The new standard, detailed in a 360-page document, was created based on feedback from more than 200 members of the payments industry globally. A summary of the changes is presented in a document with technical details.

Cybersecurity specialists report that among the most prominent changes of this new release include the implementation of multi-factor authentication for all access to cardholder data environments, as well as replacing the term “firewall” with “network security controls” to support a wider range of data security technologies.

The implementation of updates to the new standard could take an indefinite time, so the current version will remain active until March 2024. The PCI SSC noted that some of the new requirements are initially considered best practices, but will take effect on March 31, 2025. After this date, they will be considered in their entirety in PCI DSS assessments.

Cybersecurity specialist Tim Erlin believes this update came at an ideal time: “Any additional emphasis on secure configuration of systems is a welcome addition to cybersecurity best practices. Although the previous version of PCI DSS addressed secure configuration, its limit came to changing default passwords.”

The expert adds that the new version focuses on the Zero Trust standard for authentication and authorization with permissions for an analytical security posture dynamically, providing access to resources in real time as an alternative to password rotation.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Payment card industry releases new PCI DSS v4.0 security standard appeared first on Information Security Newspaper | Hacking News.

Electronic fraud can come in multiple forms, although the most popular variant is still credit and debit card fraud. In these malicious operations, cybercriminals manage to steal card information to extract cash or pay for products and services not authorized by affected users.

This information theft process is also known as card cloning, and its main goal is to access the user’s card number, expiration dates, security numbers, and PIN. On this occasion, we will show you the most popular methods to clone banking cards, plus some security recommendations to prevent these attacks.

Skimming

This is the most common method and, depending on the variant, may be the least sophisticated. This attack requires a hidden camera near a compromised ATM or point of sale (PoS), as well as a device known as a skimmer, capable of copying the magnetic stripe or chip of a card.

Using a computer, hackers dump the compromised data on a blank card, thus creating the copy of the affected user’s card. These attacks are more common at ATMs, as it is relatively easy to hide a skimmer in these machines.

Fortunately, it is very simple for users to prevent these attacks. You can cover the ATM keypad at the time of entering your PIN; even if hackers manage to clone your card, this information will be practically useless if they do not have access to the security key. Remember also that you should never accept help from strangers at the cashier or leave your vouchers forgotten.

Finally, in cases where an ATM does not return the card, report the incident immediately to your bank, as this may be an indication that the machine has been compromised by a threat actor.

Fake payment devices

Sometimes threat actors infiltrate between workers in establishments such as department stores, restaurants or gas stations with the aim of using malicious points of sale, which will allow them to extract information from the cards entered into these devices, including the victim’s PIN.

Fake payment devices have been a growing threat for some years now, becoming popular as people stopped using cash. In this case, users do not have many options to protect their information, since at first glance and in legitimate shops it is practically impossible to detect one of these malicious devices.

In the face of threats like this, the best protection can be payment with a smartphone. There are mobile apps that allow you to synchronize all the user’s payment cards and have access to them without having them at hand, in addition to the malicious devices will not be able to clone the information contained in these tools.

The use of jamming cases or aluminum wallets can also prove useful, as these materials prevent hackers from properly using their systems to extract information from cards.

Phishing and other similar tactics

This is another very popular hacking technique and is applied for purposes other than the cloning of payment cards. Phishing attacks begin with the target user receiving an email containing an attractive message, usually related to offers, gifts or parcel shipments pending receipt. These messages and their presentation should be as attractive as possible, in addition to containing a link or attachment.

If users fall into the trap and follow the malicious link, they are redirected to a fake website of legitimate appearance where they will be asked to enter some data of interest to the hackers. In addition to ignoring these emails, users are advised to try to verify the legitimacy of the link; malicious links are easily detectable once you learn to distinguish them.

In case the email contains an attachment, the user must simply refrain from downloading these files, either a PDF or Microsoft Office document, or a compressed file.

Adult website scams

This is a trick as old as it is effective. Some porn sites that offer “Premium” subscriptions ask users to enter a credit card number under the guise of verifying their age when in fact they are looking to collect financial information for malicious purposes. Many people may find it implausible that this attack will work, but it is a real threat.

In these cases, the recommendation is simple: never enter your personal or financial data to adult websites, especially those that do not have security measures such as SSL certificates.

If you believe you have been a victim of any of these variants of wire fraud, you should immediately notify your payment card issuing institution, in addition to reporting the compromised card and monitoring your account statements for unauthorized charges.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post 10 different ways hackers use to clone EMV chip credit and debit cards in 2021 appeared first on Information Security Newspaper | Hacking News.

