#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

credit card hacking | Breaking Cybersecurity News | The Hacker News

Fraudsters Stole ¥1.4 Billion from 1,400 Japanese ATMs in Just 3 Hours

Fraudsters Stole ¥1.4 Billion from 1,400 Japanese ATMs in Just 3 Hours

May 23, 2016
In an era where major data hacks are on the rise, it is no surprise breaches on individuals are also up. In just three hours, over 100 criminals managed to steal ¥1.4 Billion ( approx. US$12.7 Million ) from around 1,400 ATMs placed in small convenience stores across Japan. The heist took place on May 15, between 5:00 am and 8:00 am, and looked like a coordinated attack by an international crime network. The crooks operated around 1,400 convenience store ATMs from where the cash was withdrawn simultaneously in 16 prefectures around Japan, including Tokyo, Osaka, Fukuoka, Kanagawa, Aichi, Nagasaki, Hyogo, Chiba and Nigata, The Mainichi reports . Also Read: Tyupkin Malware Hacking ATM Machines Worldwide Many ATM incidents involve a long-established technique called ' ATM Skimming ' in which criminals install devices to obtain card details via its magnetic stripe, or use ATM malware or from data breaches, and then work with so-called carders and money mules to pilfe
Creators of SpyEye Virus Sentenced to 24 Years in Prison

Creators of SpyEye Virus Sentenced to 24 Years in Prison

Apr 21, 2016
In Brief Two International hackers, Aleksandr Andreevich Panin and Hamza Bendelladj, have been sentenced to a combined 24 years and 6 months in prison for their roles in developing and distributing SpyEye banking trojan, a powerful botnet similar to the infamous ZeuS malware. Both hackers were charged with stealing hundreds of millions of dollars from banking institutions worldwide. Masterminds behind the development and distribution of the infamous " SpyEye " botnet have finally been sentenced to a combined total of 24 years and 6 months in prison. Aleksandr Andreevich Panin and Hamza Bendelladj have been sentenced for their roles in developing and distributing SpyEye malware that is said to have caused hundreds of millions of dollars in losses to the financial sector, the U.S. Justice Department said  on Wednesday. SpyEye, a successor to the notorious Zeus banking malware , has affected financial institutions since 2009. Once infected, the malware connects t
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Hyatt Hotel Says Payment Systems Hacked with Credit-Card Stealing Malware

Hyatt Hotel Says Payment Systems Hacked with Credit-Card Stealing Malware

Dec 24, 2015
Hyatt Hotels Corporation is notifying its customers that credit card numbers and other sensitive information may have been stolen after it found malware on the computers that process customer payments. "We recently identified malware on computers that operate the payment processing systems for Hyatt-managed locations," the company announced on Wednesday. "As soon as we discovered the activity, we launched an investigation and engaged leading third-party cyber security experts." What type of information? The company didn't confirm whether the attackers succeeded in stealing payment card numbers, neither it say how long its network was infected or how many hotel chains were affected in the malware attack. But as the payment processing system was infected with credit-card-stealing malware, there is a possibility that hackers may have stolen credit card numbers and other sensitive information. What happened? Hyatt spokeswoman Stephanie Sheppard
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
This $10 Device Can Guess and Steal Your Next Credit Card Number before You've Received It

This $10 Device Can Guess and Steal Your Next Credit Card Number before You've Received It

Nov 25, 2015
Imagine you have lost your credit card and applied for a fresh credit card from your bank. What if some criminal is using your new credit card before you have even received it? Yes, it's possible at least with this $10 device. Hardware hacker Samy Kamkar has built a $10 device that can predict and store hundreds of American Express credit card numbers, allowing anyone to use them for wireless payment transactions, even at non-wireless terminals. The device, dubbed MagSpoof , guesses the next credit card numbers and new expiration dates based on a cancelled credit card's number and when the replacement card was requested respectively. This process does not require the three or four-digit CVV numbers that are printed on the back side of the credit cards. Also Read:  How Hackers Can Hack Your Chip-and-PIN Credit Cards The tiny gadget would be a dream of any card fraudster who can pilfer cash from the stolen credit cards even after they have been blocked
TalkTalk Hack: Police Arrest Second Teenager in London

