#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
SaaS Security

credit card | Breaking Cybersecurity News | The Hacker News

LoopHole in PayPal Terms Allows Anyone to Double PayPal Money Endlessly

LoopHole in PayPal Terms Allows Anyone to Double PayPal Money Endlessly

Jun 12, 2014
Many of us own a PayPal account for easy online transactions, but most of us don't have balance in our PayPal Account. But what will happen if your money doubles, triple...or even more folds in just some couple of hours ?? Sounds cherishing!! A loophole in the popular digital payment and money transfer service, PayPal allows its users to double the money in their account and that too endlessly. That means with only $50 in your PayPal account, you can make it to $100, then $100 to directly $200 and so on. An eBay owned company, PayPal provides a faster and safer way to pay and get paid. The service gives people simpler ways to send money without sharing financial information, with over 148 million active accounts in 26 currencies and across 193 markets, thereby processing more than 9 million payments daily. According to TinKode a.k.a Razvan Cernaianu , who claimed to have found this loophole in the PayPal service that actually resides in its Chargeback Process  which
Target finally Plans to issue Chip and PIN Credit Cards

Target finally Plans to issue Chip and PIN Credit Cards

Apr 30, 2014
The massive data breaches in U.S largest retailers ' Target ', marked the largest card heists in the U.S. history in which financial credentials of more than 110 million customers were compromised, have forced the retailer to take step towards more secure transactions. The retailer company on Tuesday said it is implementing chip-and-PIN payment card systems for its stores and will be soon working with the MasterCard to replace all of its REDcard customer cards to chip-and-PIN secured cards. The transition to chip-and-Pin-enabled REDcards is set to begin in early 2015. " The new payment terminals will be in all 1,797 U.S. stores by this September, six months ahead of schedule. In addition, by early next year, Target will enable all REDcards with chip-and-PIN technology and begin accepting payments from all chip-enabled cards in its stores, " the company said. The chip-and-PIN system, also known as the EMV standard. Instead of using a magnetic stripe to store fina
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Tilon/SpyEye2 Banking Trojan Usage Declining after SpyEye Author Arrest

Tilon/SpyEye2 Banking Trojan Usage Declining after SpyEye Author Arrest

Feb 27, 2014
Today, when we come across various malware, exploit kits and botnets that are in the wild, we think about an effective Antivirus solution or a Security Patch, but the most effective solution is always " The arrest of malware authors and culprits who are involved in the development of Malware. " Tilon has been an active malware family that was spotted first time in 2012, was specially designed to filch money from online bank accounts, that earlier various researchers found to be the new version of Silon , is none other than the SpyEye2 banking Trojan , according to researchers at security firm  Delft Fox-IT . Tilon  a.k.a  SpyEye2 is the sophisticated version of SpyEye Trojan . Majority functional part of the malware is same as of the SpyEye banking Trojan that was developed by a 24-year-old Russian hacker ' Aleksandr Andreevich Panin ' or also known as  Gribodemon , who was arrested in July 2013. ' SpyEye ', infected more than 1.4 million Computers
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Bluetooth enabled Credit Card Skimmers planted at Gas Station lead to $2 Million heist

Bluetooth enabled Credit Card Skimmers planted at Gas Station lead to $2 Million heist

Jan 22, 2014
Cyber Criminals will not let any way out without making Money. Another huge Credit Card theft and this time they targeted Gas Stations. 13 men were suspected and charged for stealing banking information, using Bluetooth enabled Credit Card Skimmers planted on the gas stations throughout the Southern United States. They made more than $2 Million by downloading the ATM information, as well as PIN numbers from the gas pumps and then used the data to draw cash from the ATMs in Manhattan. Manhattan District Attorney Cyrus R. Vance explained the operation that the skimming devices were internally installed so was undetectable to the people who paid at the pumps and the devices were Bluetooth enabled, so it did not need any physical access in order to obtain the stolen personal identifying information. " By using skimming devices planted inside gas station pumps, these defendants are accused of fueling the fastest growing crime in the country. Cybercriminals and ident
20 Million Credit Cards stolen in South Korea; 40% Population affected by the Data Leak

20 Million Credit Cards stolen in South Korea; 40% Population affected by the Data Leak

Jan 20, 2014
Since all threats to data security and privacy often come from outside, but internal threats are comparatively more dangerous and a difficult new dimension to the data loss prevention challenge i.e. Data Breach . The " Insider threats " have the potential to cause greater financial losses than attacks that originate outside the company. This is what happened recently with three credit card firms in South Korea , where the financial and personal data belonging to users of at least 20 million, in a country of 50 million, was stolen by an employee, who worked as a temporary consultant at Korean Credit Bureau (KCB). " Confidential data of customers ranging from the minister-level officials to celebrities, including their phone numbers, addresses, credit card numbers, and even some banking records, have been leaked from Kookmin Bank, Shinhan Bank and several other commercial banks ", The stolen data includes the bank account numbers, customers' names, social security number
US retailer Neiman Marcus confirmed data breach after TARGET

