2017, Retail and Security - Information Management Today

Fashion retailer Forever 21 data breach impacted +500,000 individuals

Security Affairs

AUGUST 31, 2023

Fashion retailer Forever 21 disclosed a data breach that exposed the personal information of more than 500,000 individuals. On March 20, 2023, the fashion retailer Forever 21 has discovered a cyber incident that impacted a limited number of systems. The retailer also notified law enforcement.

Retail

Retail Data breaches Personal data Ransomware

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Security Affairs

AUGUST 16, 2024

Many Google Pixel devices shipped since September 2017 have included a vulnerable app that could be exploited for malicious purposes. Many Google Pixel devices shipped since September 2017 have included dormant software that could be exploited by attackers to compromise them. ” reads the report. ” reads the report.

Retail

Retail Data breaches Sales Passwords

MyPillow and Amerisleep are the latest victims of Magecart gangs

Security Affairs

MARCH 20, 2019

Security experts at riskIQ revealed today that another two organizations were victims of Magecart crime gang, the bedding retailers MyPillow and Amerisleep. Security experts at RiskIQ announced that the two bedding retailers MyPillow and Amerisleep were victims of the Magecart cybercrime gang. Pierluigi Paganini.

Retail

Retail Security IT

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

JULY 23, 2018

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. A YubiKey Security Key made by Yubico. a mobile device).

Phishing

Phishing Security Authentication Passwords

The Cost of Dealing With a Cybersecurity Attack in These 4 Industries

Security Affairs

AUGUST 21, 2019

In addition to the monetary costs associated with things like lost productivity and improving network security to reduce the likelihood of future incidents, affected companies have to deal with the costs tied to reduced customer trust and damaged reputations. People are becoming less tolerant of retailers that have widescale data breaches.

Cybersecurity

Cybersecurity Retail Manufacturing Data breaches

Researcher leaked a dataset of over 7,000,000 transactions scraped from the Venmo public API

Security Affairs

JUNE 18, 2019

In August 2016, security expert Martin Vigo devised a method to abuse an optional SMS-based feature that allowed users to authorize payments by replying to an SMS message with a provided 6-digit code. 943 transactions in 2017.” Venmo is a digital wallet app owned by PayPal that lets you make and share payments with friends.

Retail

Retail Privacy Access Security

TA547 targets German organizations with Rhadamanthys malware

Security Affairs

APRIL 12, 2024

TA547 is a financially motivated threat actor that has been active since at least November 2017, it was observed conducting multiple campaigns to deliver a variety of Android and Windows malware, including DanaBot , Gootkit , Lumma stealer , NetSupport RAT , Ursnif , and ZLoader.

Retail

Retail Passwords IT Security

Russian TA505 threat actor target financial entities worldwide

Security Affairs

APRIL 18, 2019

Security experts at CyberInt uncovered a new campaign of a Russian financially motivated threat actor tracked as TA505. “CyberInt researchers have been tracking various activities following the spear-phishing campaign targeting large US-based retailers detected in December 2018.” Pierluigi Paganini.

Retail

Retail Phishing Ransomware Access

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain. ” reads the report published by Human Security. “This module is one component of PEACHPIT, the ad fraud portion of BADBOX.

e-Discovery

e-Discovery Retail Manufacturing Security

A Chief Security Concern for Executive Teams

Krebs on Security

DECEMBER 18, 2018

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. banks) would have this role in their executive leadership team.

Security

Security Marketing Cybersecurity Data breaches

FIN8 Hacking Group is back with an improved version of the ShellTea Backdoor

Security Affairs

JUNE 12, 2019

The last time security experts documented the FIN8’s activities was in 2016 and 2017. At the time, FireEye and root9B published detailed reports about a series of attacks targeting the retail sector. ” reads the analysis published by Morphisec. Pierluigi Paganini. SecurityAffairs – FIN8, hacking).

Phishing

Phishing Retail Communications Security

China-based Fangxiao group behind a long-running phishing campaign

Security Affairs

NOVEMBER 17, 2022

Researchers from Cyjax reported that a China-based financially motivated group, dubbed Fangxiao, orchestrated a large-scale phishing campaign since 2017. The sophisticated phishing campaign exploits the reputation of international brands and targets businesses in multiple industries, including retail, banking, travel, and energy.

