Data stolen from Hy-Vee customers offered for sale on Joker’s Stash Dark Web forum

By: Charlie Osborne

A card dump of 5.3 million accounts may be tied to the recent security breach.

As previously reported by ZDNet, the supermarket chain issued a warning to customers on August 14 which explained that a data breach had occurred at point-of-sale (PoS) systems used by the firm’s fuel pumps, coffee shops, and restaurants including Market Grilles, Market Grille Expresses, and Wahlburgers.

However, PoS systems used by Hy-Vee grocery stores, drugstores, and convenience stores are not believed to have been affected.

Typically, PoS platforms are compromised through the installation of RAM scanners which are able to harvest payment card details once they have been swiped. This stolen data is then remotely transferred to a server controlled by an attacker and may be offered for sale as part of a data dump or used to create clone cards.

It is not known who is behind the data breach, nor how long they were lurking on the firm’s systems. Iowa-based Hy-Vee has launched an investigation and asked customers to keep an eye on their bank statements for fraudulent transactions.

“If you see an unauthorized charge, immediately notify the financial institution that issued the card because cardholders are not generally responsible for unauthorized charges reported in a timely manner,” the company said.


Data breaches increased 54% in 2019 so far

By: James Sanders

More than 3,800 data breaches have hit organizations in 2019, according to Risk Based Security.

The year 2019 is shaping up to be a landmark one for data breaches, as it has seen over 3,800 breaches—a 50% or greater increase over the last four years, according to a report published by Risk Based Security on Wednesday.

“Between 2015 and 2018, the variation in the number of reported breaches was less than 200 incidents. For the first six months of 2019, the number of breaches increased by 54% compared to the same time last year,” the report states, adding that a high volume of leaks of relatively few records skews, somewhat, this measure.

In contrast, the number of records exposed in the first half of 2019 is 30% lower compared to the same time frame in 2017, according to the report—though this may change in the second half of the year, as recent reports detail the full extent of the data exfiltrated by Paige A. Thompson, the hacker accused in the Capital One data breach, is said to possess “multiple terabytes of data stolen… from more than 30 other companies, educational institutions, and other entities,” according to court documents obtained by ZDNet.

Despite concerns raised in the cybersecurity community about insider threats, 89% of breaches are the result of outside attacks, though the report notes that “more and more sensitive data is exposed when insiders fail to properly handle or secure the information,” pointing to misconfigured databases and services representing 149 of 3,813 incidences reported so far this year resulting in the exposure of over 3.2 billion records.

Risk Based Security also points to the dangers of placing sensitive data in the hands of third parties, naming the American Medical Collection Agency (AMCA) breach, in which “hackers infiltrated AMCA’s network and pilfered over 22 million debtors’ records including data such as names, addresses, dates of birth, Social Security numbers and financial details” as a critical event. “These breaches be more difficult to manage given the multiple parties involved, they can also have more damaging consequences for the individuals whose data is exposed in the event,” the report said, noting that the breach has severe consequences for AMCA, as the company “was forced into filing for bankruptcy protection a mere 2 weeks after news of the breach made headlines.”


Visa Adds New Fraud Disruption Measures

By: Steve Zurier

Payment card giant creates a ‘cyber fraud system’ to thwart transaction abuse.

 Visa now is adding fraud disruption to supplement its transaction fraud detection and remediation efforts. The company today at the Visa US Security Summit 2019 in San Francisco outlined five new capabilities it now uses to prevent fraudulent transactions.

“We’re looking to identify and disrupt fraud before it happens,” says David Capezza, senior director of payment fraud disruption at Visa. “We want to take a more proactive approach and identify these attacks and shut them down before they occur.”

Rivka Gewirtz Little, research director for global payment strategies at IDC, says Visa’s new approach blends both its cyber and fraud units.

“Typically, organizations are focused on the transaction,” Gewirtz Little says. “What’s interesting here is that Visa is creating a true cyber fraud system where the cyber team and fraud teams are integrated: the cyber team focuses on the attack against the enterprise and the fraud team looks at ways of preventing the attack. It’s not always the same set of tools, the same team and objectives.”

The five new fraud capabilities Visa will offer include:

Vital Signs: Monitors transactions and alerts financial institutions of potentially fraudulent activity at ATMs and merchants that may indicate an ATM cashout attack. To limit financial losses for financial institutions, Visa can automatically or in coordination with clients, step in to suspend malicious activity.