The report includes some screenshots of the compromised database, which reveal that the incident involves users’ confidential information such as:

• Payment card brand
• Card type
• Expiration dates
• Cards’ last four digits
• Cards fingerprints
• Customer IDs

A sample of compromised records is shown below:

Besides, experts mentioned that there is a data subset showing users’ phone numbers and email addresses. While the cards’ data is not completely visible, multiple hacking just need little details to deploy a sophisticated phishing campaign targeting those affected. Considering the amount of leaked registers, the scope of a potential attack could be devastating.

To make matters worse, researcher Rajshekhar Rajaharia assures that the complete database is being sold in several dark web forums for an undisclosed but supposedly high amount. The expert also mentioned that Juspay has been relying on the Payment Card Indistry Data Security Standard (PCI DSS) to store its users’ information. Nonetheless, he believes that if a threat actor is able to find the algorithm to generate a single card fingerprint, they could decrypt the hidden card number.

In response to these reports, a Juspay spokesperson mentioned: “On August 18, 2020, an unauthorized party tried to access to our servers; this intrusion was quickly detected and terminated. No card numbers, financial details or transaction history was compromised”. The spokesperson did acknowledge that some registers in plain text, including email addresses and phone numbers were exposed.

On the attack perpetrators, the spokesperson linked this incident to the well-known hacking group ShinyHunters, which may had gained access to one of Juspay developers’ credentials. The company added that the compromise of hidden card numbers is not considered a sensitive information leakage. Finally, the Juspay spokesperson mentioned that the commercial partners of the payment platform were immediately notified about the incident, so these companies had enough time to improve their security mechanisms to prevent any malicious behavior.

The incident continues to be investigated, as no evidence of malicious use of the compromised information has yet been detected.

The post Over 100 million payment card numbers leaked; one of the biggest data breaches ever detected appeared first on Information Security Newspaper | Hacking News.

This research, led by cybersecurity specialist Leigh-Anne Galloway, found that four of the 11 banks analyzed were still issuing EMV cards that could be cloned into a lower-security magnetic stripe version, which could be leveraged by threat actors. The research, published under the title “It only takes a minute to clone a credit card, thanks to a 50-year problem”, was recently published.

Under normal circumstances, this should not be possible, as the main purpose of EMV cards is to prevent cloning thanks to the implementation of a chip. However, cyber security course researchers found that it is possible to take data from an EMV card and create a previous-generation fraudulent card. Researchers note that this technique has existed for at least 13 years.

This is just one of the many forms of cloning payment cards used in the cybercriminal world.

As experts from the cyber security course have previously reported, hackers use special devices (skimmers) to intercept EMV card data, creating a magnetic stripe clone in order to perform fraudulent operations at multiple points of sale, or to withdraw money from ATMs in places where ATMs still recognize magnetic stripe cards.  

In the document, Gallow mentions: “The common points between the magnetic stripe and EMV standards for the chip imply that it is possible to determine the valid cardholder information of one technology and use it for another.”

While magnetic stripe is an outdated technology, cloning card data with chips remains a highly efficient method. In addition, card security codes, a key security feature, are not verified at the time of the transaction by all card issuers.

Galloway said that while the investigation focuses on EMV cards, contactless (NFC-based) cards can also be abused in the same way to create magnetic stripe clones and conduct fraudulent transactions.

The post How EMV chip cards are cloned appeared first on Information Security Newspaper | Hacking News.

Security firm Group-IB reported the incident for the first time, stating that the list was found on the popular dark web forum Joker’s Stash. According to the experts, the database operators are asking $100 USD for each payment card record, which could grant threat actors profits for up to $130 million USD.

So far, specialists in ethical hacking still do not know the source of the stolen information, although one possible explanation is that hackers may have collected these millions of records at points of sale or ATMs infected with some variant of malware designed for data theft. Unfortunately, the evidence collected indicates that the information is legitimate, so the banking institutions and responsible authorities have already been notified.

After analyzing the list shown at Joker’s Stash dark website, the specialists concluded that almost 99% of the exposed payment cards were issued by banks in India, while the remaining minimum portion appears to be tied to some banks in Colombia. Previous reports from ethical hacking specialists claim that Joker’s Stash is one of the world’s leading illegal sales forums, counting on at least 49 servers and more than 500 domains associated with the operators of the sales forum.

At Joker’s Stash it is not only possible to purchase compromised payment card records, but personal records, social security numbers and even contact information of millions of people, obtained in multiple data breaches are also available.

According to experts from the International Institute of Cyber Security (IICS), this dark web forum uses a blockchain-based domain name (DNS) system, which helps users stay anonymous, so a plugin is required to access a domain name system (DNS) version of the site via the top-level .bazar domain of Emercoin, the DNS used by site operators.