US retailer Neiman Marcus confirmed data breach after TARGET

Jan 13, 2014
The TARGET Hack was not the only massive Data breach that happened during the last Black Friday, but also other three major US Retailers were also hacked. Recently, Neiman Marcus also confirmed a data breach that involves Credit card theft from its customers during the holiday shopping season, using similar techniques to the one that penetrated Target last month. Neiman Marcus has 79 stores and reported total sales of $1.1 Billion in the Q4 2013. Neiman Marcus revealed that its customers are at risk after hackers breached servers of the company and accessed the payment information of those who visited its stores. The company is working to inform customers whose cards have been used for fraudulent purchases, but differently from the case of retailer Target, the company hasn't provided information on the nature of data leaked and on the number of customer records exposed. Neiman Marcus spokesperson Ginger Reeder announced that the company does not yet know the cause, size or dur
40 Million Credit Card accounts affected in massive data breach at 'Target' Stores during Black Friday

40 Million Credit Card accounts affected in massive data breach at 'Target' Stores during Black Friday

Dec 19, 2013
If you have shopped something during the Black Friday weekend from Target's U.S based Retailer stores, then please pay serious attention - Your Credit and Debit card account may have been at Risk. There are more than 1,500 Target stores throughout the U.S and 40 Million credit and debit card accounts of Target's customers may have been stolen during the height of the holiday shopping season, according to a statement  published by the company. Somehow thieves allegedly gained access to personal data in stores when customers swiped their cards at the register. That information is then typically sold to buyers who then make bogus debit or credit cards with it. So the customers who made purchases by swiping their cards at terminals in its U.S. Stores between November 27 and December 15 may have been exposed.  Krebs who broke the story reports that the breach does not impact shoppers who purchased items online. Target has not disclosed exactly how the data breach occurr
Hardware Keylogger used by Card skimmers to steal Credit Cards at Nordstrom Store

Hardware Keylogger used by Card skimmers to steal Credit Cards at Nordstrom Store

Oct 14, 2013
Three men allegedly installed Credit Card Skimming keylogger at into cash registers in a Nordstrom department store in the Florida. Those Keyloggers were connected via a keyboard cord between the keyboard and the computer to intercept the information transmitted between the two devices and Furthermore, the gang used the connectors designed to resemble common PS2 cables. Krebs has indicated  on his blog that such keyloggers can be easily obtained online for about $40 only. Placing such a devices would have allowed criminals access to data for anyone applying for a Nordstrom credit card , plus any numbers typed in via the keyboard.  In order to collect the captured data, criminals have to return back after few days to collect the keylogger from store. But at this time it is unknown if the men ever returned to the store in order to retrieve the keyloggers and Nordstrom are unaware of any arrests being made. An alert circulated by the police department in Avent
NSA Intelligence Agency spies on International Credit Card Transactions including Visa

NSA Intelligence Agency spies on International Credit Card Transactions including Visa

Sep 15, 2013
" The truth is coming, and it cannot be stopped ", Edward Snowden.  The National Security Agency isn't just snooping into phone and online communications. It also appears to be keeping a close eye on credit card transactions. New reports published by Der Spiegel exposed that The National Security Agency (NSA) is widely monitoring SWIFT bank transactions, International Credit Card Payments and banking, attained by watching printer traffic from numerous banks. According to the information acquired by former NSA contractor Edward Snowden , Show that in 2011, the NSA possessed 180 million records and spying is conducted by a branch called " Follow the Money. That data then moved to their own   ' Tracfin ' financial databank to track money flows. NSA targets the transactions of various banks via large credit card companies like VISA by doing surveillance in Europe, Middle East and Africa. Some 84 percent of the data are from credit card transactions
Vodafone Germany Hacked; Attackers accesses banking data of two million customers

Vodafone Germany Hacked; Attackers accesses banking data of two million customers

Sep 12, 2013
Vodafone Germany has been hacked and Personal details of more than two million customers have been compromised, some including banking details. Stole data includes names, addresses, birth dates, and bank account information, but the hacker had no access to credit-card information, passwords, PIN numbers or mobile-phone numbers. According to a blog post on the Vodafone website, The company has already involved law enforcement agencies in the investigation, and it is confirmed that a suspect has been identified and searches conducted in the case, but didn't say whether the suspect was an employee or an outsider. It's unclear when the breach took place, but it appears to have involved a successful compromise of an internal server on Vodafone's network. Vodaphone said it is taking action to prevent this type of incident from occurring again, including reinstalling servers and changing passwords and certificates of all administrators. Vodafone customers outside of Germany aren&#
Russian Hackers charged for stealing 160 million Credit Cards