Capezza says Visa looks to understand the methodologies behind ATM cashout attacks, looking for anomalies in withdrawals and then notifying clients.

Account Attack Intelligence: Applies deep learning to Visa’s vast number of processed card-not-present transactions to identify financial institutions and merchants that hackers may exploit to guess account numbers, expiration dates, and security codes. By using machine learning, Visa looks to detect sophisticated enumeration patterns, eliminate false positives, and alert affected financial institutions and merchants before follow-on fraud transactions begin.

Payment Threats Lab: Visa will create an environment to test a client’s processing, business logic, and configuration settings to identify errors leading to potential vulnerabilities. Capezza says working directly with clients, Visa can run red-team tests to walk through the methodologies hackers use to launch attacks. They can replicate how various attacks occur to understand them better and look out for new ways hackers can potentially attack financial systems.


Ataques cibernéticos causam prejuízos de US$ 45 bilhões em 2018

By: TI Inside Online

Cyber Incident & Breach Trends Report de 2018, divulgado pela Online Trust Alliance (OTA), traz dados alarmantes sobre ataques cibernéticos. Em 2018, os danos causados pelos cibercriminosos totalizaram US$ 45 bilhões. Cerca de 2 milhões de incidentes de segurança foram reportados. Em suma, o documento apresenta informações interessantes sobre violações de dados e ataques de ransomware, de DDoS e de Business Email Compromise (BEC), entre outras ameaças.

O relatório da OTA é baseado em estatísticas, dados e informações de várias empresas e organizações de segurança cibernética, incluindo o FBI e o Cybersecurity Ventures, por exemplo. Agora, vamos dar uma olhada nos principais pontos do documento.

Principais tópicos do Cyber Incident & Breach Trends Report

Violações de dados

O relatório aponta que cerca de 95% das violações no ano passado poderiam ter sido evitadas. Esse número é alarmante porque indica que as pessoas e as empresas não se preocuparam tanto com a segurança de dados e informações quanto deveriam. E não podemos esquecer que, no caso de um negócio, uma violação de dados pode ter efeitos devastadores, como comprometer a marca e a reputação da empresa.


Segundo o relatório, os danos provocados pelos ataques de ransomware aumentaram cerca de 60% em 2018. O impacto financeiro é estimado em US$ 8 bilhões. Em 2017, os ataques de ransomware causaram perdas de US$ 5 bilhões. Outra informação interessante aponta que o uso de ransomware para atacar empresas tem sido mais comum. Aumentou em cerca de 12% de 2017 para 2018. Esta é mais uma razão pela qual as empresas devem pensar cuidadosamente sobre as informações que manipulam.

BEC (Business Email Compromise)

Um dos pontos que merece atenção no relatório diz respeito aos golpes de Business Email Compromise (BEC) e de Email Account Compromise (EAC). Os danos provocados por este tipo de ataque quase dobraram de 2017 para 2018, foram de mais de US$ 600 milhões para mais de US$ 1 bilhão. O número de incidentes relatados envolvendo BEC e EAC também aumentou no mesmo período, de 16.000 casos para mais de 20.000 casos.

DDoS (Ataque de Negação de Serviço)

Lendo o relatório, fica claro que os ataques de DDoS (Distributed Denial-of-Service attack) ainda são muito utilizados pelos hackers. Em 2018, cerca de 150.000 incidentes envolvendo ataques DDoS foram relatados. No entanto, esse número representa uma redução de mais de 10% em relação a 2017.


85 aplicativos maliciosos da Google Play foram baixados mais de 8 milhões de vezes

By: TI Inside Online

A Trend Micro identificou uma nova família de adware no Google Play. Chamada de AndroidOS_Hidenad.HRXH, os falsos apps se disfarçavam de aplicativos de fotos e jogos. Além dos típicos métodos de adware, que consistem na exibição de anúncios difíceis ou impossíveis de se fechar, essa ameaça utiliza técnicas únicas para evitar sua detecção a partir de gatilhos baseados no tempo e no comportamento do usuário.

No total, os 85 aplicativos maliciosos da Google Play foram baixados mais de oito milhões de vezes. Eles se passavam por apps de jogos e fotografia e usavam técnicas avançadas de evasão. Após o download, a ameaça esperava mais de 30 minutos para agir e então escondia o ícone do aplicativo, e impedindo que o app fosse desinstalado ao ter seu ícone arrastado para a seção “desinstalar” da tela.

