#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Payment Security | Breaking Cybersecurity News | The Hacker News

Category — Payment Security
Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Nov 20, 2024 Payment Security / Cybercrime
Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic. "Criminals can now misuse Google Pay and Apple Pay to transmit your tap-to-pay information globally within seconds," the Dutch security company told The Hacker News in a statement. "This means that even without your physical card or phone, they can make payments from your account anywhere in the world." These attacks typically work by tricking victims into downloading mobile banking malware that can capture their banking credentials and one-time passwords using an overlay attack or a keylogger. Alternatively, it can involve a voice phishing component. Once in possession of the card details, the threat actors m...
Master Your PCI DSS v4 Compliance with Innovative Smart Approvals

Master Your PCI DSS v4 Compliance with Innovative Smart Approvals

Sep 16, 2024 Payment Security / Data Protection
The PCI DSS landscape is evolving rapidly. With the Q1 2025 deadline looming ever larger, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are troublesome as they demand that organizations rigorously monitor and manage payment page scripts and use a robust change detection mechanism. With the deadline fast approaching and the consequences of non-compliance so severe, there is no room for complacency, so, in this article, we look at the best way to meet these complex coding requirements. PCI DSS v4: Understanding Requirements 6.4.3 and 11.6.1 These changes to PCI DSS in v4.0 acknowledge the urgent need to tighten client-side security in the face of pervasive supply-chain threats. They call for beefed-up payment page security to keep customers' sensitive payment details safe from malicious script injection attacks: 6.4.3: To meet this requirement your organization needs to monitor and manage all payment ...
The Future of Serverless Security in 2025: From Logs to Runtime Protection

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Nov 28, 2024Cloud Security / Threat Detection
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is the issue with that: 1. Logs Only Tell Part of the Story Logs can track external-facing activities, but they don't provide visibility into the internal execution of functions. For example, if an attacker injects malicious code into a serverless function that doesn't interact with external resources (e.g., external APIs or databases), traditional log-based tools will not detect this intrusion. The attacker may execute unauthorized processes, manipulate files, or escalate privileges—all without triggering log events. 2. Static Misconfiguration Detection is Incomplete Static tools that check ...
Expert Insights / Articles Videos
Cybersecurity Resources