#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Financial data | Breaking Cybersecurity News | The Hacker News

PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions

PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions

Jan 17, 2024 Financial Data / Vulnerability
The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code. The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing to their rapid deployment in Poland, said it unearthed half a dozen flaws that allow for privilege escalation and local code execution from the bootloader. Details about one of the vulnerabilities (CVE-2023-42133) have been currently withheld. The other flaws are listed below - CVE-2023-42134 & CVE-2023-42135 (CVSS score: 7.6) - Local code execution as root via kernel parameter injection in fastboot (Impacts PAX A920Pro/PAX A50) CVE-2023-42136 (CVSS score: 8.8) - Privilege escalation from any user/application to system user via shell injection binder-exposed service (Impacts All Android-based PAX PoS devices) CVE-2023-42137 (CVSS score: 8.8) - Privilege escalation from
Hacker Stole Data of Over 70% Bulgarian Citizens from Tax Agency Servers

Hacker Stole Data of Over 70% Bulgarian Citizens from Tax Agency Servers

Jul 17, 2019
Eastern European country Bulgaria has suffered the biggest data breach in its history that compromised personal and financial information of 5 million adult citizens out of its total population of 7 million people. According to multiple sources in local Bulgarian media , an unknown hacker earlier this week emailed them download links to 11GB of stolen data which included taxpayer's personal identifiable numbers, addresses, and financial data. In a brief statement released Monday, the National Revenue Agency (NRA) of Bulgaria said the stolen data originates from the country's tax reporting service. The NRA also indicated that the Ministry of the Interior and the State Agency for National Security (SANS) have started taking an assessment of the potential vulnerability in NRA's systems that attackers might have exploited to breach into its databases. It appears that until now, the hacker, who claimed to be a Russian man, has only released 57 out of a total of 110 c
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
324,000 Financial Records with CVV Numbers Stolen From A Payment Gateway

324,000 Financial Records with CVV Numbers Stolen From A Payment Gateway

Sep 13, 2016
Around 324,000 users have likely had their payment records stolen either from payment processor BlueSnap or its customer Regpack ; however, neither of the company has admitted a data breach. BlueSnap is a payment provider which allows websites to take payments from customers by offering merchant facilities, whereas RegPack is a global online enrollment platform that uses BlueSnap to process the financial transactions for its online enrollments. The data breach was initially reported on July 10, when a hacker published a link on Twitter, pointing to a file containing roughly 324,000 records allegedly stolen from Waltham, Massachusetts-based BlueSnap. The tweet has since been deleted, but Australian security expert Troy Hunt took a copy of it for later review to analyze the data and after analyzing, he discovered that the leaked payment records are most likely legitimate. Payment Card Data Including CVV Codes Leaked The data contains users' details registred between 10
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Staysure Hacked, Credit Card details of 93,000 Customers stolen

Staysure Hacked, Credit Card details of 93,000 Customers stolen

Jan 06, 2014
Staysure, a UK based Insurance company has suffered a massive data breach . More than 93,000 customers' sensitive financial data may have been compromised by unknown hackers. We became aware of the problem on November 14, and quickly informed the relevant card issuing bodies and subsequently The Financial Conduct Authority, the Information Commissioner's Office and the Police. The company notified that their systems have suffered cyber attack during the second half of October 2013 and Customers' Data including names, addresses, payment card details and CVV numbers has stolen. In that attack, encrypted payment card details of customers who purchased insurance from us before May 2012 were stolen, along with CVV details and customer names and addresses. From May 2012 we ceased to store this data. Credit card details were encrypted, but the CVV number was in the clear text, which is not good. Now this is not confirmed that their encryption implementation was secure or not. Howe
Cybersecurity Resources