Embora os aplicativos tenham as funcionalidades reais das aplicações de que se disfarçam, os anúncios são mostrados em toda a tela, forçando os usuários a visualizar toda a duração do anúncio antes de conseguir fechá-lo ou voltar ao próprio app. Além disso, a frequência com que eles são exibidos pode ser configurada remotamente pelo fraudador, o que poderia aumentar o incômodo dos usuários.


Compliance Is Not Security: Why You Need Cybersecurity Chops In The Boardroom

By: Frances Dewing

Cybersecurity is now a topic of discussion in every boardroom. A diligent director takes this risk, and their fiduciary duty around it, seriously. But the risk is complex and technical, and most boards don’t have a cybersecurity expert on the list of directors.

So instead, many boards have fallen into the trap of over-reliance on audits and compliance as a determination for whether the company has done its due diligence in preventing a cyber breach. Here’s why this is a problem:

1. Compliance is not security.

Compliance was meant to be a floor, but it has become a ceiling. Industry standard certifications and compliance frameworks (for example, HIPPA, PCI, ISO) are the bare minimum and intended to be generic. A framework can’t account for the nuances of your company operations and environment. These audits only look at a snapshot in time, not the ongoing state of your security. Your company could pass an audit, but a day later a vulnerability could be left unaddressed and your security compromised. I’ll say it again: Compliance is not security. The most cyber-resilient organizations are those that treat compliance as a baseline.

2. Security is a culture, not just a function.

I too often hear “cybersecurity is the CISO’s job.” Sure, the CISO may have functional oversight but the information security team can’t practically micromanage every person’s behavior in the company. Every person has to do their part. Your part might be just following protocol (for example, use unique passwords, don’t forward work documents to your personal device, don’t click links in emails). These small but important habits need to be built into your culture. Build a culture where everyone views security as their responsibility, and you’ll mitigate 90% of your risk.


Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers.

By: Pierluigi Paganini

A public Jailbreak for iPhones in was released by a hacker, it is an exceptional event because it is the first in years. According to Motherboard, that first reported the news, Apple accidentally unpatched a flaw it had already fixed allowing the hacker to exploit it.

The jailbreak works with the latest version of the iOS mobile operating system, Google Project Zero expert Ned Williamson confirmed that the jailbreak works on his iPhone.

During the weekend, experts discovered that the latest iOS version (12.4) released in June has reintroduced a security flaw found by a Google Project Zero white hat hacker that was previouslyfixed in iOS 12.3.

The flaw potentially exposes iPhone devices running current and older iOS versions (any 11.x and 12.x below 12.3) to the risk of a hack until the 12.4.1will be released.

The popular researcher Pwn20wnd, who already developed iPhone jailbreaks in the past, today has published a jailbreak for iOS 12.4. Some users claim the jailbreak works on their iPhones.

This is a very unusual situation because hackers that have developed a working exploit for iPhone prefers to sell it to zero-day broker firm like Zerodium that pay them up 2 million of dollars.


8,5 milhões de brasileiros já foram vítimas de clonagem de WhatsApp em todo país

By: TI Inside Online

Uma pesquisa recente realizada pela PSafe, desenvolvedora dos aplicativos dfndr, revelou que 8,5 milhões de brasileiros já foram vítimas de clonagem de WhatsApp, o que representa 23 novas vítimas desta modalidade de golpe diariamente em todo o país. Ainda segundo a pesquisa, 26,7% dos entrevistados apontaram o vazamento de conversas privadas como o principal prejuízo da clonagem de WhatsApp, seguido de envio de links com golpes para outros contatos (26,6%); solicitações de dinheiro aos amigos (18,2%), perda da conta do WhatsApp (18,0%); e chantagem (10,5%).

WhatsApp na mira dos cibercriminosos

Apesar de não ser uma prática inédita, a clonagem de WhatsApp ganhou destaque este ano no Brasil devido aos inúmeros relatos de usuários que foram vítimas de cibercriminosos. Somente no primeiro semestre de 2019, o dfndr lab – laboratório especializado em segurança digital – registrou mais de 134 mil tentativas de roubo de WhatsApp. O diretor do laboratório, Emilio Simoni, explica o passo a passo do golpe:

“Para clonar uma conta de WhatsApp, o cibercriminoso cadastra indevidamente o número de telefone do usuário em outro dispositivo e, após esse processo, um SMS contendo um código de liberação de acesso é enviado ao celular da vítima. Depois, ela é induzida a fornecer esse código ao hacker e, em seguida, a sua conta de WhatsApp é bloqueada”, relata Simoni.