Phishing

Phishing Retail Security IT

Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

Security Affairs

SEPTEMBER 20, 2018

. “Japanese cryptocurrency firm Tech Bureau Corp said about $60 million in digital currencies were stolen from its exchange, highlighting the industry’s vulnerability despite recent efforts by authorities to make it more secure.” Anyway, the incidents demonstrate that the level of security of exchanges has to be improved.

Financial Services

Financial Services Retail Security IT

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. FlawedGrace is a full-featured RAT that we first observed in November 2017.” ” reads the analysis published by Proofpoint.

IT

IT Financial Services Ransomware Retail

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Security Affairs

OCTOBER 3, 2018

Government assesses that HIDDEN COBRA actors will continue to use FASTCash tactics to target retail payment systems vulnerable to remote exploitation.” In one incident in 2017, HIDDEN COBRA actors enabled cash to be simultaneously withdrawn from ATMs located in over 30 different countries. ” states the report.

Retail

Retail Libraries Government Phishing

Wipro Intruders Targeted Other Major IT Firms

Krebs on Security

APRIL 18, 2019

According to records maintained by Farsight Security , that address is home to a number of other likely phishing domains: securemail.pcm.com.internal-message[.]app. microsoftonline-secure-login[.]com. microsoftonline-secure-login[.]com. microsoftonline-secure-login[.]com. microsoftonline-secure-login[.]com.

IT

IT Retail Phishing Access

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The flaw also affected the Financial Services Analytical Applications Infrastructure, the Fusion Middleware MapViewer, and four three Oracle Retail components. The CVE-2017-5645 flaw resides in the Codehaus versions of Groovy and affected OCA Unified Inventory Management. Pierluigi Paganini.

Financial Services

Financial Services Libraries Mining Retail

TA544 group behind a spike in Ursnif malware campaigns targeting Italy

Security Affairs

OCTOBER 3, 2021

TA544 is a financially motivated threat actor that is active at least since 2017, it focuses on attacks on banking users, it leverages banking malware and other payloads to target organizations worldwide, mainly in Italy and Japan. When I began studying this threat, Ursnif campaigns were more widespread and less targeted. Pierluigi Paganini.

Retail

Retail Phishing Cybersecurity Risk

Retailers increase cyber security spending, but attacks continue to rise

IT Governance

APRIL 3, 2019

The UK’s biggest retailers are spending more than ever on cyber security but are continuing to see an alarming rise in cyber attacks and data breaches due to the ever-evolving threat landscape, a report has found. Are retailers investing wisely? What are the biggest threats? Where can you start?

Retail

Retail Security Data breaches Government

Akamai Report: Credential stuffing attacks are a growing threat

Security Affairs

SEPTEMBER 25, 2018

According to Akamai report titled “[state of the internet] / security CREDENTIAL STUFFING ATTACKS “ the credential stuffing attacks are a growing threat and often underestimated. Security Affairs – credential stuffing, hacking ). The experts detected 8.3 billion per month. Pierluigi Paganini.

Passwords

Passwords Data breaches Financial Services Retail

Fortinet warns of a spike in attacks against TBK DVR devices

Security Affairs

MAY 2, 2023

According to the company, they have over 600,000 Cameras and 50,000 Recorders installed all over the world in multiple sectors such as Banking, Retail, Government, etc. At this time, the vendor has yet to release security patches to address the flaw. Previously seen to be exploited in the wild through 2017 and on-going.”

Authentication

Authentication Retail Education Marketing

Hundreds of C-level executives credentials available for $100 to $1500 per account

Security Affairs

NOVEMBER 28, 2020

“A source in the cyber-security community who agreed to contact the seller to obtain samples has confirmed the validity of the data and obtained valid credentials for two accounts, the CEO of a US medium-sized software company and the CFO of an EU-based retail store chain.” ” reported ZDNet. Pierluigi Paganini.

