SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
#PayPal
5 Dec 2017

PayPal's TIO data breach: 1.6 million customers' personal details stolen by hackers

PayPal has revealed that its recently acquired company TIO Networks has suffered a data breach compromising the personal information of 1.6 million customers.

PayPal bought the Canadian payment processing company, which has over 60,000 utility and bills payment kiosks across North America, for $238m in cash in July. On Friday, 1 December, PayPal said a review of TIO's network showed evidence of a breach that may have compromised the details of about 1.6 million users, including locations that stored personal data of TIO customers and customers of TIO billers. 

Read more
Tags:
PayPal information leaks
Source:
IBTimes
1561
4 Dec 2017

And here's another PayPal phishing scam you'll want to avoid

The holidays are upon us, and so it is to remind ourselves once again of just how much cyber criminals enjoy playing on the very fears of consumer fraud they elicit.

If the last thing you want interrupting your time with friends and loved ones is a slew of fraudulent bank charges, you’ll need to keep your wits about you. As you read this, an illicit campaign is underway to deceive PayPal users into believing recent transactions they’ve made “could not be verified.” In emails bearing PayPal’s logo, consumers are warned that PayPal has detected suspicious activity on their accounts and that the company requires updated information to avoid fraudulent charges. 

Read more
Tags:
PayPal fraud phishing
Source:
Gizmodo
1718
21 Jun 2017

TrickBot targets payment processors, CRM providers

Banking Trojan TrickBot is no longer hitting only banks and financial institutions, but also added payment processing and Customer Relationship Management (CRM) providers to its list of targets.

Supposedly developed by the same gang that previously operated the Dyre Trojan, TrickBot was first spotted in the summer of 2016, and initially detailed in October. By November, the malware was being used in widespread infection campaigns in the UK and Australia, and popped up in Asia the next month. Earlier this year, it started targeting the private banking sector. The 26 active TrickBot configurations observed in May 2017 were targeting banks.

Read more
Tags:
PayPal trojan information leaks
Source:
SecurityWeek
1709
26 Oct 2016

Researcher finds simple method to bypass PayPal two-factor authentication

UK security researcher Henry Hoggard has found a very simple method of bypassing PayPal's two-factor authentication (2FA) mechanism, allowing an attacker to take over PayPal accounts in less than a minute.

The researcher claims to have discovered this method while in a hotel with no telephone signal, and no way to receive the 2FA verification code to his device via SMS. The researcher says the problem was found in the "Try another way" link that appears under the 2FA section of the login screen. PayPal provides this option to PayPal account owners for situations when they can't reach their phone, or they have no signal, as was case for him.

Read more
Tags:
PayPal information leaks
Source:
Softpedia
1903
29 Jul 2016

Hackers spreading Zeus malware via 'legitimate' PayPal emails

Hackers are spreading the Chthonic banking trojan via legitimate-looking PayPal emails, security outfit Proofpoint has warned. The emails are 'authentic' and don't trigger antivirus warnings because they come via PayPal from accounts that appear to be legitimate.

"The sender does not appear to be faked. Instead the spam is generated by registering with PayPal and then using the portal to request money," said Proofpoint in a security advisory. The attackers take advantage of a feature that allows users to include notes when sending money request messages. One sample picked up by Proofpoint showed that Gmail failed to block the email since it appeared to be legitimate.

Read more
Tags:
Zeus PayPal spam fraud
Source:
TheINQUIRER
1978
28 Jun 2016

Flaw allowed hackers to deliver malicious images via PayPal

PayPal has addressed a vulnerability that could have been exploited by hackers to insert malicious images into payment pages. Security researcher discovered that the URL of payment pages set up by PayPal users included a parameter called “image_url.”

The value of this parameter could have been replaced with a URL pointing to an image hosted on a remote server. This could have allowed an attacker to use a third-party vendor’s PayPal payment page to deliver malicious images. An attacker could have exploited this vulnerability by getting an unauthenticated user to click on a specially crafted link.