Principais prejuízos para as vítimas

Ao ter livre acesso ao WhatsApp de um usuário, o hacker pode se passar por ele para aplicar golpes em seus amigos e familiares. É bastante comum que o cibercriminoso faça solicitações de empréstimos, envie links com outros golpes para os contatos registrados no mensageiro e, também, use o conteúdo privado das mensagens para, posteriormente, fazer chantagens com a vítima em troca de dinheiro.

Por isso, Simoni alerta que o usuário jamais deve informar o código de liberação de acesso do WhatsApp que ele recebe para terceiros. Além disso, é recomendável ativar a autenticação de dois fatores, disponível no próprio WhatsApp, para aumentar a segurança da conta.


Cyber Attack: Securing Digital Payments In The Age Of Emerging Technologies

By: Inc42

In recent times, India’s financial systems have been heavily targeted by malicious cyber actors due to an indefinite cyber framework. This can be further explained through the cyber attack instances of millions of debit cards being hacked in the past few years.

About 70% of the organizations have experienced some form of cyber-attack with phishing, Distributed Denial of Service (DDoS) or spam. The rising incidents of cyber frauds in digital payments, the Hitachi ATM data breach in 2016, surge in ransomware attacks such as Wannacry and Petya, Yahoo data breach etc. signifies that India requires updated technologies as well as policies to protect millions of personal data.

The breach of the latter isn’t just a done to hinder daily activities, but also a carry forward to activities such as cyber-espionage which are an attack to a country’s national security.

Global Systems Of Hacking

The attackers today are progressively building advanced technologies to target core banking systems especially concerned with payments. Their activities are becoming more and more aggressive and assertive than before to interrupt the victim’s capability to respond. They are further collaborating across multiple geographies heightening the attacker’s anonymity by requiring no additional resources to carry out the attacks.

As hackers are operating globally and collaborating across multiple geographies, it is therefore fundamentally critical to ensure that jurisdictions and organisations across the world collaborate to counter this growing threat. In the new era of digital payments, where technologies are constantly changing and evolving, there are numerous cybersecurity challenges to consider.

Cyber-attacks are more sophisticated and now target the entire payments life cycle.

Need For A Coordinated And Integrated Approach

Silos that exist between lines of business, payment operations (across payment types, business functions, and geographies), cybersecurity, risk, compliance, technology, treasury, and business continuity hamper the carefully coordinated response needed to prevent, detect and respond to attacks.


9 Popular Phishing Scams (Be Aware)

By: BroadbandSearch .net

Ever since the early days of the internet, scammers have been working to steal our money, and sometimes our identity. And while we as internet users have gotten more aware and are more capable of identifying scams, the bad guys have gotten better too, which means danger is still out there, lurking behind every digital corner.

However, the best defense against cybercrime is not to avoid using the internet. Doing that would be denying ourselves all the best things the internet has to offer, such as educational resources, social media, and, of course, pictures of cute dogs. Instead, the best thing you can do is to inform yourself about how hackers work and about the most common types of scams out there.

Email scams, also known as phishing, are some of the most prevalent threats, so it’s important to understand what they are as well as what they look like so that you can steer clear and stay safe while surfing the web. Read on to find everything you need to know.

Understand the Risk of Email Phishing

To help you understand the risk that email phishing poses, consider the following:

Email Phishing in 2019

[1], [2], [3], [4], [5], [6]

What is Phishing?

According to, phishing is a type of cybercrime in which hackers contact you while posing as a legitimate institution or organization in an attempt to get you to provide sensitive or private information. Once they have this information, they most often use it to commit financial or identity theft, the consequences of which can be extremely severe.

This type of phishing can occur over the telephone, via SMS text message, or, as is most often the case, through email.

Other phishing attempts will ask you to download a file or click a link, and doing so will infect your computer with malicious software that can cause your personal information to end up in the wrong hands.


Integral to almost all phishing attempts is website or email spoofing. This is the practice of creating a website or email template that nearly perfectly mimics a legitimate website. These designs are very professionally done and can be almost impossible to distinguish from the real thing.