Data stolen from Hy-Vee customers offered for sale on Joker’s Stash Dark Web forum

By: Charlie Osborne
Published: Posted on

A card dump of 5.3 million accounts may be tied to the recent security breach.

As previously reported by ZDNet, the supermarket chain issued a warning to customers on August 14 which explained that a data breach had occurred at point-of-sale (PoS) systems used by the firm’s fuel pumps, coffee shops, and restaurants including Market Grilles, Market Grille Expresses, and Wahlburgers.

However, PoS systems used by Hy-Vee grocery stores, drugstores, and convenience stores are not believed to have been affected.

Typically, PoS platforms are compromised through the installation of RAM scanners which are able to harvest payment card details once they have been swiped. This stolen data is then remotely transferred to a server controlled by an attacker and may be offered for sale as part of a data dump or used to create clone cards.

It is not known who is behind the data breach, nor how long they were lurking on the firm’s systems. Iowa-based Hy-Vee has launched an investigation and asked customers to keep an eye on their bank statements for fraudulent transactions.

“If you see an unauthorized charge, immediately notify the financial institution that issued the card because cardholders are not generally responsible for unauthorized charges reported in a timely manner,” the company said.

More: https://www.zdnet.com/article/data-stolen-from-hy-vee-customers-offered-for-sale-on-jokers-stash-dark-web-trading-post/

Data breaches increased 54% in 2019 so far

By: James Sanders
Published: Posted on

More than 3,800 data breaches have hit organizations in 2019, according to Risk Based Security.

The year 2019 is shaping up to be a landmark one for data breaches, as it has seen over 3,800 breaches—a 50% or greater increase over the last four years, according to a report published by Risk Based Security on Wednesday.

“Between 2015 and 2018, the variation in the number of reported breaches was less than 200 incidents. For the first six months of 2019, the number of breaches increased by 54% compared to the same time last year,” the report states, adding that a high volume of leaks of relatively few records skews, somewhat, this measure.

In contrast, the number of records exposed in the first half of 2019 is 30% lower compared to the same time frame in 2017, according to the report—though this may change in the second half of the year, as recent reports detail the full extent of the data exfiltrated by Paige A. Thompson, the hacker accused in the Capital One data breach, is said to possess “multiple terabytes of data stolen… from more than 30 other companies, educational institutions, and other entities,” according to court documents obtained by ZDNet.

Despite concerns raised in the cybersecurity community about insider threats, 89% of breaches are the result of outside attacks, though the report notes that “more and more sensitive data is exposed when insiders fail to properly handle or secure the information,” pointing to misconfigured databases and services representing 149 of 3,813 incidences reported so far this year resulting in the exposure of over 3.2 billion records.

Risk Based Security also points to the dangers of placing sensitive data in the hands of third parties, naming the American Medical Collection Agency (AMCA) breach, in which “hackers infiltrated AMCA’s network and pilfered over 22 million debtors’ records including data such as names, addresses, dates of birth, Social Security numbers and financial details” as a critical event. “These breaches be more difficult to manage given the multiple parties involved, they can also have more damaging consequences for the individuals whose data is exposed in the event,” the report said, noting that the breach has severe consequences for AMCA, as the company “was forced into filing for bankruptcy protection a mere 2 weeks after news of the breach made headlines.”

More: https://www.techrepublic.com/article/data-breaches-increased-54-in-2019-so-far/

Visa Adds New Fraud Disruption Measures

By: Steve Zurier
Published: Posted on

Payment card giant creates a ‘cyber fraud system’ to thwart transaction abuse.

 Visa now is adding fraud disruption to supplement its transaction fraud detection and remediation efforts. The company today at the Visa US Security Summit 2019 in San Francisco outlined five new capabilities it now uses to prevent fraudulent transactions.

“We’re looking to identify and disrupt fraud before it happens,” says David Capezza, senior director of payment fraud disruption at Visa. “We want to take a more proactive approach and identify these attacks and shut them down before they occur.”

Rivka Gewirtz Little, research director for global payment strategies at IDC, says Visa’s new approach blends both its cyber and fraud units.

“Typically, organizations are focused on the transaction,” Gewirtz Little says. “What’s interesting here is that Visa is creating a true cyber fraud system where the cyber team and fraud teams are integrated: the cyber team focuses on the attack against the enterprise and the fraud team looks at ways of preventing the attack. It’s not always the same set of tools, the same team and objectives.”