The post Over 1.3 million Indian banks’ credit cards sold in dark web forums appeared first on Information Security Newspaper | Hacking News.

The number of e-commerce sites infected with malware continues to increase. According to an investigation revealed by an ethical hacker from the International Institute of Cyber Security, at least seven sites (which have more than half a million visitors per month) have been infected with a new variant of payment card theft malware.

Fila.co.uk, one of the compromised sites, would have been infected since last November; according to the ethical hacker, the company had not been able to remove the malware from their systems until a couple of days ago. The other compromised sites identified so far are:

• jungleeny.com
• forshaw.com
• absolutenewyork.com
• cajungrocer.com
• sharbor.com
• getrxd.com

The ethical hacker mentioned that the stolen information is sent to a domain that has been active since last May, so the malware (nicknamed OGM) is likely to have been active ever since. OGM compresses the skimmer into a tiny space and remains inert when it detects that the anti-virus protections of the compromised computer are activated.

This research was revealed half a year after a similar malware infected the systems of companies like British Airways or Ticketmaster. Since then, several groups of cyber criminals have been identified specializing in the theft of payment cards.

Despite not being something new, this kind of attack continues to gain popularity; even a case where the compromised website had been infected by two different variants of skimmers was detected.

Cybersecurity experts believe that the increase in this kind of attack could be related to the fall that the value of Criptomonedas has suffered. Since the virtual asset mining is no longer profitable for hackers, they resort to other classes of cyberattack

Experts emphasize the need for trade websites to implement the necessary measures to protect their systems: “Cases such as Ticketmaster, British Airways or Fila show that any company may be the victim of an incident such as this”, the experts added.

The post E-commerce websites impacted with credit card skimming malware appeared first on Information Security Newspaper | Hacking News.

The number of potentially affected users is still unknown

Network security and ethical hacking specialists from the International Institute of Cyber Security reported a security incident on the Discover card systems, thanks to which malicious users would have accessed an indefinite amount of users’ personal details, such as account numbers, expiration dates, and even card security codes.

Even when this kind of security incidents are common among financial institutions, this is the second time in less than a year when Discover Financial Services notifies a data breach related to the cards of its clients to the California authorities.

California law states that companies conducting business with city residents must notify the Attorney General’s office in the event of a theft of similar data or cybersecurity incidents that may affect customers’ information and privacy. In addition to notifying, companies must send a sample of the compromised information to the Attorney’s office when the security incident affects 500 or more Californians, said experts in cybersecurity.

On August 13, the Discover Financial Services team found that an unspecified number (still not publicly disclosed) of Discover card accounts could have been part of a data breach; however, the company stresses that the incident “did not involve the card systems”.

Based on Discover’s comments, network security specialists believe that the attackers would have obtained the information by engaging third-party services with access to the Discover customer’s payment data, or the data could have been for sale in some dark web forums thanks to the use of data theft malware or to card skimmers installed in sale points or ATMs.

Discover decided not to disclose the number of users involved in this incident, although it is known that the company decided to issue new cards for each of the potentially affected customers.

According to experts in network security, the Discover incident report mentions that: “A new card will be issued with new security codes and expiration dates to mitigate the risks of identity fraud or similar malicious activities. If you find any evidence of fraudulent activity in your account, you must notify Discover to provide liability for suspicious activities”.

Discover conducted two data breach notification processes in the attorney General’s office, implying that in the incident two or more collections of credit card data were involved, it may also mean that more than one type of card has been compromised.

The post Data breach affects Discover card users appeared first on Information Security Newspaper | Hacking News.

Criminals have stolen data of Titan Manufacturing and Distributing customers for almost a whole year

Malicious hacker groups are attacking manufacturing companies, as reported by cybersecurity specialists from the International Institute of Cyber Security. Recently it has been revealed that hackers attacked the company Titan Manufacturing and Distribution, compromising their computer systems to extract payment card data belonging to many of the company’s customers for almost a year.

Through a statement, the company confirmed that hackers managed to install malware on their systems sometime in the year 2017. Malicious software remained in Titan’s systems between November 23, 2017 and October 25, 2018, according to the company’s statement.

This malware was used by hackers to steal the payment card information used by some unsuspecting users when making purchases at one of the company’s online stores. The software used by the attackers was designed to collect user information, including names, billing address, phones, payment card number, and cards’ expiration date and verification code.

According to experts in cybersecurity, Titan Manufacturing and Distributing does not store this information, but the malware was designed to access the purchasing section and steal the data from the website. All users who have entered their data in the mentioned time interval may have been affected.

