fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

One million stolen credit cards leaked to promote carding market

One million stolen credit cards leaked to promote carding market

 A threat actor is promoting a new criminal carding marketplace by releasing one million credit cards stolen between 2018 and 2019 on hacking forums.

Carding is the trafficking and use of stolen credit cards. These credit cards are stolen through point-of-sale malwaremagecart attacks on websites, and information stealing trojans.

These stolen credit cards are then sold on criminal carding marketplaces where other threat actors purchase them to make online purchases, or more commonly, to buy hard-to-trace prepaid gift cards.

Also Read: A Review of PDPC Undertakings July 2021 Cases

Last week, a new criminal carding marketplace called AllWorld Cards posted to numerous hacking forums where they leaked one million credit cards for free.

According to the forum post, these credit cards were stolen between 2018 and 2019.

Hacking forum post promoting All World Cards
Hacking forum post promoting All World Cards

The threat actor states that a random sampling of 98 cards showed approximately 27% of the cards were still active.

However, a report by Italian security firm D3Labs shows that 50% are still valid, a far more significant amount than initially indicated.

“At present, the feedback returned to our analysis team is still limited, but they are showing an incidence close to 50% of cards still operational, not yet identified as compromised.” reported D3Lab in a blog post about the leak.

Cybersecurity firm Cyble also analyzed the credit card dump and told BleepingComputer that the leak contains credit card numbers, expiration dates, CVVs, names, countries, states, cities, addresses, zip codes for each credit card, and email/phone numbers.

While Cyble has only analyzed 400,000 cards so far, the top five associated banks are:

  • STATE BANK OF INDIA (44,654 cards)
  • JPMORGAN CHASE BANK N.A. (27,440 cards)
  • BBVA BANCOMER S.A. (21,624 cards)
  • THE TORONTO-DOMINION BANK (14,647 cards)
  • POSTE ITALIANE S.P.A. (BANCO POSTA) (14,066 cards)

To check if you card was part of this breach, Cyble imported the data into their AmIBreached service.

If your information was found in this breach, it is strongly advised that you contact your credit card company to request a new credit card and number.

You should also review your credit card statement thoroughly to check for historic fraudulent charges and future charges.

The All World Cards marketplace

The All World Cards site is a relative newcomer to the carding scene, and the promotion has been met with appreciation by many threat actors who have downloaded the dump.

The carding site started in May 2021 and has an inventory of 2,634,615 credit cards. The country with the most cards is the United States, with 1,167,616 cards for sale.

All World Cards marketplace
All World Cards marketplace

Cards range in price between $0.30 and $14.40, with 73% of the cards costing between $3.00 and $5.00.

All World Cards is a new marketplace for cybersecurity firms and threat intelligence companies to watch.

They aim to be a big player, and with this one million free dump, they will likely attract many other threat actors to their marketplace.

Also Read: Got A Notice of Data Breach? Don’t Panic!

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us