The five new fraud capabilities Visa will offer include:

Vital Signs: Monitors transactions and alerts financial institutions of potentially fraudulent activity at ATMs and merchants that may indicate an ATM cashout attack. To limit financial losses for financial institutions, Visa can automatically or in coordination with clients, step in to suspend malicious activity.

Capezza says Visa looks to understand the methodologies behind ATM cashout attacks, looking for anomalies in withdrawals and then notifying clients.

Account Attack Intelligence: Applies deep learning to Visa’s vast number of processed card-not-present transactions to identify financial institutions and merchants that hackers may exploit to guess account numbers, expiration dates, and security codes. By using machine learning, Visa looks to detect sophisticated enumeration patterns, eliminate false positives, and alert affected financial institutions and merchants before follow-on fraud transactions begin.

Payment Threats Lab: Visa will create an environment to test a client’s processing, business logic, and configuration settings to identify errors leading to potential vulnerabilities. Capezza says working directly with clients, Visa can run red-team tests to walk through the methodologies hackers use to launch attacks. They can replicate how various attacks occur to understand them better and look out for new ways hackers can potentially attack financial systems.

More: https://www.darkreading.com/risk/visa-adds-new-fraud-disruption-measures/d/d-id/1335570

85 aplicativos maliciosos da Google Play foram baixados mais de 8 milhões de vezes

By: TI Inside Online
Published: Posted on

A Trend Micro identificou uma nova família de adware no Google Play. Chamada de AndroidOS_Hidenad.HRXH, os falsos apps se disfarçavam de aplicativos de fotos e jogos. Além dos típicos métodos de adware, que consistem na exibição de anúncios difíceis ou impossíveis de se fechar, essa ameaça utiliza técnicas únicas para evitar sua detecção a partir de gatilhos baseados no tempo e no comportamento do usuário.

No total, os 85 aplicativos maliciosos da Google Play foram baixados mais de oito milhões de vezes. Eles se passavam por apps de jogos e fotografia e usavam técnicas avançadas de evasão. Após o download, a ameaça esperava mais de 30 minutos para agir e então escondia o ícone do aplicativo, e impedindo que o app fosse desinstalado ao ter seu ícone arrastado para a seção “desinstalar” da tela.

Embora os aplicativos tenham as funcionalidades reais das aplicações de que se disfarçam, os anúncios são mostrados em toda a tela, forçando os usuários a visualizar toda a duração do anúncio antes de conseguir fechá-lo ou voltar ao próprio app. Além disso, a frequência com que eles são exibidos pode ser configurada remotamente pelo fraudador, o que poderia aumentar o incômodo dos usuários.

Mais: https://tiinside.com.br/tiinside/seguranca/mercado-seguranca/20/08/2019

Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers.

By: Pierluigi Paganini
Published: Posted on

A public Jailbreak for iPhones in was released by a hacker, it is an exceptional event because it is the first in years. According to Motherboard, that first reported the news, Apple accidentally unpatched a flaw it had already fixed allowing the hacker to exploit it.

The jailbreak works with the latest version of the iOS mobile operating system, Google Project Zero expert Ned Williamson confirmed that the jailbreak works on his iPhone.

During the weekend, experts discovered that the latest iOS version (12.4) released in June has reintroduced a security flaw found by a Google Project Zero white hat hacker that was previouslyfixed in iOS 12.3.

The flaw potentially exposes iPhone devices running current and older iOS versions (any 11.x and 12.x below 12.3) to the risk of a hack until the 12.4.1will be released.

The popular researcher Pwn20wnd, who already developed iPhone jailbreaks in the past, today has published a jailbreak for iOS 12.4. Some users claim the jailbreak works on their iPhones.

This is a very unusual situation because hackers that have developed a working exploit for iPhone prefers to sell it to zero-day broker firm like Zerodium that pay them up 2 million of dollars.