“Titan has confirmed thanks to an expert in cybersecurity that its computer systems were compromised by a malware persistent between November 23, 2017 and October 25, 2018,” mentions the security notice that the company sent to its customers.

“Titan Manufacturing and Distributing, Inc. value its customers and recognize the importance of their data security. That is why we are addressing you to inform you that Titan has been the victim of a security incident that could have compromised your information”, adds the security notice.

The company is investigating the incident with the help of a cybersecurity firm. The exact number of affected clients is still unknown, but it is estimated that it is a figure close to 2k users.

As some experts have reported, the malware used in the attack is similar to that used by the Magecart hacker group, with which thousands of websites were attacked last year.

The post Hackers attack manufacturing companies; costumer’s payment information stolen appeared first on Information Security Newspaper | Hacking News.

Further details on this data breach are still unknown

Buying a gift for a birthday or mother’s Day could have been truly harmful for many people. Digital forensics specialists from the International Institute of Cyber Security reported that payment card information of the online flower shop 1-800-Flowers customers has been stolen due to a security issue persistent for about four years.

Ontario Inc., the Canadian flower sale site operator, has notified the California attorney General’s office in compliance with the data breach notification procedure at Golden State. The company mentioned that its information security and digital forensics team identified anomalous behavior in their systems; a subsequent investigation showed evidence of unauthorized access to the payment card information used by the company’s customers.

According to the company’s reports, the compromised information includes users’ full names, payment card numbers, expiration date, and card security code.

As if it was not enough, Ontario Inc. also mentioned that, according to the estimates of its digital forensics team, the exposure of this information lasted from August 2014 to September 15 of the current year. The data extraction malware injection is one of the probable causes of the security incident, although this does not explain how the data exposure could persist for four years, so it is thought that a critical vulnerability or some error with 1-800-Flower website configuration could be the main reasons why the problem persisted for so long.

The company has not revealed the number of affected users. However, data protection legislation in California requires that this kind of incidents be notified when 500 or more Californians have been affected; in addition, a local media has reported that about 75k orders to 1-800-Flowers would be involved in the incident. On the other hand, a spokesperson for the company has stated that only “a small number of orders” have been affected. In addition, he said that the company’s main website for the United States appears to be exempt from any security breach.

“In Ontario Inc. we take the security of our customers’ personal information as a really serious matter”, the spokesman said. “We have taken the necessary measures to prevent these kinds of incidents from reappearing in the future; for example, we have redesigned the company’s website in Canada and implemented additional security measures. In addition, we are working with any partner who operates with payment card information so that any institution issuing payment cards is notified,” he added.

Information security specialists are concerned about the growing number of recently occurred security incidents, such as data breach in the Marriott hotel chain, the U.S. Postal Service and the Quora Q&A web platform.

The post Hackers stole payment card data of 1-800-Flowers website appeared first on Information Security Newspaper | Hacking News.

The US clothes retailer FOREVER 21 announced it has suffered a security breach, hackers stole payment card data at some locations.

Another data breach made the headlines, this time the victim is the US clothes retailer Forever 21 that announced it has suffered a security breach.

According to the company, unknown hackers gain unauthorized access to its payment systems stealing payment cards used at a number of its retail locations.

Customers who shopped between March and October this year may be affected.

The company revealed that it implemented encryption and token-based authentication systems back in 2015, but it was deployed only at certain points of sale.

“FOREVER 21 is notifying its customers that it recently received a report from a third party that suggested there may have been unauthorized access to data from payment cards that were used at certain FOREVER 21 stores. Forever 21 immediately began an investigation of its payment card systems and engaged a leading security and forensics firm to assist.” announced FOREVER 21.“Because of the encryption and tokenization solutions that FOREVER 21 implemented in 2015, it appears that only certain point of sale devices in some FOREVER 21 stores were affected when the encryption on those devices was not in operation. The company’s investigation is focused on card transactions in FOREVER 21 stores from March 2017 – October 2017.” 

The US retailer operates over 815 stores in 57 countries, at the time the firm didn’t say which stores were affected.

The investigation is still ongoing, customers are advised to closely monitor their payment card statements reporting unauthorized charges.

“Forever 21 immediately began an investigation of its payment card systems and engaged a leading security and forensics firm to assist,” the US clothing retailer said while announcing the data breach. ” continues the announcement.

Source:https://securityaffairs.co/wordpress/65596/data-breach/forever-21-payment-card-breach.html

The post US retailer Forever 21 Warns customers of payment card breach at some locations appeared first on Information Security Newspaper | Hacking News.