Security Alerts & News
by Tymoteusz A. Góral

History
#2045 More on bluetooth ingenico overlay skimmers
This blog has featured several stories about “overlay” card and PIN skimmers made to be placed atop Ingenico-brand card readers at store self-checkout lanes. I’m revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles.

The device featured here is a Bluetooth-based skimmer; it is designed to steal both the card data when a customer swipes and to record the victim’s PIN using a PIN pad overlay.

The Bluetooth component of the skimmer allows the thieves to retrieve stolen data wirelessly via virtually any Bluetooth enabled device — just by being in proximity to the compromised card terminal (~30 meters).
Read more
#2049 New RaaS portal preparing to spread Unlock26 ransomware
#2048 Creepy IoT teddy bear leaks >2 million parents’ and kids’ voice messages
#2047 Google open-sources Chrome extension to make PGP encryption easier in Gmail
#2046 Shamoon (malware): Multi-staged destructive attacks limited to specific targets
#2045 More on bluetooth ingenico overlay skimmers
#2044 Google reports “high-severity” bug in Edge/IE, no patch available
#2043 Severe SQL injection flaw discovered in WordPress plugin (NextGEN Gallery) with over 1M installs
#2042 Siemens RUGGEDCOM NMS equipment vulnerable to CSRF, XSS
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12