#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

credit card | Breaking Cybersecurity News | The Hacker News

Category — credit card
Researcher spots an ATM Skimmer while on vacation in Vienna

Researcher spots an ATM Skimmer while on vacation in Vienna

Jun 26, 2016
We have heard a lot about ATM skimmers, but it's nearly impossible to spot one. Some skimmers are designed to look exactly like the card slot on the original machine and attached to the front, and others are completely hidden inside the ATM. But, during his vacation in Vienna, Austria, cyber security expert Benjamin Tedesco spotted an ATM skimmer that was totally unrecognizable. Tedesco was hanging out in Vienna and when about to draw some cash from a cash machine outside St. Stephen's Cathedral, he decided to do a quick visual inspection of the ATM machine and surprisingly spotted the dodgy device attached to it. Warning: Beware of Skimming Devices Installed on the ATM Vestibule Doors . That was a credit card skimmer – a perfect replica of the actual card reader that was designed to steal credit card information of users when they swipe their card to take off cash from the ATM. "Being security paranoid, I repeated my typical habit of checking the card read...
Let's Take a Selfie to Shop Online With MasterCard

Let's Take a Selfie to Shop Online With MasterCard

Jul 03, 2015
Difficulty in remembering complicated Passwords? Forget Passwords and Fingerprints now – and get ready to authenticate your online purchases with your SELFIES . MasterCard is experimenting a new app that would let you make online purchases by taking a selfie rather than typing a password, moving a step forward in the mobile payments evolution. This experimental ID Check security system uses the front camera of your mobile phone and "facial recognition" technology to get your payment done with a quick shot of your face. And MasterCard thinks this generation people will love it. " The new generation, which is into selfies...I think they will find it cool, " MasterCard President of Enterprise Safety and Security Ajay Bhalla told CNNMoney. " They'll embrace it ." How this new feature works? MasterCard will provide you a new mobile app to download in order to use the feature. After you make an online payment, the new app will...
The Future of Serverless Security in 2025: From Logs to Runtime Protection

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Nov 28, 2024Cloud Security / Threat Detection
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is the issue with that: 1. Logs Only Tell Part of the Story Logs can track external-facing activities, but they don't provide visibility into the internal execution of functions. For example, if an attacker injects malicious code into a serverless function that doesn't interact with external resources (e.g., external APIs or databases), traditional log-based tools will not detect this intrusion. The attacker may execute unauthorized processes, manipulate files, or escalate privileges—all without triggering log events. 2. Static Misconfiguration Detection is Incomplete Static tools that check ...
LoopHole in PayPal Terms Allows Anyone to Double PayPal Money Endlessly

LoopHole in PayPal Terms Allows Anyone to Double PayPal Money Endlessly

Jun 12, 2014
Many of us own a PayPal account for easy online transactions, but most of us don't have balance in our PayPal Account. But what will happen if your money doubles, triple...or even more folds in just some couple of hours ?? Sounds cherishing!! A loophole in the popular digital payment and money transfer service, PayPal allows its users to double the money in their account and that too endlessly. That means with only $50 in your PayPal account, you can make it to $100, then $100 to directly $200 and so on. An eBay owned company, PayPal provides a faster and safer way to pay and get paid. The service gives people simpler ways to send money without sharing financial information, with over 148 million active accounts in 26 currencies and across 193 markets, thereby processing more than 9 million payments daily. According to TinKode a.k.a Razvan Cernaianu , who claimed to have found this loophole in the PayPal service that actually resides in its Chargeback Process  wh...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Target finally Plans to issue Chip and PIN Credit Cards

Target finally Plans to issue Chip and PIN Credit Cards

Apr 30, 2014
The massive data breaches in U.S largest retailers ' Target ', marked the largest card heists in the U.S. history in which financial credentials of more than 110 million customers were compromised, have forced the retailer to take step towards more secure transactions. The retailer company on Tuesday said it is implementing chip-and-PIN payment card systems for its stores and will be soon working with the MasterCard to replace all of its REDcard customer cards to chip-and-PIN secured cards. The transition to chip-and-Pin-enabled REDcards is set to begin in early 2015. " The new payment terminals will be in all 1,797 U.S. stores by this September, six months ahead of schedule. In addition, by early next year, Target will enable all REDcards with chip-and-PIN technology and begin accepting payments from all chip-enabled cards in its stores, " the company said. The chip-and-PIN system, also known as the EMV standard. Instead of using a magnetic stripe to store fina...
Tilon/SpyEye2 Banking Trojan Usage Declining after SpyEye Author Arrest