TalkTalk Hack: Police Arrest Second Teenager in London

Oct 30, 2015
British Police have arrested a second teenage boy in relation to the major hack on the servers of UK-based telco 'TalkTalk' last week. On Monday, a 15-year-old boy (first arrest) from County Antrim, Northern Ireland, was arrested in connection with the TalkTalk Data Breach. On Thursday, The Metropolitan Police Cyber Crime Unit (MPCCU) arrested this second unnamed 16-year-old boy from Feltham in west London on suspicion of Computer Misuse Act offences. Latest TalkTalk Data breach put the Bank details and Personally Identifiable Information (PII) of millions of customers at risk, including: Nearly 21,000 Bank Accounts Almost 28,000 obscured Credit and Debit card details Less than 15,000 customer dates of birth Names, Email Addresses, and Phone Numbers of 1.2 Million Customers TalkTalk has confessed that " Not all of the data was encrypted "... yeah, its' too bad. However, " Investigations so far show that the information that may have bee
15-year-old Boy Arrested in connection with TalkTalk Cyber Attack

15-year-old Boy Arrested in connection with TalkTalk Cyber Attack

Oct 27, 2015
The arrest is the first major outcome since TalkTalk – the biggest phone and broadband provider in the UK with more than 4 Million customers – had suffered a serious data breach. The Police Service of Northern Ireland (PSNI) and the investigating officers from the Metropolitan police's cyber crime unit (MPCCU) have arrested a 15-year-old boy in connection with the latest cyber attack on TalkTalk . The press release issued by the police said the boy was detained in County Antrim at about 4.20pm on Monday on suspicion of committing offences under the Computer Misuse Act. The Computer Misuse Act 1990 is an act of the Parliament of the United Kingdom, according to which any computer misuse offences like: Unauthorised access to computer material. Unauthorised access with the intent to commit further offences. Unauthorised acts with the intent to impair, or with recklessness as to impairing, operation of the computers, and other electronic devices. ...Are consi
How Hackers Can Hack Your Chip-and-PIN Credit Cards

How Hackers Can Hack Your Chip-and-PIN Credit Cards

Oct 21, 2015
October 1, 2015, was the end of the deadline for U.S. citizens to switch to Chip-enabled Credit Cards for making the transactions through swipe cards safer. Now, a group of French forensics researchers have inspected a real-world case in which criminals played smart in such a way that they did a seamless chip-switching trick with a slip of plastic that it was identical to a normal credit card. The researchers from the École Normale Supérieure University and the Science and Technology Institute CEA did a combined study of the subject, publishing a research paper [ PDF ] that gives details of a unique credit card fraud analyzed by them. What's the Case? Back in 2011 and 2012, police arrested five French citizens for stealing about 600,000 Euros (~ $680,000) as a result of the card fraud scheme, in spite of the Chip-and-PIN cards protections. How did the Chip-and-Pin Card Fraud Scheme Work? On investigating the case, the researchers discovered that the n
Samsung LoopPay Hacked, but 'Samsung Pay' is Safe

Samsung LoopPay Hacked, but 'Samsung Pay' is Safe

Oct 09, 2015
Samsung has been surrounded by a lot of controversies since the past few years, but that has not influenced its productivity. But this report has raised a few eyebrows... Samsung's mobile payment system company, LoopPay , was hacked back in March this year, just a month after Samsung bought it to help make Samsung Pay a reality. Samsung acquired LoopPay for more than $250 Million in February this year, and a group of Chinese Hackers were able to access LoopPay computer systems in March. The most worrisome part is – the hack was discovered 5 months later in August . Hackers were After Technology; Not Money or Sensitive Data The hackers, believed to be from a group called ' Codoso Group ' or ' Sunshock Group ,' were after the company's Magnetic Secure Transmission (MST) Technology . The group injected LoopPay's computer network with a hidden sophisticated attack in March, but the investigation kicked off when LoopPay learned of
Data Breach Day — Patreon (2.3M), T-Mobile (15M) and Scottrade (4.6M) — HACKED!

Data Breach Day — Patreon (2.3M), T-Mobile (15M) and Scottrade (4.6M) — HACKED!