Sales

Sales Access Retail Data collection

Russians Shut Down Huge Card Fraud Ring

Krebs on Security

MARCH 26, 2020

Cybersecurity experts say the raid included the charging of a major carding kingpin thought to be tied to dozens of carding shops and to some of the bigger data breaches targeting western retailers over the past decade. authorities in 2017.

Retail

Retail Insurance Cybersecurity Data breaches

Secret Service: Theft Rings Turn to Fuze Cards

Krebs on Security

JANUARY 10, 2019

Launched in May 2017, the Fuze Card is a data storage device that looks like a regular credit card but can hold account data for up to 30 credit cards. For evidence of this, one need only look to the constant innovations that fraudsters come up with to deploy physical card skimmers at ATMs and retail checkout lanes.

Retail

Retail Sales IT

Norton 360 Now Comes With a Cryptominer

Krebs on Security

JANUARY 6, 2022

In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp. “Norton creates a secure digital Ethereum wallet for each user,” the FAQ reads. “The key to the wallet is encrypted and stored securely in the cloud. ” Norton 360 is owned by Tempe, Ariz.-based based NortonLifeLock Inc.

Mining

Mining Computer and Electronics Blockchain Marketing

Wawa Breach May Have Compromised More Than 30 Million Payment Cards

Krebs on Security

JANUARY 28, 2020

Wawa said the breach did not expose personal identification numbers (PINs) or CVV records (the three-digit security code printed on the back of a payment card). Most card breaches at restaurants and other brick-and-mortar stores occur when cybercriminals manage to remotely install malicious software on the retailer’s card-processing systems.

Sales

Sales Retail Security Encryption

Breach at Cloud Solution Provider PCM Inc.

Krebs on Security

JUNE 27, 2019

One security expert at a PCM customer who was recently notified about the incident said the intruders appeared primarily interested in stealing information that could be used to conduct gift card fraud at various retailers and financial institutions. earlier this year.

Cloud

Cloud Retail Access Government

IRS Will Soon Require Selfies for Online Access

Krebs on Security

JANUARY 19, 2022

was originally launched in 2010 with the goal of helping e-commerce sites validate the identities of customers who might be eligible for discounts at various retail establishments, such as veterans, teachers, students, nurses and first responders. For more on the benefits of using a Security Key for MFA, see this post. McLean, Va.-based

Access

Access Insurance Authentication Government

Dixons Carphone Data Breach discovered in June affected 10 Million customers

Security Affairs

JULY 31, 2018

Dixons Carphone announced on Monday that the security breach discovered in June affected around 10 million customers, much more than the initial estimate. The situation was worse than initially thought, the company announced on Monday that the security breach affected around 10 million customers, much more than the initial estimate.

Data breaches

Data breaches Retail Personal data Access

Americans lost $770 million from social media fraud in 2021, FTC reports

Security Affairs

JANUARY 30, 2022

The US agency received over 95,000 reports from US consumers victims of social media frauds, this marks an 18-fold increase over 2017 reported losses and more than double compared to 2020. Some reports even described ads that impersonated real online retailers that drove people to lookalike websites. Pierluigi Paganini.

Retail

Retail Marketing Privacy IT

Who’s Behind the NetWire Remote Access Trojan?

Krebs on Security

MARCH 9, 2023

Constella Intelligence , a service that indexes information exposed by public database leaks, shows this email address was used to register an account at the clothing retailer romwe.com, using the password “ 123456xx.” DNS records for worldwiredlabs[.]com Incorporation records from the U.K.’s

Access

Access Passwords Sales Retail

Lotsy group targets Italian and Spanish-speaking users

Security Affairs

AUGUST 2, 2019

After researching and blocking these resources, Group-IB’s team discovered several other fake websites illegally using famous international brands, including Conad (Italian retail store), Target (International retail stores), Carrefour (international chain of hypermarkets) and many others. How does this scheme work? Pierluigi Paganini.

Retail

Retail Marketing Cybersecurity Phishing

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

SEPTEMBER 26, 2024

retailers, including Saks Fifth Avenue, Lord and Taylor , Bebe Stores , Hilton Hotels , Jason’s Deli , Whole Foods , Chipotle , Wawa , Sonic Drive-In , the Hy-Vee supermarket chain , Buca Di Beppo , and Dickey’s BBQ. . 26, 2017 on the now-defunct carding site Joker’s Stash has been tied to a breach at Sonic Drive-In.

