Theoretical technique to abuse EMV cards detected used in the real world
https://www.zdnet.com/article/theoretical-technique-to-abuse-emv-cards-detected-used-in-the-real-world/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook

Known as EMV-Bypass Cloning, a technique first described in 2008 has been seen abused in the wild this year.

Researchers took the data from the EMV card and created a magnetic stripe version of the same card, but without the actual chip.

This is possible because all EMV cards also come with a magnetic stripe, for fallback purposes, in case the user travels abroad to non-EMV countries, or has to use an older point-of-sale terminal.

The fact that you could create a magstripe version from EMV cards has been known since 2008; however, fears that it could be abused have been dismissed, as banks expected to move all users to EMV cards and eliminate magstripe cards from the market altogther.

But until that happened and all magstripe versions were removed, banks were supposed to follow a series of security checks before approving inter-technology payments.

This hasn’t happened, however, and the loophole first described in 2008 has remained. Case and point, the Cyber R&D Labs experiment, during which researchers said they were able to make valid transactions using four of the EMV-to-magstripe cloned cards.

Researchers blamed banks for failing to follow security checks when approving transactions. However, two weeks ago, the issue was thought to have remained a theoretical problem only.

But in a report published yesterday, security firm Gemini Advisory said it tracked down two instances on cybercrime forums where hackers had collected EMV card data and were offering it for sale.

Cracking the Uncrackable: Cybercriminals Deploy EMV-Bypass Cloning
https://geminiadvisory.io/cybercriminals-deploy-emv-bypass-cloning/

BootHole” vulnerability in the GRUB2 bootloader opens up Windows and Linux devices using Secure Boot to attack. All operating systems using GRUB2 with Secure Boot must release new installers and bootloaders.

Boot Hole Vulnerability – GRUB 2 boot loader – CVE-2020-10713
https://access.redhat.com/security/vulnerabilities/grub2bootloader

As investigators look into the Twitter breach, other experts warn that savvy intruders could instead leave a trail of red herrings

Multiple Tor security issues disclosed, more to come
https://www.zdnet.com/article/multiple-tor-security-issues-disclosed-more-to-come/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook

A security researcher has published details about two Tor security issues and promises to release three more.