Russian Hackers charged for stealing 160 million Credit Cards

Jul 25, 2013
A Group of Hackers, Four Russians and a Ukrainian allegedly broke computer networks of more than a dozen major American and international corporations and stole 160 million credit card numbers over the course of seven years, the largest data theft case ever prosecuted in the U.S.  They are accused of stealing usernames and passwords, personal identification information, and credit and debit card numbers. After stealing data, they sold it to resellers, who then sold it through online forums or to individuals and organizations. Since at least 2007, officials said the hackers have been infiltrating computer networks across the globe, including firms in New Jersey, where the first breach was detected. The group would then allegedly install " sniffers " within the networks to automatically obtain electronic data from tens of thousands of credit cards. The network allegedly charged $10 for American credit card information, $50 for European information and $15 for Canadian data.  The defen
Privacy of Millions of HTC devices at risk

Privacy of Millions of HTC devices at risk

Feb 24, 2013
More than 18 million smartphones and other mobile devices made by HTC are at risk vulnerable to many security and privacy issue. The Federal Trade Commission charged HTC with customizing the software on its Android- and Windows based phones in ways that let third-party applications install software that could steal personal information. The vulnerabilities placed sensitive information about millions of consumers at risk and potentially permitted malicious applications to send text messages, record audio and install additional malware without a user's knowledge or consent.  FTC identify many vulnerabilities including, insecure implementation of two logging applications i.e Carrier IQ and HTC Loggers . The agency also found programming flaws that let third-party apps bypass Android's permission-based security model. Flaws in the security system could also give third-party apps access to phone numbers, contents of text messages, browsing history and information
Pizza Hut defaced, Authorities denies theft of 240000 Credit Cards

Pizza Hut defaced, Authorities denies theft of 240000 Credit Cards

Nov 07, 2012
Yesterday Australian Pizza Hut website was compromised by a hacking group going by the name of 0-Day and Pyknic . Hackers defaced the website and claim that they made off with 260,000 Australian credit card numbers. Hack was 1st noticed by  Whirlpool Forum users. But a Pizza Hut spokeswoman said the company did not store such information on its website. " Pizza Hut can confirm that a layer of its website, pizzahut.com.au , was breached with access gained to names and contact information, including email addresses ". " We are working with our website providers to conduct a thorough investigation of the matter and have also reported the incident to the Office of the Australian Information Commissioner. We would like to reassure all of our customers that absolutely no credit card information was stolen and there is no need for concern regarding credit cards." "The security of our online ordering system has not been compromised in any way and our customers ca
Hackers stole Credit Card details from 63 'Barnes & Noble' stores

Hackers stole Credit Card details from 63 'Barnes & Noble' stores

Oct 24, 2012
Over 60 Barnes & Noble stores have been used by hackers to gain the credit card data, including the PINs, of customers. The New York  company is warning customers to check for unauthorized transactions and to change their personal identification numbers or PINs. It hasn't said how many accounts may have been compromised. The scheme didn't affect Barnes & Noble's Nook tablets or mobile apps, the chain's member database, or any Barnes & Noble College Bookstores. B&N says it caught the problem in mid-September, and that it's safe now to use credit and debit cards at its stores. The New York Times reported that the hackers had already made purchases on some customer credit cards. Federal authorities are investigating. Barnes & Noble said it is working with banks and card issuers to identify compromised accounts so that additional fraud-protection measures can be taken. All keypads at the stories have been removed and shipped to a site where they c
Hackers steal more than $450,000 from Burlington city bank

Hackers steal more than $450,000 from Burlington city bank

Oct 14, 2012
The city of Burlington is warning its employees to check their bank accounts after finding out funds have been stolen. The Skagit Valley Herald reports the money was electronically transferred to various personal and business accounts throughout the United States during a two-day period this week. " We really don't know exactly how it happened ," said City Manager Bryan Harrison. " Multiple banks in multiple states involved. " " Someone, either through the city system or Bank of America had actually accessed our electric authorization account. " The theft was first reported by the Skagit Valley Herald newspaper which said that Burlington's finance department reported the theft Thursday. Police and the Secret Service are investigating. Burlington is a city of about 8,400 people roughly 60 miles north of Seattle. They believe the money has been shifted to different banks around the world. Officials say they will recover the money that was
Hackers disrupt Interpol website against Anti-Islam film

Hackers disrupt Interpol website against Anti-Islam film

Oct 07, 2012
A hacker group " Kosova Hacker's Security " based in the Middle East take down Interpol website yesterday. According to claim of Hackers, they are doing this cyber attack on a law enforcement agency to show their protest against the controversial Anti-Islam film, Innocence of Muslims. According to the mail notification from Hackers, they claim to DDOS Interpol servers including DNS servers also with a Botnet army of 770 Bots. In more technical terms, hackers are DDOSing Interpol servers with 770 Bots and 65500 packets/second. Interpol website (  https://www.interpol.int/  ) server 193.22.7.16:80 and DNS server 193.22.7.80:53 was under attack by these hackers. At the time of writing this article, may be the website is working fine. On asking, How they got 770 Bots ? Hacker give a screenshot ( shown above ) of the Exploit pack they are using to infect computers and to make them slave of their Botnet weapon. Recently the six major American banks suffered de
Cybersecurity Resources