More: https://securityaffairs.co/wordpress/90099/hacking/iphone-jailbreak-released.html

8,5 milhões de brasileiros já foram vítimas de clonagem de WhatsApp em todo país

By: TI Inside Online
Published: Posted on

Uma pesquisa recente realizada pela PSafe, desenvolvedora dos aplicativos dfndr, revelou que 8,5 milhões de brasileiros já foram vítimas de clonagem de WhatsApp, o que representa 23 novas vítimas desta modalidade de golpe diariamente em todo o país. Ainda segundo a pesquisa, 26,7% dos entrevistados apontaram o vazamento de conversas privadas como o principal prejuízo da clonagem de WhatsApp, seguido de envio de links com golpes para outros contatos (26,6%); solicitações de dinheiro aos amigos (18,2%), perda da conta do WhatsApp (18,0%); e chantagem (10,5%).

WhatsApp na mira dos cibercriminosos

Apesar de não ser uma prática inédita, a clonagem de WhatsApp ganhou destaque este ano no Brasil devido aos inúmeros relatos de usuários que foram vítimas de cibercriminosos. Somente no primeiro semestre de 2019, o dfndr lab – laboratório especializado em segurança digital – registrou mais de 134 mil tentativas de roubo de WhatsApp. O diretor do laboratório, Emilio Simoni, explica o passo a passo do golpe:

“Para clonar uma conta de WhatsApp, o cibercriminoso cadastra indevidamente o número de telefone do usuário em outro dispositivo e, após esse processo, um SMS contendo um código de liberação de acesso é enviado ao celular da vítima. Depois, ela é induzida a fornecer esse código ao hacker e, em seguida, a sua conta de WhatsApp é bloqueada”, relata Simoni.

Principais prejuízos para as vítimas

Ao ter livre acesso ao WhatsApp de um usuário, o hacker pode se passar por ele para aplicar golpes em seus amigos e familiares. É bastante comum que o cibercriminoso faça solicitações de empréstimos, envie links com outros golpes para os contatos registrados no mensageiro e, também, use o conteúdo privado das mensagens para, posteriormente, fazer chantagens com a vítima em troca de dinheiro.

Por isso, Simoni alerta que o usuário jamais deve informar o código de liberação de acesso do WhatsApp que ele recebe para terceiros. Além disso, é recomendável ativar a autenticação de dois fatores, disponível no próprio WhatsApp, para aumentar a segurança da conta.

Mais: https://tiinside.com.br/tiinside/19/08/2019/85-milhoes-de-brasileiros-ja-foram-vitimas-de-clonagem-de-whatsapp-em-todo-pais/

Cyber Attack: Securing Digital Payments In The Age Of Emerging Technologies

By: Inc42
Published: Posted on

In recent times, India’s financial systems have been heavily targeted by malicious cyber actors due to an indefinite cyber framework. This can be further explained through the cyber attack instances of millions of debit cards being hacked in the past few years.

About 70% of the organizations have experienced some form of cyber-attack with phishing, Distributed Denial of Service (DDoS) or spam. The rising incidents of cyber frauds in digital payments, the Hitachi ATM data breach in 2016, surge in ransomware attacks such as Wannacry and Petya, Yahoo data breach etc. signifies that India requires updated technologies as well as policies to protect millions of personal data.

The breach of the latter isn’t just a done to hinder daily activities, but also a carry forward to activities such as cyber-espionage which are an attack to a country’s national security.

Global Systems Of Hacking

The attackers today are progressively building advanced technologies to target core banking systems especially concerned with payments. Their activities are becoming more and more aggressive and assertive than before to interrupt the victim’s capability to respond. They are further collaborating across multiple geographies heightening the attacker’s anonymity by requiring no additional resources to carry out the attacks.

As hackers are operating globally and collaborating across multiple geographies, it is therefore fundamentally critical to ensure that jurisdictions and organisations across the world collaborate to counter this growing threat. In the new era of digital payments, where technologies are constantly changing and evolving, there are numerous cybersecurity challenges to consider.

Cyber-attacks are more sophisticated and now target the entire payments life cycle.

Need For A Coordinated And Integrated Approach

Silos that exist between lines of business, payment operations (across payment types, business functions, and geographies), cybersecurity, risk, compliance, technology, treasury, and business continuity hamper the carefully coordinated response needed to prevent, detect and respond to attacks.

More: https://inc42-com.cdn.ampproject.org/c/s/inc42.com/resources/securing-digital-payments-from-cyber-threat-and-attacks/amp/

‘How I lost £25,000 when my cryptocurrency was stolen’

By: Monty Munford
Published: Posted on

It’s bad enough realising that somebody’s nicked £25,000 of your hard-earned cash. It’s even worse when you realise there’s little chance of getting it back.