Oct 03, 2015
This week, three high-profile data breaches took place, compromising personal and sensitive details of millions of people. Telecommunication giant T-Mobile Crowdfunding website Patreon US brokerage firm Scottrade In T-Mobile's case, its credit application processor Experian was hacked , potentially exposing highly sensitive details of 15 Million people who applied for its service in the past two years. The stolen data includes home addresses, birth dates, driver's license number, passport number, military I.D. numbers and – most unfortunately – the Social Security numbers, among other information. Patreon Hack Hits 2.3 Million Users In Patreon's case, hackers managed to steal almost 15 gigabytes' worth of data including names, shipping addresses and email addresses of 2.3 Million users . In a post published late Wednesday, Patreon CEO Jack Conte confirmed that the crowdfunding firm had been hacked and that the personal data of its users h
How to Freeze Credit Report To Protect Yourself Against Identity Theft

How to Freeze Credit Report To Protect Yourself Against Identity Theft

Oct 03, 2015
If your Social Security number gets hacked in any data breaches, including recently hacked T-Mobile , then there's a way to prevent hackers from misusing your identity (i.e. identity theft ). The solution here is that you can institute a security freeze at each of the three credit bureaus, Equifax , Experian , or TransUnion . Once frozen, nobody will be allowed to access your credit report, which will prevent any identity thieves from opening new accounts in your name. Because most creditors required to see your credit report before approving a new account. But, if they are restricted to see your file, they may not extend the credit or open a new account in your name. However, there are some disadvantages of doing so. 1.   Cost The cost of a security freeze differs by state (check yours here ). However, it is often free for already affected people, but the issue is – if you want to let anyone check your credit, you will need to pay a fee every time to
Experian Breach: 15 Million T-Mobile Customers' Data Hacked

Experian Breach: 15 Million T-Mobile Customers' Data Hacked

Oct 03, 2015
If you applied for financing from T-Mobile anytime between 1 September 2013 and 16 September 2015, you have been HACKED! – even if you never had T-Mobile service. T-Mobile's credit application processor Experian was hacked, potentially exposing the highly personal information of more than 15 million people in the United States. The stolen information includes names, addresses, phone numbers and – most unfortunately – Social Security numbers . The massive data breach was first discovered in mid-September and has now been confirmed by T-Mobile CEO John Legere . According to Legere, Hackers successfully obtained Millions of people's private information through Experian, one of the world's largest credit check companies that process T-Mobile's credit applications. Both customers and people who submitted to a T-Mobile credit check ( but either canceled or never activated their T-Mobile service ) between September 1, 2013, and September 16, 2015, are most at ris
Chip-and-PIN Credit Cards and The Deadline: Here's What You need To Know

Chip-and-PIN Credit Cards and The Deadline: Here's What You need To Know

Oct 01, 2015
October 1 Liability shift ENDS! Today, 1st October 2015 , is the deadline for US-based Banks and Retailers to roll out Chip-embedded Credit Cards ( powered by EVM Technology ) to customers that will make transactions more secure. EVM Technology stands for Europay , MasterCard and Visa -- a global standard for Payment Cards equipped with Chips used to authenticate chip card transactions. Starting Thursday, Merchants must have new Payment Terminals installed to accept Chip Cards in their stores or restaurants. Otherwise, they will be responsible for credit card frauds. Stephanie Ericksen, Visa's Vice President Risk Products said, " That's the date by which if a merchant doesn't have a chip terminal, and a counterfeit card is used at that location, they may be liable for that fraud on that transaction. '' 60% Customers Still have Old Credit Cards However, If you have not received a new credit card with chip technology, don't worry,
Hackers Exploit Zero-Day Magento Vulnerability to Steal Your Credit Cards

Hackers Exploit Zero-Day Magento Vulnerability to Steal Your Credit Cards

Jun 29, 2015
Hackers are increasingly exploiting an unknown flaw to siphon payment card information from e-commerce websites that use Magento , the most popular e-commerce platform owned by eBay. Security researchers at Sucuri are still investigating the attack vector, but they believe that cyber criminals are injecting malicious code into the Magento core file or some widely used module/extension in order to steal payment card data. Back in April, a critical Remote Code Execution Flaw in Magento allowed hackers to fully compromise any online store powered by Magento and thereby gain access to credit card data and other financial, and personal information related to the customers. Credit Card Stealers? Now, Sucuri senior malware researcher Peter Gramantik have found an attack script that pilfers the content of every POST request and identifies valuable payment card data before storing it in an encrypted form that only the attacker can decrypt. Moreover, to evade detection,
How Apple Pay Can Be Hacked to Steal Your Credit Card Details