Tilon/SpyEye2 Banking Trojan Usage Declining after SpyEye Author Arrest

Feb 27, 2014
Today, when we come across various malware, exploit kits and botnets that are in the wild, we think about an effective Antivirus solution or a Security Patch, but the most effective solution is always " The arrest of malware authors and culprits who are involved in the development of Malware. " Tilon has been an active malware family that was spotted first time in 2012, was specially designed to filch money from online bank accounts, that earlier various researchers found to be the new version of Silon , is none other than the SpyEye2 banking Trojan , according to researchers at security firm  Delft Fox-IT . Tilon  a.k.a  SpyEye2 is the sophisticated version of SpyEye Trojan . Majority functional part of the malware is same as of the SpyEye banking Trojan that was developed by a 24-year-old Russian hacker ' Aleksandr Andreevich Panin ' or also known as  Gribodemon , who was arrested in July 2013. ' SpyEye ', infected more than 1.4 million Comp...
Bluetooth enabled Credit Card Skimmers planted at Gas Station lead to $2 Million heist

Bluetooth enabled Credit Card Skimmers planted at Gas Station lead to $2 Million heist

Jan 22, 2014
Cyber Criminals will not let any way out without making Money. Another huge Credit Card theft and this time they targeted Gas Stations. 13 men were suspected and charged for stealing banking information, using Bluetooth enabled Credit Card Skimmers planted on the gas stations throughout the Southern United States. They made more than $2 Million by downloading the ATM information, as well as PIN numbers from the gas pumps and then used the data to draw cash from the ATMs in Manhattan. Manhattan District Attorney Cyrus R. Vance explained the operation that the skimming devices were internally installed so was undetectable to the people who paid at the pumps and the devices were Bluetooth enabled, so it did not need any physical access in order to obtain the stolen personal identifying information. " By using skimming devices planted inside gas station pumps, these defendants are accused of fueling the fastest growing crime in the country. Cybercriminals and ident...
20 Million Credit Cards stolen in South Korea; 40% Population affected by the Data Leak

20 Million Credit Cards stolen in South Korea; 40% Population affected by the Data Leak

Jan 20, 2014
Since all threats to data security and privacy often come from outside, but internal threats are comparatively more dangerous and a difficult new dimension to the data loss prevention challenge i.e. Data Breach . The " Insider threats " have the potential to cause greater financial losses than attacks that originate outside the company. This is what happened recently with three credit card firms in South Korea , where the financial and personal data belonging to users of at least 20 million, in a country of 50 million, was stolen by an employee, who worked as a temporary consultant at Korean Credit Bureau (KCB). " Confidential data of customers ranging from the minister-level officials to celebrities, including their phone numbers, addresses, credit card numbers, and even some banking records, have been leaked from Kookmin Bank, Shinhan Bank and several other commercial banks ", The stolen data includes the bank account numbers, customers' names, social security number...
US retailer Neiman Marcus confirmed data breach after TARGET

US retailer Neiman Marcus confirmed data breach after TARGET

Jan 13, 2014
The TARGET Hack was not the only massive Data breach that happened during the last Black Friday, but also other three major US Retailers were also hacked. Recently, Neiman Marcus also confirmed a data breach that involves Credit card theft from its customers during the holiday shopping season, using similar techniques to the one that penetrated Target last month. Neiman Marcus has 79 stores and reported total sales of $1.1 Billion in the Q4 2013. Neiman Marcus revealed that its customers are at risk after hackers breached servers of the company and accessed the payment information of those who visited its stores. The company is working to inform customers whose cards have been used for fraudulent purchases, but differently from the case of retailer Target, the company hasn't provided information on the nature of data leaked and on the number of customer records exposed. Neiman Marcus spokesperson Ginger Reeder announced that the company does not yet know the cause, size or dur...
40 Million Credit Card accounts affected in massive data breach at 'Target' Stores during Black Friday

40 Million Credit Card accounts affected in massive data breach at 'Target' Stores during Black Friday

Dec 19, 2013
If you have shopped something during the Black Friday weekend from Target's U.S based Retailer stores, then please pay serious attention - Your Credit and Debit card account may have been at Risk. There are more than 1,500 Target stores throughout the U.S and 40 Million credit and debit card accounts of Target's customers may have been stolen during the height of the holiday shopping season, according to a statement  published by the company. Somehow thieves allegedly gained access to personal data in stores when customers swiped their cards at the register. That information is then typically sold to buyers who then make bogus debit or credit cards with it. So the customers who made purchases by swiping their cards at terminals in its U.S. Stores between November 27 and December 15 may have been exposed.  Krebs who broke the story reports that the breach does not impact shoppers who purchased items online. Target has not disclosed exactly how t...
Hardware Keylogger used by Card skimmers to steal Credit Cards at Nordstrom Store