This is the story of how I got my fingers burned in the murky of world of cryptocurrency investment.

Be warned.

After a decade as a tech journalist, I liked to describe myself as a “lunchtime-adopter”, somebody who acted faster than many, but would never be as smart as the early adopters.

So it was with cryptocurrencies. I had heard about Bitcoin, but it was one of those technologies where I nodded my head sagely whenever I was in the same room with those talking about it.

As for investing or speculating, I had absolutely no intention of doing so.

But as the Bitcoin price made its merry way to a peak of nearly $20,000 (£16,500) at the end of 2017 – a rise of more than 100,000% in seven years – my curiosity got the better of me.

So in the middle of 2017, I made some investments, figuring that it was a long-term plan and might even become a nest egg for a pension.

But doing so was utterly terrifying.

Even after a lot of tutorials from very patient friends, I pulled out three times from completing my initial transaction. One wrong press of the key and I thought I’d lose my money.

How prophetic that turned out to be.

There seemed to be two options: to store my crypto on an exchange, or in an encrypted digital storage wallet.

More: https://www-bbc-co-uk.cdn.ampproject.org/c/s/www.bbc.co.uk/news/amp/business-49177705

9 Popular Phishing Scams (Be Aware)

By: BroadbandSearch .net
Published: Posted on

Ever since the early days of the internet, scammers have been working to steal our money, and sometimes our identity. And while we as internet users have gotten more aware and are more capable of identifying scams, the bad guys have gotten better too, which means danger is still out there, lurking behind every digital corner.

However, the best defense against cybercrime is not to avoid using the internet. Doing that would be denying ourselves all the best things the internet has to offer, such as educational resources, social media, and, of course, pictures of cute dogs. Instead, the best thing you can do is to inform yourself about how hackers work and about the most common types of scams out there.

Email scams, also known as phishing, are some of the most prevalent threats, so it’s important to understand what they are as well as what they look like so that you can steer clear and stay safe while surfing the web. Read on to find everything you need to know.

Understand the Risk of Email Phishing

To help you understand the risk that email phishing poses, consider the following:

Email Phishing in 2019

[1], [2], [3], [4], [5], [6]

What is Phishing?

According to phishing.com, phishing is a type of cybercrime in which hackers contact you while posing as a legitimate institution or organization in an attempt to get you to provide sensitive or private information. Once they have this information, they most often use it to commit financial or identity theft, the consequences of which can be extremely severe.

This type of phishing can occur over the telephone, via SMS text message, or, as is most often the case, through email.

Other phishing attempts will ask you to download a file or click a link, and doing so will infect your computer with malicious software that can cause your personal information to end up in the wrong hands.

Spoofing

Integral to almost all phishing attempts is website or email spoofing. This is the practice of creating a website or email template that nearly perfectly mimics a legitimate website. These designs are very professionally done and can be almost impossible to distinguish from the real thing.

More: https://www.broadbandsearch.net/blog/popular-email-phishing-scams?msID=f33a51b6-f73c-4ff5-a286-d94f32e20160

Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online

By: Swati Khandelwal
Published: Posted on

In this digital era, the success of almost every marketing, advertising, and analytics company drives through tracking users across the Internet to identify them and learn their interests to provide targeted ads.

Most of these solutions rely on 3rd-party cookies, a cookie set on a domain other than the one you are browsing, which allows companies including Google and Facebook to fingerprint you in order to track your every move across multiple sites.

However, if you’re using Kaspersky Antivirus, a vulnerability in the security software had exposed a unique identifier associated with you to every website you visited in the past 4 years, which might have allowed those sites and other third-party services to track you across the web even if you have blocked or erased third-party cookies timely.

The vulnerability, identified as CVE-2019-8286 and discovered by independent security researcher Ronald Eikenberg, resides in the way a URL scanning module integrated into the antivirus software, called Kaspersky URL Advisor, works.

By default, Kaspersky Internet security solution injects a remotely-hosted JavaScript file directly into the HTML code of every web page you visit—for all web browsers, even in incognito mode—in an attempt to check if the page belongs to the list of suspicious and phishing web addresses.

Well, it’s no surprise, as most Internet security solutions work in the same way to monitor web pages for malicious content.

More: https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html?m=1