Tag Archive for: Payment

Hackers stole passwords from 140,000 payment terminals

/in


An Android-based payment system has been affected by hackers who have been able to infiltrate its database and gain access to 140,00 payment terminals globally, according to TechCrunch.

The brand, Wiseasy, is well known in the Asia-Pacific region, with its payment terminals used in restaurants, hotels, retail outlets, and schools. Its accompanying Wisecloud cloud service is used for remote management and configuration for its customer’s terminals.

The Wiseasy point of sale system on a table.

Hackers were able to gain access to Wiseasy’s systems through employees’ computer passwords being stolen by malware and ending up on the dark web marketplace, Buguard chief technology officer Youssef Mohamed told TechCrunch.

Buguard is a penetration testing and dark web monitoring startup that observed the hacking of Wiseasy and noted that the bad actors were able to gain control of two of the company’s cloud dashboards, including an “admin” account. Notably, the popular payment system brand lacked commonly recommended security features, such as two-factor authentication.

The publication was able to view screenshots of Wiseasy’s “admin” user account, which shows how the service can control payment terminals remotely, have access to various user data, and have configuration control, such as being able to add users, seeing Wi-Fi names, and plaintext passwords of connected payment terminals. Access in the wrong hands can easily cause such a situation.

Buguard also said its attempts to collaborate with Wiseasy in early July to address the issue were met with canceled meetings. At this point, Mohamed is unable to say whether the breach has been resolved. However, a Wiseasy spokesperson, Ocean An, told TechCrunch that the company had fixed the issue in-house and added two-factor authentication to its systems.

It remains unknown whether Wiseasy will directly tell customers about this hack, according to TechCrunch.

Many cyber-security issues have to do with hackers working to take over control of various programs or services from the back end. A recently resolved zero-day vulnerability was Follina (CVE-2022-30190), which granted hackers access to the Microsoft Support Diagnostic Tool (MSDT).

This tool is commonly associated…

Source…

Ransomware attack hits Goa’s flood monitoring system; demand crypto as payment | Latest News India

/in


In a complaint to the cyber cell, the state government’s water resources department that has been maintaining the data said that all its files have been encrypted and can no longer be accessed.

Goa’s flood monitoring system was hit by ransomware attackers who have demanded to be paid in cryptocurrency for the data on flood monitoring stations to be released.

In a complaint to the Cyber cell of the Goa Police, the state government’s water resources department that has been maintaining the data said all its files have been encrypted and can no longer be accessed.

Also Read: A multipronged approach to protect ICT supply chains from cyberattacks

“Server has been under the cyberattack of ransomware. Under the attack, all files are encrypted with eking extension and cannot be accessed. In a popup and stored file, the attackers are demanding Bitcoins Cryptocurrency for the decryption of the data. The attack was carried out on 21 June 2022 midnight between 12am-2am. The integrity of the data has been altered making it impossible to back up the previous data. The server works on the 24×7 internet line and the attack was eased due to absence of antivirus and outdated firewalls,” the complaint filed by executive engineer Sunil Karmarkar revealed.

The complaint was filed on June 24 but has come to light today.

The data center server located at Panaji was storing data of the flood monitoring system at 15 locations on major rivers in Goa to monitor flood levels in rivers as a part of disaster management in order to have a control on floods eventualities.

The data of flood monitoring system, automated rain gauges and weather gauges get stored in the server located at the Water Resources Department Headquarters in the state capital while the servers were being maintained by ASTRA Microwave Products limited, Hyderabad.

As a result of the hacking, the department can now no longer access its data related to battery voltages of different stations, data packets related to 12 stations, has lost all its old data which can now no longer be backed up locally and has also lost real time data of the rivers currently in spate owing to the ongoing vigorous monsoon activity across the state.

Mobile Payment Security Software Market Size, Outlook And Forecast

/in


New Jersey, United States – This Mobile Payment Security Software Market report has segmented the market based on Application, Product, Geography, and other factors. This market report examines several key players and drivers impacting market opportunities, challenges, risks, and developments. It also conducts a competitive analysis of the industry that brings major benefits to the key market players. The market growth is highly influenced by the essential factors outlined in this Mobile Payment Security Software Market report. The global market in terms of revenue and size is going to be huge.

To better understand the market, it is very important to consider the opinions of market experts. This Mobile Payment Security Software Market report contains expert opinions. It is also divided into sections by type and sections by application. All types describe the production for the forecast period 2022-2029. Understanding all sections will help you to recognize the importance of factors that affect market growth effectively. This market report provides information on the key market players to learn more about the strategies they are adopting in the market including new product launches, collaborations, mergers, and acquisitions.

Get Full PDF Sample Copy of Report: (Including Full TOC, List of Tables & Figures, Chart) @ https://www.verifiedmarketreports.com/download-sample/?rid=508157

This comprehensive Mobile Payment Security Software Market report helps in determining the deficiencies and problems faced by dominant or new companies. It also provides insights into the potential impact of the existing COVID-19 on the market scenario. The market report also covers all the essential economic, financial, and social factors relevant to the market and provides the players with the data they need to make informed decisions. The Mobile Payment Security Software Market report is a combination of real information, quantitative and qualitative assessments provided by market analysts, and inputs from industry participants and experts from across the value chain. This market report also examines the impact of qualitative market factors on market geography and segments.

Key Players Mentioned…

Source…

I-Team investigates mobile payment app security

/in


BROOKFIELD, Wis. — For many of us, our cell phones can serve as wallets as long as we have mobile payment apps connected to our banks or other accounts.

There are a lot of services to choose from, like Venmo, Apple Pay, Cash App, Google Pay, Samsung Pay, and Paypal, to name some. According to a report by Allied Market Research, the global mobile payment market is expected to reach more than $12 trillion by the year 2027.

For anything financial, keeping our confidential information secure has to be a top priority.

Earlier this month, more than 8 million current and former customers of Cash App found out they could be affected by a data breach where their investment information was exposed. In that case, the company announced it was a former employee who is to blame. But the breach brings up an important subject: security surrounding mobile payment apps.

“It’s actually surprisingly hard to hack into the phones nowadays. They are locked down. They’ve got layers of security,” said Kevin Bong, a cyber security expert with Brookfield tech company, Sikich.

Bong explains while even your cell phone’s payment app may come with its own security in place, one slip-up on your part can put financials on your phone at risk.

“Most of the attacks start with email. The attacker finds a way to get into your inbox, and once they’re in there, they’ve got a lot of power,” he said. “So, that’s really what these attackers are going after. They’re not going after the apps on the phone, they’re going after the accounts.”

Without showing their tools, the I-Team asked Bong and his Sikich colleague, Thomas Freeman, to demonstrate how email phishing attacks can easily compromise your virtual wallet.

They sent the I-Team’s Kristin Byrne a fake email that stated it came from a customer service rep with a popular email application. The email encouraged her to click on a link so that she could send and receive digital payments.

For the sake of the experiment, she clicked on the link and was prompted to provide her email and the password she uses for her email.

“So, now on my screen I’m going to hit refresh and on the campaign screen I can see where you clicked and I have your password now,” Freeman said.

“So, now we’ll…

Source…