Hardware Keylogger used by Card skimmers to steal Credit Cards at Nordstrom Store

Oct 14, 2013
Three men allegedly installed Credit Card Skimming keylogger at into cash registers in a Nordstrom department store in the Florida. Those Keyloggers were connected via a keyboard cord between the keyboard and the computer to intercept the information transmitted between the two devices and Furthermore, the gang used the connectors designed to resemble common PS2 cables. Krebs has indicated  on his blog that such keyloggers can be easily obtained online for about $40 only. Placing such a devices would have allowed criminals access to data for anyone applying for a Nordstrom credit card , plus any numbers typed in via the keyboard.  In order to collect the captured data, criminals have to return back after few days to collect the keylogger from store. But at this time it is unknown if the men ever returned to the store in order to retrieve the keyloggers and Nordstrom are unaware of any arrests being made. An alert circulated by the po...
NSA Intelligence Agency spies on International Credit Card Transactions including Visa

NSA Intelligence Agency spies on International Credit Card Transactions including Visa

Sep 15, 2013
" The truth is coming, and it cannot be stopped ", Edward Snowden.  The National Security Agency isn't just snooping into phone and online communications. It also appears to be keeping a close eye on credit card transactions. New reports published by Der Spiegel exposed that The National Security Agency (NSA) is widely monitoring SWIFT bank transactions, International Credit Card Payments and banking, attained by watching printer traffic from numerous banks. According to the information acquired by former NSA contractor Edward Snowden , Show that in 2011, the NSA possessed 180 million records and spying is conducted by a branch called " Follow the Money. That data then moved to their own   ' Tracfin ' financial databank to track money flows. NSA targets the transactions of various banks via large credit card companies like VISA by doing surveillance in Europe, Middle East and Africa. Some 84 percent of the data are from credit card transactions...
Vodafone Germany Hacked; Attackers accesses banking data of two million customers

Vodafone Germany Hacked; Attackers accesses banking data of two million customers

Sep 12, 2013
Vodafone Germany has been hacked and Personal details of more than two million customers have been compromised, some including banking details. Stole data includes names, addresses, birth dates, and bank account information, but the hacker had no access to credit-card information, passwords, PIN numbers or mobile-phone numbers. According to a blog post on the Vodafone website, The company has already involved law enforcement agencies in the investigation, and it is confirmed that a suspect has been identified and searches conducted in the case, but didn't say whether the suspect was an employee or an outsider. It's unclear when the breach took place, but it appears to have involved a successful compromise of an internal server on Vodafone's network. Vodaphone said it is taking action to prevent this type of incident from occurring again, including reinstalling servers and changing passwords and certificates of all administrators. Vodafone customers outside of Germany aren...
Russian Hackers charged for stealing 160 million Credit Cards

Russian Hackers charged for stealing 160 million Credit Cards

Jul 25, 2013
A Group of Hackers, Four Russians and a Ukrainian allegedly broke computer networks of more than a dozen major American and international corporations and stole 160 million credit card numbers over the course of seven years, the largest data theft case ever prosecuted in the U.S.  They are accused of stealing usernames and passwords, personal identification information, and credit and debit card numbers. After stealing data, they sold it to resellers, who then sold it through online forums or to individuals and organizations. Since at least 2007, officials said the hackers have been infiltrating computer networks across the globe, including firms in New Jersey, where the first breach was detected. The group would then allegedly install " sniffers " within the networks to automatically obtain electronic data from tens of thousands of credit cards. The network allegedly charged $10 for American credit card information, $50 for European information and $15 for Ca...
Privacy of Millions of HTC devices at risk

Privacy of Millions of HTC devices at risk

Feb 24, 2013
More than 18 million smartphones and other mobile devices made by HTC are at risk vulnerable to many security and privacy issue. The Federal Trade Commission charged HTC with customizing the software on its Android- and Windows based phones in ways that let third-party applications install software that could steal personal information. The vulnerabilities placed sensitive information about millions of consumers at risk and potentially permitted malicious applications to send text messages, record audio and install additional malware without a user's knowledge or consent.  FTC identify many vulnerabilities including, insecure implementation of two logging applications i.e Carrier IQ and HTC Loggers . The agency also found programming flaws that let third-party apps bypass Android's permission-based security model. Flaws in the security system could also give third-party apps access to phone numbers, contents of text messages, browsing history a...
Pizza Hut defaced, Authorities denies theft of 240000 Credit Cards

