Credit Card | SC Media

Credit Card

Hy-Vee supermarkets report POS cyber incident

The Mid-Western supermarket chain Hy-Vee has issued a warning that the payment card system was breached at several of its locations and services. The 245-store chain said in an August 14 statement that there was an undefined security incident with the payment processing systems that handled transactions at some Hy-Vee fuel pumps, drive-thru coffee shops,…

Software automates fake purchases on compromised credit cards

Two Deer Valley Resort restaurants hit with POS data breach

The Mariposa and the Royal Street Café in Deer Valley, Colo., are informing customers that their payment card information may have been compromised after an unauthorized party hacked the point-of-sale system of a resort operator that runs both restaurants. The two Deer Valley Resort restaurants discovered on May 17 that an unauthorized person had gained…

Visa contactless hack takes a million units of any foreign currency

Flaws in Visa contactless cards allow for bypass of anti-fraud checks, researchers warn

Researchers say they discovered a technique for exploiting Visa contactless cards that could allow attackers to bypass certain a pair of anti-fraud “payment checks” that normally require a purchaser’s verification. Positive Technologies researchers Leigh-Anne Galloway and Tim Yunusov successfully tested the exploit on five major banks in the U.K., according to a company blog post…

Malicious actor Sweed puts new spins on its attacks

A threat actor named Sweed who has been active for more than two years using spearphishing emails with malicious attachments to spread Formbook, Lokibot and Agent Tesla has been given a detailed examination by Cisco Talos. Cisco Talos researcher Edmund Brumaghin said for the most part Agent Tesla is the group’s favorite flavor of malware,…

Amazon, prime day, phishing, credit card, retail

Amazon Prime Day cybersecurity preparations

Cybercriminals are never hesitant to try and take advantage of a big event and Amazon Prime Day is no exception. With every interaction being made online during the 48-hour sale starting on July 15, infosecurity experts are putting out warnings on how to avoid being scammed. “The increased internet traffic to a specific site with…

Magecart group compromises 17,000 domains by overwriting Amazon S3 buckets

One of the “Magecart” cybercriminal groups has infected more than 17,000 web domains with JavaScript-based payment card-skimming code by developing an automated process for finding and compromising misconfigured Amazon S3 buckets, researchers have reported. “These actors automatically scan for buckets which are misconfigured to allow anyone to view and edit the files it contains,” writes…

EatStreet data breach affecting diners, restaurants and delivery firms

The online food ordering and delivery service EatStreet informed its customers and partners that it suffered a data breach exposing a variety of personal data including payment card information. According to the California State Attorney General’s office, EatStreet sent letters to its diners, delivery and restaurant partners. In each letter the company noted that it…

Magecart POS skimmer adds iframe injection technique

A new online POS skimmer used by one of the Magecart groups has been spotted injecting an iframe into retailer websites that asks for payment card information. Malwarebytes came across the new technique being used on a Magento powered e-commerce platform. Unlike other skimming methods, which search for the active payment form on the page…

Magecart POS malware found on Forbes subscription page

The publisher Forbes appears to be the most recent victim of malicious actors pushing Magecart POS skimming malware. Security researcher Troy Mursch, of Bad Packets Reports, set off the alarm on Twitter indicating Forbes magazine subscription website had been infected and was removing credit card data, Tripwire reported. As with other Magecart cases, the malware…

Credential stuffing: Bigger and badder than ever

Credential stuffing has been around since 2014 enticing cybercriminals with a hefty return on investment and usage has increased of late as even more payment account credentials are stolen and sold on the dark web. Recorded Future just issued a report that looks at the economic environment surrounding credential stuffing and some of the tools…

Next post in Cybercrime