Point-of-sale Malware | Breaking Cybersecurity News | The Hacker News

A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the  FIN7  (aka Carbanak) group. This link "could suggest either that Black Basta and FIN7 maintain a special relationship or that one or more individuals belong to both groups," cybersecurity firm SentinelOne  said  in a technical write-up shared with The Hacker News. Black Basta, which  emerged  earlier this year, has been attributed to a ransomware spree that has claimed over 90 organizations as of September 2022, suggesting that the adversary is both well-organized and well-resourced. One notable aspect that makes the group stand out, per SentinelOne, is the fact that there have been no signs of its operators attempting to recruit affiliates or advertising the malware as a RaaS on darknet forums or crimeware marketplaces. This has raised the possibility that the Black Basta developers either cut out affiliates from the chain and deploy the ranso

Remember the recent payment card breach at Wawa convenience stores ? If you're among those millions of customers who shopped at any of 850 Wawa stores last year but haven't yet hotlisted your cards, it's high time to take immediate action. That's because hackers have finally put up payment card details of more than 30 million Wawa breach victims on sale at Joker's Stash, one of the largest dark web marketplaces where cybercriminals buy and sell stolen payment card data. As The Hacker News reported last month, on 10th December Wawa learned that its point-of-sale servers had malware installed since March 2019, which stole payment details of its customers from potentially all Wawa locations. At that time, the company said it's not aware of how many customers may have been affected in the nine-month-long breach or of any unauthorized use of payment card information as a result of the incident. Now it turns out that the Wawa breach marked itself in the

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Have you stopped at any Wawa convenience store and used your payment card to buy gas or snacks in the last nine months? If yes, your credit and debit card details may have been stolen by cybercriminals. Wawa, the Philadelphia-based gas and convenience store chain, disclosed a data breach incident that may have exposed payment card information of thousands of customers who used their cards at about any of its 850 stores since March 2019. What happened? According to a press release published on the company's website, on 4th March, attackers managed to install malware on its point-of-sale servers used to process customers' payments. By the time it was discovered by the Wawa information security team on 10th December, the malware had already infected in-store payment processing systems at "potentially all Wawa locations." That means attackers were potentially stealing Wawa customers' payment card information until the malware was entirely removed by its

Oracle has released a security patch update to address a critical remotely exploitable vulnerability that affects its MICROS point-of-sale (POS) business solutions for the hospitality industry. The fix has been released as part of Oracle's January 2018 update that patches a total of 238 security vulnerabilities in its various products. According to public disclosure by ERPScan, the security firm which discovered and reported this issue to the company, Oracle's MICROS EGateway Application Service, deployed by over 300,000 small retailers and business worldwide, is vulnerable to directory traversal attack. If exploited, the vulnerability ( CVE-2018-2636 ) could allow attackers to read sensitive data and receive information about various services from vulnerable MICROS workstations without any authentication. Using directory traversal flaw, an unauthorized insider with access to the vulnerable application could read sensitive files from the MICROS workstation, includi

The point of Sale systems are the most tempting target for cyber crooks to steal your credit card information and with this Christmas, you need to be more careful while using your credit cards at retailers and grocery stores. Here's why… Cyber criminals are now selling a new powerful strain of Point of Sale (PoS) malware through underground forums. Like several POS malware families discovered last year, including vSkimmer and BlackPOS , the new malware is also designed to steal payment card data from the infected POS systems and support TOR to hide its C&C (Command and Control) servers. Pro PoS – Light Weight, Yet Powerful Malware However, the new malware, dubbed " Pro PoS ," packs more than just a PoS malware. Pro PoS weighs only 76KB, implements rootkit functionalities, as well as mechanisms to avoid antivirus detection, according to threat intelligence firm InfoArmor. What's even more interesting about this malware is… Pro P

Russian hackers have discovered a novel technique to rip off Millions of dollars from banks and ATMs. Criminals in Russia used a technique, called " Reverse ATM Attack ," and stole 252 Million Rubles ( US$3.8 Million ) from at least five different banks, according to the information obtained by Russian digital intelligence firm Group-IB . What is Reverse ATM Attack? According to the intelligence firm, an attacker would deposit sums of 5,000, 10,000 and 30,000 Rubles into legitimate bank accounts using ATMs, and immediately withdraw the same amounts right away with a printed receipt of the payment transaction. The details included in the receipt, containing a payment reference number and the amount withdrawn, would then be transferred to a partner hacker, who had remote access to the infected POS terminals, usually located outside of Russia. Also Read: German Bank ATMs vulnerable to Hackers The partner hacker would then use these details to perform a reversal

A new and terribly awful breed of Point-of-Sale (POS) malware has been spotted in the wild by the security researchers at Cisco's Talos Security Intelligence & Research Group that the team says is more sophisticated and nasty than previously seen Point of Sale malware. The Point-of-Sale malware, dubbed " PoSeidon ", is designed in a way that it has the capabilities of both the infamous Zeus banking Trojan and BlackPOS malware which robbed Millions from US giant retailers, Target in 2013 and Home Depot in 2014. PoSeidon malware scrapes memory from Point of Sale terminals to search for card number sequences of principal card issuers like Visa, MasterCard, AMEX and Discover, and goes on using the Luhn algorithm to verify that credit or debit card numbers are valid. The malware then siphon the captured credit card data off to Russian (.ru) domains for harvesting and likely resale, the researchers say. "PoSeidon is another in the growing number