Pizza Hut defaced, Authorities denies theft of 240000 Credit Cards

Nov 07, 2012
Yesterday Australian Pizza Hut website was compromised by a hacking group going by the name of 0-Day and Pyknic . Hackers defaced the website and claim that they made off with 260,000 Australian credit card numbers. Hack was 1st noticed by  Whirlpool Forum users. But a Pizza Hut spokeswoman said the company did not store such information on its website. " Pizza Hut can confirm that a layer of its website, pizzahut.com.au , was breached with access gained to names and contact information, including email addresses ". " We are working with our website providers to conduct a thorough investigation of the matter and have also reported the incident to the Office of the Australian Information Commissioner. We would like to reassure all of our customers that absolutely no credit card information was stolen and there is no need for concern regarding credit cards." "The security of our online ordering system has not been compromised in any way and our customers ca...
Hackers stole Credit Card details from 63 'Barnes & Noble' stores

Hackers stole Credit Card details from 63 'Barnes & Noble' stores

Oct 24, 2012
Over 60 Barnes & Noble stores have been used by hackers to gain the credit card data, including the PINs, of customers. The New York  company is warning customers to check for unauthorized transactions and to change their personal identification numbers or PINs. It hasn't said how many accounts may have been compromised. The scheme didn't affect Barnes & Noble's Nook tablets or mobile apps, the chain's member database, or any Barnes & Noble College Bookstores. B&N says it caught the problem in mid-September, and that it's safe now to use credit and debit cards at its stores. The New York Times reported that the hackers had already made purchases on some customer credit cards. Federal authorities are investigating. Barnes & Noble said it is working with banks and card issuers to identify compromised accounts so that additional fraud-protection measures can be taken. All keypads at the stories have been removed and shipped to a si...
Hackers steal more than $450,000 from Burlington city bank

Hackers steal more than $450,000 from Burlington city bank

Oct 14, 2012
The city of Burlington is warning its employees to check their bank accounts after finding out funds have been stolen. The Skagit Valley Herald reports the money was electronically transferred to various personal and business accounts throughout the United States during a two-day period this week. " We really don't know exactly how it happened ," said City Manager Bryan Harrison. " Multiple banks in multiple states involved. " " Someone, either through the city system or Bank of America had actually accessed our electric authorization account. " The theft was first reported by the Skagit Valley Herald newspaper which said that Burlington's finance department reported the theft Thursday. Police and the Secret Service are investigating. Burlington is a city of about 8,400 people roughly 60 miles north of Seattle. They believe the money has been shifted to different banks around the world. Officials say they will recover the money that was...
Hackers disrupt Interpol website against Anti-Islam film

Hackers disrupt Interpol website against Anti-Islam film

Oct 07, 2012
A hacker group " Kosova Hacker's Security " based in the Middle East take down Interpol website yesterday. According to claim of Hackers, they are doing this cyber attack on a law enforcement agency to show their protest against the controversial Anti-Islam film, Innocence of Muslims. According to the mail notification from Hackers, they claim to DDOS Interpol servers including DNS servers also with a Botnet army of 770 Bots. In more technical terms, hackers are DDOSing Interpol servers with 770 Bots and 65500 packets/second. Interpol website (  https://www.interpol.int/  ) server 193.22.7.16:80 and DNS server 193.22.7.80:53 was under attack by these hackers. At the time of writing this article, may be the website is working fine. On asking, How they got 770 Bots ? Hacker give a screenshot ( shown above ) of the Exploit pack they are using to infect computers and to make them slave of their Botnet weapon. Recently the six major American banks suffer...
CitySights NY Data Breach Exposes 110,000 Customers' Personal Information

CitySights NY Data Breach Exposes 110,000 Customers' Personal Information

Dec 23, 2010
CitySights NY, a company that organizes New York City tours on double-decker buses, has experienced a significant data breach. The personal information of 110,000 customers, including names, addresses, email addresses, credit card numbers, expiration dates, and Card Verification Value (CVV2) codes, was stolen. The breach likely occurred on September 26, when attackers used an SQL injection to upload a malicious script to the web server. The intrusion was discovered on October 25 by a web programmer who found the unauthorized script. According to a breach notification letter sent to and published by New Hampshire's attorney general, Twin America, CitySights NY's parent company, confirmed the compromise. In response to the breach, Twin America has taken several steps to enhance data security, including: Changing all administrative-level passwords to more complex ones. Restricting access to the administration panel and server to a few pre-approved IP addresses. Patching scri...
Expert Insights / Articles Videos
Cybersecurity Resources