FBI: Cyber Actors Scrape Credit Card Data from US Business’ Online Checkout Page and Maintain Persistence by Injecting Malicious PHP Code

As of January 2022, unidentified cyber actors unlawfully scraped credit card data from a US business by injecting malicious PHP Hypertext Preprocessor (PHP) code into the business’ online checkout page and sending the scraped data to an actor-controlled server that Read More …

Spar shops across northern UK shut after cyber attack hits payment processing abilities

The British arm of Dutch supermarket chain Spar has shut hundreds of shops after suffering an “online attack,” the company has confirmed to The Register. “This has not affected all SPAR stores across the North of England,” a Spar spokesman Read More …

Warehouse belonging to Chinese payment terminal manufacturer raided by FBI

US feds were spotted raiding a warehouse belonging to Chinese payment terminal manufacturer PAX Technology in Jacksonville, Florida, on Tuesday, with speculation abounding that the machines contained preinstalled malware. PAX Technology is headquartered in Shenzhen, China, and is one of Read More …

Apple Pay with Visa Hacked to Make Payments via Locked iPhones

An attacker who steals a locked iPhone can use a stored Visa card to make contactless payments worth up to thousands of dollars without unlocking the phone, researchers are warning. The problem is due to unpatched vulnerabilities in both the Read More …

Sodinokibi Ransomware Now Scans Networks For PoS Systems

Cybercriminals behind recent Sodinokibi ransomware attacks are now upping their ante and scanning their victims’ networks for credit card or point of sale (PoS) software. Researchers believe this is a new tactic designed to allow attackers to get the biggest Read More …

A look at the ATM/PoS malware landscape from 2017-2019

From remote administration and jackpotting, to malware sold on the Darknet, attacks against ATMs have a long and storied history.  And, much like other areas of cybercrime, attackers only refine and grow their skillset for infecting ATM systems from year-to-year. So what Read More …

Security Analysis of Devices That Support SCPI and VISA Protocols

When a legacy protocol is connected via Ethernet, and subsequently to the internet, security issues arise. Standard Commands for Programmable Instruments (SCPI) is a legacy protocol that many advanced measurement instruments support. It can be issued via General Purpose Interface Read More …

Cybercriminals Fill Up on Gas Pump Transaction Scams Ahead of Oct. Deadline

Gas stations are gearing up for a major change in credit-card fraud liability in October, when they will find themselves on the hook for card-skimming attacks at the pump. In the meantime though, cybercriminals will be targeting pay-at-the-pump point-of-sale mechanisms Read More …