer 'Michaels Store'

Possible Data Breach at Arts and Crafts Retailer 'Michaels Store'

Jan 27, 2014
Western landscapes are facing a hell lot of data breaches started with Target , Neiman Marcus and now country's largest crafts chain ' Michael's Art and Crafts ' may be is the latest retailer hit by a security breach. In a statement, Irving, Texas-based company acknowledged a possible data security breach that may have affected its customers' payment card information at its 1250 stores across the United States and Canada. They also announced that it is working closely with federal law enforcement and is conducting an investigation with the help of third-party data security experts to establish the facts. " Michaels said in its statement that it had "recently learned of possible fraudulent activity on some US payment cards that had been used at Michaels, suggesting that the company may have experienced a data security attack " company said . CEO Chuck Rubin said that the company has not confirmed a breach, but wanted to alert customers:
23-Year-old Russian Hacker confessed to be original author of BlackPOS Malware

23-Year-old Russian Hacker confessed to be original author of BlackPOS Malware

Jan 21, 2014
In the previous reports of Cyber Intelligence firm ' IntelCrawler ' named Sergey Tarasov , a 17-year-old teenager behind the nickname " ree[4] ", as the developer of BlackPOS malware. BlackPOS also known as "reedum" or 'Kaptoxa' is an effective crimeware kit, used in the massive heist of possibly 110 million consumers' Credit-Debit cards, and personal information from the TARGET . Later Researchers's investigation revealed that the original coder of BlackPOS Malware was actually a 23-year-old young hacker named Rinat Shabayev and the teen, Sergey Taraspov is the incharge for the technical support department. In an interview with Russian channel ' LifeNews ', Rinat Shabayev admitted that he had developed the BlackPOS crimeware kit. He clarified that the program developed by him was not meant for any kind of data theft, instead the program was written for the security testing. He developed the malware with the he
More details about alleged 17-year-old Russian BlackPOS Malware Author released

More details about alleged 17-year-old Russian BlackPOS Malware Author released

Jan 20, 2014
Security experts at IntelCrawler provided a new interesting update on BlackPOS malware author , that he forgot to delete his Social networking profile even after the last exposure from the investigators. As we have reported a few days before that the Intelligence firm IntelCrawler  has identified a 17 year old teenager, known as " Ree [4] " in the underground market, as the author of the BlackPOS /Kaptoxa malware used in the attack against Target and Neiman Marcus retailers. The teenager is not directly responsible for the Target attack, but he sold the BlackPOS to other Cyber Gangs, including the admin's of underground credit cards market places, " . rescator ", " Track2 . name ", " Privateservices.biz " and many others were his clients. Who is Ree [ 4]? IntelCrawler exposed REE [ 4]'s original profile as Sergey Taraspov,  a 17 year old Russian programmer, based in St . Petersburg and Nizhniy Novgorod (Russian Federation). Before both brea
BlackPOS Malware used in TARGET Data Breach developed by 17-Year Old Russian Hacker

BlackPOS Malware used in TARGET Data Breach developed by 17-Year Old Russian Hacker

Jan 17, 2014
The Holiday data breach at TARGET appeared to be part of a broad and highly sophisticated international hacking campaign against multiple retailers, involving the heist of possibly 110 million Credit-Debit cards, and personal information. Target confirmed last weekend that a malicious software was embedded in point-of-sale (POS) equipment at its checkout counters to collect secure data as the credit cards were swiped during transactions. The Malware called ' BlackPOS ' also known as " reedum " or ' Kaptoxa ' is an effective crimeware  kit, that was created in March 2013 and available in underground sites for $1800-$2000. Investigators from IntelCrawler found a 17-years old hacker who actually developed the BlackPOS crimeware kit. His nickname is ' ree4 ' and original name: ' Sergey Taraspov ' from  St . Petersburg  and  Nizhniy Novgorod ( Russian Federation). IntelCrawler's sources mentioned that the BlackPOS malware was created i
Cybersecurity Resources