Read more
Tags:
PayPal information leaks
Source:
SecurityWeek
2000
1 Apr 2016

PayPal vulnerability allowed attackers to send fraudulent emails

PayPal has patched a security issue which could allow attackers to exploit the platform for the purpose of sending malicious emails. Researcher revealed the existence of an application-side mail encoding web vulnerability and filter bypass issue in the official PayPal online Web application.

Granted a Common Vulnerability Scoring System score of 3.9, the security problem is considered a "medium" threat to the online payment provider's services. If exploited, cyberattackers are able to inject malicious codes into the mail header of emails sent via PayPal's portal. Cyberattackers were able to compromise PayPal's systems.

Read more
Tags:
PayPal information leaks
Source:
ZDNet
1824
3 Feb 2016

PayPal is the latest victim of Java deserialization bugs in Web apps

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor.

The vulnerability is part of a class of bugs that stem from Java object deserialization and which security researchers have warned about a year ago. In programming languages, serialization is the process of converting data to a binary format for storing it or for sending it over the network. Deserialization is not an issue in itself, but like most processes that involve processing potentially untrusted input, measures need to be taken to ensure that it is performed safely.

Read more
Tags:
PayPal information leaks
Source:
PCWorld
2277
8 Sep 2015

Authentication flaw affects the PayPal mobile app

Under specific conditions, PayPal can ask users to confirm their identity to prevent frauds. When users are asked to verify their identity, their account is not accessible and in order to unblock it PayPal request them to make a call or send an email to its service and complete the procedure.

Mejri explained that a vulnerability affecting the PayPal mobile app that can be exploited by attackers to access blocked accounts through repeated login attempts that leverage valid session cookies. The same trick could be used to bypass two-factor authentication process, once the attacker successfully accesses the account is it able to change its settings.

Read more
Tags:
information leaks PayPal iOS Android
Source:
Security Affairs
2258
19 Dec 2014

People are afraid of mobile payments

Evaluating online cybersecurity awareness of 2,011 consumers from the USA and United Kingdom, a new survey by One Poll and Dimensional Research revealed that a lot of respondents believe using a third party payer such as PayPal or Google Wallet is the safest way to pay for goods online.

With so many retail breaches this year, it is not surprising that people are now more comfortable shopping online. However, consumers still need to be wary of where they are storing their data. Third party payment providers make the online shopping experience easier, but they can and will be targeted just the same as the retailers themselves.

Read more
Tags:
USA United Kingdom PayPal trends
Source:
Help Net Security
1955
SafeUM NEWS
27 Apr 2017 safeum news imgage Encrypted Group Chat
4 Apr 2017 safeum news imgage Each SafeUM user gets free anonymous phone number
10 Mar 2017 safeum news imgage SafeUM useful features to help you feel safe
28 Sep 2016 safeum news imgage Secure Messenger SafeUM
21 Jul 2015 safeum news imgage New secured zone of Google Play: secure messenger SafeUM for Android. Download, Install, Communicate
3 Apr 2015 safeum news imgage We are beginning to test SafeUM for Windows Phone
25 Feb 2015 safeum news imgage SafeUM messenger is available for public testing
20 Feb 2015 safeum news imgage Algorithms and encryption schemes used for secure messenger SafeUM
30 Jan 2015 safeum news imgage New "TOP Security!" app is on the App Store
22 Jan 2015 safeum news imgage Free "TOP Security!" app is available on Google Play
28 Oct 2014 safeum news imgage How are security keys generated in SafeUM?
19 Jun 2014 safeum news imgage SafeUM is the best messenger for data protection and information security
16 Jun 2014 safeum news imgage Become a SafeUM tester and get free PREMIUM subscription for a year
12 May 2014 safeum news imgage Why Premium secure messenger SafeUM cannot be free
25 Apr 2014 safeum news imgage Encrypted secure messaging for every mobile device
All news
First page Previous
1 2
Next Last page
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015