Ars Technica: Visa knew about Pornhub’s child porn, judge says, and now must face trial [Updated]. “This week, US District Judge Cormac Carney of the US District Court of the Central District of California decided that there’s reason to believe that Visa knowingly processed payments that allowed MindGeek to monetize ‘a substantial amount of child porn.’”
Bleeping Computer: Hackers steal 50,000 credit cards from 300 U.S. restaurants. “Payment card details from customers of more than 300 restaurants have been stolen in two web-skimming campaigns targeting three online ordering platforms.”
Miami Herald: Hackers stole 20 million credit card records from Chili’s, Chipotle and others, feds say. “A hacking group targeted businesses across all 50 states and stole more than 20 million debit and credit card records from customers, federal officials said. Denys Iarmak, 32, from Ukraine, is the third member in the group’s scheme to face prison time, the United States Attorney’s Office in the Western District of Washington said in an April 7 news release.”
Bleeping Computer: Target open sources scanner for digital credit card skimmers. “A skimmer is malicious code injected into shopping sites to steal customers’ credit card data at checkout. The code can be hidden on the online store or it can be loaded from external resources, sometimes via a local element such as a favicon. By open-sourcing Merry-Maker, Target helps online retailers fight the credit card skimming threat that’s been affecting the sector for years.”
Daily Sabah: 40 arrested in Twitch corruption probe in Turkey. “Demirören News Agency (DHA) reported that some suspects had collaborated with streamers who were aware that the bit payments were made using stolen credit cards and took their share. Bits cannot be converted to actual money but the scammers are accused of getting payment in actual money from streamers in exchange of huge troves of bits they sent. The scheme was allegedly used for money laundering by criminal groups.”
Bleeping Computer: One million stolen credit cards leaked to promote carding market. “A threat actor is promoting a new criminal carding marketplace by releasing one million credit cards stolen between 2018 and 2019 on hacking forums. Carding is the trafficking and use of stolen credit cards. These credit cards are stolen through point-of-sale malware, magecart attacks on websites, and information stealing trojans.”
CNBC: The Karat Black Card: The credit card just for social media influencers. “When you apply for the card, Karat doesn’t just assess the financials that a traditional bank or issuer would look at, such as your cash on hand and your income, but they also look at your social media stats. Depending on what platform you’re on, they’ll look at different types of data. If you’re a YouTuber, they’ll look at subscribers and ad share revenue. If you’re an Instagram influencer, they’ll look at followers, engagement rates and sponsorship deals.”
WKRN: Credit card fraud rising amid COVID-19 pandemic, how to avoid it. “As the COVID-19 pandemic continues, concerns over credit card fraud worsen. News 2 spoke with Robyn Householder, President/CEO of Better Business Bureau in Middle Tennessee and Southern Kentucky, about the recent increase in this type of crime.”
EurekAlert: No honor among cyber thieves. “A backstabbing crime boss and thousands of people looking for free tutorials on hacking and identity theft were two of the more interesting findings of a study examining user activity on two online ‘carding forums,’ illegal sites that specialize in stolen credit card information.”
Ubergizmo: Hackers Are Now Hiding Credit Card Skimmers In Image Metadata On The Web. “Physical credit card skimmers aren’t new and while they can be disguised, it is relatively easy to spot it if you know what you’re looking for. Unfortunately, it seems that credit card skimmers have gone virtual where according to a report from Malwarebytes, it appears that hackers are now hiding these virtual skimmers inside the metadata of images on compromised online storefronts.”
Wired: A New Card Ties Your Credit to Your Social Media Stats. “SPENCER DONNELLY, WHO goes by TheRussianBadger on YouTube, has cultivated an audience of nearly 2.7 million subscribers for his gaming videos. For years, business has been rosy. YouTube shares a percentage of the ad revenue on each of his videos, and the money is good enough that playing video games on camera has become a full-time job. A few years ago, he even incorporated The Russian Badger, legitimizing his YouTubing business. The only problem: no bank would give him a serious credit card.”
BetaNews: Fintech: Leak shows Google is working on a debit card to rival Apple Card. “Leaked pictures suggest that Google is preparing to launch its own physical and virtual debit cards. TechCrunch cites multiple reliable sources in a report that gives a glimpse into Google’s future fintech plans.”
Motherboard: Leaked Document Shows How Big Companies Buy Credit Card Data on Millions of Americans. “Yodlee, the largest financial data broker in the U.S., sells data pulled from the bank and credit card transactions of tens of millions of Americans to investment and research firms, detailing where and when people shopped and how much they spent. The company claims that the data is anonymous, but a confidential Yodlee document obtained by Motherboard indicates individual users could be unmasked.”
Digital Trends: Wawa data breach: Hacker is selling 30 million credit cards on the dark web. “Credit card data from a security breach that affected an East Coast convenience store chain last year was discovered being sold in the corners of the dark web this week. The amount of data stolen makes it the third-largest credit card breach in history.”
ZDNet: VISA warns of POS malware incidents at gas pumps across North America. “Payments processor VISA says North American merchants who operate gas stations and gas pumps are facing a rash of attacks from cybercrime groups wanting to deploy point-of-sale (POS) malware on their networks.”
The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.
Want to know how to best use the Firehose for content discovery?
Check out this handy article.