How Apple Pay Can Be Hacked to Steal Your Credit Card Details

Jun 05, 2015
Today anywhere you go, you will come across Free or Public WiFi hotspots -- it makes our travel easier when we stuck without a data connection. Isn't it? But, I think you'll agree with me when I say: This Free WiFi hotspot service could bring you in trouble, as it could be a bait set up by hackers or cyber criminals to get access to devices that connects to the free network. This is why mobile device manufacturers provide an option in their phone settings so that the device do not automatically connects to any unknown hotspot and asks the owner for approval every time it comes across a compatible WiFi. Hackers can grab your Credit Card Data. Here's How? Recently, security researchers from mobile security company ' Wandera ' have alerted Apple users about a potential security flaw in iOS mobile operating system that could be exploited by hackers to set up a rogue WiFi spot and then fool users into giving up their personal information, including credit card details. The l
New "PoSeidon" Point of Sale Malware Spotted in the Wild

New "PoSeidon" Point of Sale Malware Spotted in the Wild

Mar 23, 2015
A new and terribly awful breed of Point-of-Sale (POS) malware has been spotted in the wild by the security researchers at Cisco's Talos Security Intelligence & Research Group that the team says is more sophisticated and nasty than previously seen Point of Sale malware. The Point-of-Sale malware, dubbed " PoSeidon ", is designed in a way that it has the capabilities of both the infamous Zeus banking Trojan and BlackPOS malware which robbed Millions from US giant retailers, Target in 2013 and Home Depot in 2014. PoSeidon malware scrapes memory from Point of Sale terminals to search for card number sequences of principal card issuers like Visa, MasterCard, AMEX and Discover, and goes on using the Luhn algorithm to verify that credit or debit card numbers are valid. The malware then siphon the captured credit card data off to Russian (.ru) domains for harvesting and likely resale, the researchers say. "PoSeidon is another in the growing number
Beware of Skimming Devices Installed on the ATM Vestibule Doors

Beware of Skimming Devices Installed on the ATM Vestibule Doors

Mar 19, 2015
Despite anti-skimmer ATM Lobby access control system available in the market, we have seen a number of incidents in recent years where criminals used card skimmers at ATM doors. Few years back, cyber criminals started using card skimmers on the door of the ATM vestibule , where customers have to slide their credit or debit cards to gain access to the ATM. The typical ATM Skimming devices are used by fraudsters capture both magnetic stripe data contained on the back of a debit or credit card as well as the PIN number that is entered by the customer when using the ATM. In recent case discussed by Brian, cyber criminal installed the card skimming device on the ATM Lobby Card Access Control and a pinhole hidden camera pointed at the ATM's keyboard. Basically, it's an ATM skimmer that requires no modification to the ATM. The card skimmer hidden on the ATM door records the debit and credit card information , and the pinhole camera records the PIN number the
Smart ATM offers Cardless Cash Withdrawal to Avoid Card Skimmers

Smart ATM offers Cardless Cash Withdrawal to Avoid Card Skimmers

Mar 16, 2015
Banks have tried every effort, from providing Magnetic Stripes based Credit and Debit Cards to Chip-and-Pin Cards , in order to secure its users from credit card cloning and card Skimmers. It has been known from years that Magnetic stripe are incredibly hackable, but  Chip-n-Pin cards have also been hacked and successfully cloned by a group of security researchers. A unit of Canada's Bank of Montreal, BMO Harris Bank is  launching  the U.S.'s biggest cardless ATM network that allows its customers to withdraw cash within seconds, using nothing but their smartphones. NO CARD, NO PIN, JUST YOUR SMARTPHONE According to the bank, there is no need to enter PIN and instead of swiping the card, customers have to sign into mobile banking app " Mobile Cash ", hold their smartphones over the QR code on the ATM screen and the cash gets delivered. This cardless cash withdrawal technology will boost security, speed up transactions and reduce frauds because no card informat
Visa Wants To Track Your Smartphone to Prevent Credit Card Fraud

Visa Wants To Track Your Smartphone to Prevent Credit Card Fraud

Feb 16, 2015
If you are a traveler and loves to travel then you must be annoyed of those calls you sometimes get from your bank when buying things far from home, and the most annoyed part is when the company won't approve the transaction as it fears your card was stolen. VISA MOBILE LOCATION CONFIRMATION APP The payment processing and credit card giant Visa has came forward to put an end to this problem by letting cardholders the chance to buy things wherever they are. The company plans to release a new location-based feature that will help cardholders to update their location via smartphone. Starting in April, the banks will include the software application, dubbed Visa Mobile Location Confirmation , in their smartphone apps. The app will use cardholders smartphone's ability to locate itself and verify that they're near where the card is being used. IN WAKE OF INCREASING CREDIT CARD FRAUD The idea behind this new move is to reduce the rising incidents of credit card fraud and fraud
Cybersecurity Resources