Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Bluetooth Overlay Sk ...

 All About Skimmers

As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the   show more ...

terminal’s ability to read chip-based cards, forcing customers to swipe the stripe instead. The payment card skimmer overlay transmitted stolen data via Bluetooth, physically blocked chip-based transactions, and included a PIN pad overlay. Here’s a closer look at the electronic gear jammed into these overlay skimmers. It includes a hidden PIN pad overlay that captures, stores and transmits via Bluetooth data from cards swiped through the machine, as well as PINs entered on the device: The hidden magnetic stripe reader is in the bottom left, just below the Bluetooth circuit board. A PIN pad overlay (center) intercepts any PINs entered by customers; the cell phone battery (right) powers all of the components. My reader source shared these images on condition that the retailer in question not be named. But it’s worth pointing out these devices can be installed on virtually any customer-facing payment terminal in the blink of eye. Newer, chip-based payment cards are more costly and difficult for thieves to clone, but virtually all cards still store card data on a magnetic stripe on the back of the cards — mainly for reasons of backwards compatibility. This overlay skimmer included a physical component designed to block the payment terminal from reading the chip, forcing the customer to swipe the stripe instead of dip the chip. The magnetic stripe reader (top right) worked with a component designed to block the use of chip-based payment cards. What’s remarkable is that these badboys went undetected for several weeks, particularly given that customers would have been forced to swipe. “In this COVID19 world, with counter and terminal wipedowns frequent it was surprising that nobody noticed the overlay placements for a number of weeks,” the source said. I realize a great many people use debit cards for everyday purchases, but I’ve never been interested in assuming the added risk and pay for everything with cash or a credit card. Armed with your PIN and debit card data, thieves can clone the card and pull money out of your account at an ATM. Having your checking account emptied of cash while your bank sorts out the situation can be a huge hassle and create secondary problems (bounced checks, for instance). Want to learn more about overlay skimmers? Check out these other posts: How to Spot Ingenico Self-Checkout Skimmers Self-Checkout Skimmers Go Bluetooth More on Bluetooth Ingenico Overlay Skimmers Safeway Self-Checkout Skimmers Up Close Skimmers Found at Wal-Mart: A Closer Look

image for Episode 203: Don’t ...

 Black History Month

In this episode of the Security Ledger Podcast (#203) we talk about the apparent hack of a water treatment plant in Oldsmar Florida with Frank Downs of the firm BlueVoyant. In our second segment: is infosec’s lack of diversity a bug or a feature? Tennisha Martin of Black Girls Hack joins us to talk about the many   show more ...

obstacles that black women face...Read the whole entry... » Related StoriesEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!Episode 200: Sakura Samurai Wants To Make Hacking Groups Cool Again. And: Automating Our Way Out of PKI ChaosEpisode 198: Must Hear Interviews from 2020

 Companies to Watch

The Series A funding round of Scalarr was led by the European Bank of Reconstruction and Development, with participation from TMT Investments, OTB Ventures, and Speedinvest.

 Malware and Vulnerabilities

Conti is a relatively new addition to the ransomware landscape, however, it has turned to be quite destructive. It is a more accessible variant of Ryuk and works in a RaaS model.

 Trends, Reports, Analysis

Lately, we have unfortunately witnessed cyber incidents where hackers do not hesitate to endanger human lives if it benefits them. The attacks on industrial systems have proven this point pretty clearly.

 Feed

This Metasploit module exploits an insecure permission vulnerability on a folder in Micro Focus Operations Bridge Manager. An unprivileged user (such as Guest) can drop a JSP file in an exploded WAR directory and then access it without authentication by making a request to the OBM server. This will result in automatic   show more ...

code execution as SYSTEM. This module has been tested on OBM 2020.05, but it should work out of the box on earlier versions too.

 Feed

This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shell_exec() PHP function without appropriate input validation, allowing arbitrary command execution as the apache user.

 Feed

Ubuntu Security Notice 4735-1 - Heikki Linnakangas discovered that PostgreSQL incorrectly leaked values of denied columns when handling certain errors. A remote attacker could possibly use this issue to obtain sensitive information.

 Feed

Red Hat Security Advisory 2021-0508-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2021-0507-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2021-0509-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Issues addressed include a denial of service vulnerability.

 Feed

Apple's upcoming iOS 14.5 update will come with a new feature that will redirect all fraudulent website checks through its own proxy servers as a workaround to preserve user privacy and prevent leaking IP addresses to Google. A built-in security-focused feature in the Safari browser, "Fraudulent Website Warning," alerts users about dangerous websites that have been reported as deceptive,

2021-02
Aggregator history
Monday, February 15
MON
TUE
WED
THU
FRI
SAT
SUN
FebruaryMarchApril