According to BleepingComputer, the data within each database includes the expiration date, CVV code (card verification value), card number, and the name of the owner as well as other information such as email addresses, names, and phone numbers.

The overall source of the data is still unknown; however, you should be mindful of your credit card bill to reduce the damage of any fraudulent activity.

Read more here

New Plundervolt Attack Impacts Intel CPUs

Last week, academics disclosed a new attack that affects the information inside Intel Software Guard eXtensions (SGX), a highly secured area of Intel CPUs. The attack, named Plundervolt, exploits the interface “through which an operating system can control an Intel processor’s voltage and frequency — the same interface that allows gamers to overclock their CPUs.”

By tampering with the amount of voltage a CPU receives, researchers were able to alter bits inside SGX, causing exploitable errors. A malicious actor can use this vulnerability to recover encryption keys or inject bugs in a (previously) secure software environment.

Intel SGX is a security feature present in all modern Intel CPUs which allows developers to isolate applications in secure environments. Doing so enables the applications to trust the CPU with sensitive information away from other applications running on the operating system.

Fortunately, this vulnerability cannot be exploited remotely as it needs to run with root privileges from an app on the infected host. Patches were released last week as part of security advisory INTEL-SA-00289, providing device administrators a new BIOS option to disable the volt-changing interface on their systems.

The vulnerability impacts Intel desktops, servers, and mobile CPUs. According to Intel, the following CPU series are vulnerable to Plundervolt attacks:

Intel® 6th, 7th, 8th, 9th & 10th Generation CoreTM processors

Intel® Xeon® Processor E3 v5 & v6

Intel® Xeon® Processor E-2100 & E-2200 families

Get more information here

FIN8 Targets Card Data at Fuel Pumps

Fuel pumps at gas stations seem to be a new target for the notorious FIN8 cybercrime group. According to Visa’s online public alert, two separate payment card detail skimming campaigns have emerged in the past year.

The first attack compromises point-of-sale (PoS) systems by sending phishing emails to employees that include a malicious link which installs a remote access trojan on the merchant network. After gaining a successful foothold inside a network, the attacker moves laterally into the PoS environment and harvests payment card data.

The second type of attack targets similar gas-pump dispensers within North America; however, the initial compromise of the network is still unknown.

Gas stations have become an increasingly popular target for cyberattacks due to their typical lack of security.

Read more here

SEC Charges Shopin Founder with Fraud over Unregistered $42M ICO

The United States Securities and Exchange Commission (SEC) has charged Eran Eyal, the founder of Shopin, for allegedly running a scam initial coin offering (ICO). According to the SEC, Eyal defrauded investors in his initial coin offering which raised more than $42 million. He is also accused of operating an unregistered ICO without any proper documentation.

Shopin advertised a service consisting of universal shopper profiles on the blockchain. Additionally, the service would “track customer purchase histories across online retailers and recommend products based on the collected data.” However, according to the SEC, Shopin has not developed a functional platform for the product.

The SEC also alleges that Eyal “misappropriated investor funds for his personal use, including at least $500,000 used for rent, shopping, entertainment expenses, and a dating service.” Eyal pled guilty to criminal charges brought by the New York Attorney General’s office and pled guilty to operating three security fraud schemes, including Shopin.

CoinDesk states that around $450,000 in cryptocurrency will be turned over to the New York State Attorney General, and Eyal will have to step down from his role as CEO of Shopin as well as pay over $600,000 in fines and restitution due to his actions.

Read more here