Finance

"PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.

Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites.

This type of attack relies on an automated approach with bots running lists of credentials to "stuff" into login portals for various services."

It has been reported that nearly 35,000 users have been impacted.

Read the full post HERE

Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe.

The attacks, which took place during 2020 and 2021 and likely went as far back as 2015, involved a revamped variant of a malware called Janicab that leverages a number of public services like WordPress and YouTube as dead drop resolvers, Kaspersky said in a technical report published this week.

Janicab infections comprise a diverse set of victims located in Egypt, Georgia, Saudi Arabia, the UAE, and the U.K. The development marks the first time legal organizations in Saudi Arabia have been targeted by this group.

Also tracked as DeathStalker, the threat actor is known to deploy backdoors like Janicab, Evilnum, Powersing, and PowerPepper to exfiltrate confidential corporate information.

Rad the full article here: https://thehackernews.com/2022/12/hack-for-hire-group-targets-travel-and.html

Protecting customer data is critical for any business accepting online payment information. The Payment Card Industry Data Security Standard (PCI DSS), created by leading credit card companies, establishes best practices for protecting consumers' information. By adhering to these standards, businesses can ensure that their customer's personal and financial information is secure.

The PCI DSS security standards apply to any business that processes, stores, or transmits credit card information. Failure to comply with the PCI DSS can result in costly fines and penalties from credit card companies. It can also lead to a loss of customer trust, which can be devastating for any business.

PCI DSS 4.0 was released in March 2022 and will replace the current PCI DSS 3.2.1 standard in March 2025. That provides a three-year transition period for organizations to be compliant with 4.0.

The latest version of the standard will bring a new focus to an overlooked…