Image: Getty / Brothers91 A ransomware attack delivered by fake Windows 10 and antivirus software updates is targeting home users, using sneaky techniques to stay undetected before encrypting files and demanding a ransom payment of thousands of dollars.  The Magniber campaign, detailed by HP Wolf Security, is unusual for 2022 in the way it focuses […] More

As crime increases in Brazil, a new bill is proposing the suspension of instant payments system Pix in the state of São Paulo.

ZDNet Recommends

Best security key 2021

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

If the bill put forward by the São Paulo Legislative Assembly is signed into law, it will prevent financial services providers and payment institutions from processing payments through Pix until the Brazilian Central Bank introduces mechanisms to ensure consumer safety. The Assembly can vote to revoke the law if the Central Bank presents a technical security report that demonstrates what measures have been implemented. The objective is to prevent situations like the so-called lightning kidnappings, whereby consumers are forced to make instant transfers to criminals while being held ransom. Introduced in November 2020 as part of a broader modernisation of the Brazilian financial services environment — which also includes ongoing initiatives, such as Open Banking — Pix has more than 104 million registered users and has processed more than 1.6 billion transactions since it launched. Around 75% of the transfers carried out via Pix in its first year of operation took place between individuals. According to the Central Bank, the system enabled financial inclusion at a significant scale; around 40 million Brazilians who had never made a money transfer before did so through the instant payments system. Transfers are made through a Pix “key,” which acts as a sort of nickname associated with a user’s full account details, aimed to simplify the payment process. A Pix key could be a user’s mobile phone number, tax registration number, email address, a randomly generated alphanumeric string, or a QR code. The convenience introduced by the instant payments system created loopholes for criminal action, however, prompting the Central Bank to impose limits on the value of transactions made between 8pm and 6am and on weekends. Other measures included a precautionary block on the receipt of transfers for up to 72 hours in cases of suspected fraud, as well as a special return mechanism scam victims can use.

The author of the bill that aims to suspend Pix in the state of São Paulo, congressman Campos Machado, notes that banks did not anticipate that “the enormous ease and convenience [Pix offers] to users would also bring dexterity to criminals, who have discovered the comfort and speed of using it to their advantage.”The debate over instant payments in the context of increasing crime follows the first major data protection incident involving Pix that occurred in October. More than 395,000 Pix keys under the custody and responsibility of the Bank of the State of Sergipe (Banese) — likely obtained through social engineering or phishing techniques — were leaked. More

Image: Getty There’s good and bad news about Microsoft’s recent crackdowns on untrusted Office macros. The good is that it has curtailed the use of Office macros in emailed attachments or links. The bad is that attackers have just changed tactics, ramping up their use of .LNK Windows shortcut links.   According to security firm […] More

Adobe Follow ZDNET: Add us as a preferred source<!–> on Google. ZDNET’s key takeaways Adobe has launched new AI image-generating tools at Adobe Max. Adobe Firefly Image Model 5 is the company’s most capable model. The Prompt to Edit feature lets you edit images using natural language. OpenAI’s launch of DALL-E 2 in 2022 ignited an AI […] More

Level Lock Pro <!–> ZDNET’s key takeaways The Level Lock Pro is available for $350. This smart lock looks like a regular deadbolt, but supports Apple HomeKey, Matter-over-Thread, physical key, NFC fobs, and door status detection without extra sensors. You’ll have to purchase a keypad separately if you prefer one to unlock, and Android users […] More