Ransomware

Ransomware Retail Government Sales

DoppelPaymer, a fork of BitPaymer Ransomware, appeared in the threat landscape

Security Affairs

JULY 15, 2019

Cybercrime gang tracked as TA505 has been active since 2014 and focusing on Retail and Banking industries. In mid-2017, the group released BitPaymer ransomware (aka FriedEx) that was used in attacks against high profile targets and organizations. Pierluigi Paganini. SecurityAffairs – DoppelPaymer ransomare, TA505).

Ransomware

Ransomware Encryption Agriculture Retail

Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months

Krebs on Security

AUGUST 3, 2018

banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018. TCM Bank , a company that helps more than 750 small and community U.S.

Data breaches

Data breaches Retail Risk Marketing

Online market for counterfeit goods in Russia has reached $1,5 billion

Security Affairs

OCTOBER 15, 2018

billion in 2017, compared to $1.2 It also leads to a decrease in what we call the psychological price, i.e. the cost that customers are willing to pay for a product from the official retailer. Security Affairs – counterfeit goods, cybercrime ). billion in 2016. Pierluigi Paganini.

Marketing

Marketing Phishing Retail Data collection

Hackers stole card details from BriansClub carding site

Security Affairs

OCTOBER 20, 2019

According to the security experts Brian Krebs, who first reported the data breach, the hackers stole data of more than 26 million payment cards. The file contains details stolen from bricks-and-mortar retailers over the past four years, including nearly eight million records that were uploaded in 2019 alone. million stolen cards, 4.9

Sales

Sales Retail Archiving Marketing

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

Compared to its predecessors, the sixth “Hi-Tech Crime Trends” report is the first to contain chapters devoted to the main industries attacked and covers the period from H2 2018 to H1 2019, as compared to the period from H2 2017 to H1 2018. The largest bank card data leaks are related to compromises of US retailers. million to 43.8

IT

IT Military Cybersecurity Phishing

ATMitch: New Evidence Spotted In The Wild

Security Affairs

MAY 7, 2019

Early April, experts at Yoroi-Cybaze ZLab spotted a new interesting malware sample, likely active since 2017, that was linked to ATMitch attacks. . In the first days of April, our threat monitoring operations spotted a new interesting malware sample possibly active in the wild since 2017. Figure 2: Research of “fwmain32.exe”

Libraries

Libraries e-Discovery Communications File names

FBI Warns of ‘Unlimited’ ATM Cashout Blitz

Krebs on Security

AUGUST 12, 2018

“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities,” the alert continues. “The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”

Phishing

Phishing Authentication Retail Encryption

The Rise of “Bulletproof” Residential Networks

Krebs on Security

AUGUST 19, 2019

In late April 2019, KrebsOnSecurity received a tip from an online retailer who’d seen an unusual number of suspicious transactions originating from a series of Internet addresses assigned to a relatively new Internet provider based in Maryland called Residential Networking Solutions LLC.

Retail

Retail Sales Marketing IT

Market volume of illegal online sales of alcohol exceeded 30 million USD in 2018 in Russia

Security Affairs

DECEMBER 27, 2018

Security firm Group-IB has estimated that the market volume of illegal online sales of alcohol in Russia exceeded 30 million USD in 2018, i.e. almost 5.8 million USD (+23%) more than in 2017. The post Market volume of illegal online sales of alcohol exceeded 30 million USD in 2018 in Russia appeared first on Security Affairs.

Marketing

Marketing Sales Search queries Manufacturing

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

The Last Watchdog

NOVEMBER 13, 2018

And innovation is percolating among newer entrants, like PerimeterX, Shape Security and Signal Sciences. This week a new entrant in this field, Cequence Security , formally launched what it describes as a “game-changing” application security platform. Shifting security challenge.

Security

Security Digital transformation B2C Cloud

How data breaches are affecting the retail industry

IT Governance

AUGUST 21, 2018

Only time will tell – and we may not have to wait long – but in the meantime, what is the impact of data breaches in the retail industry, and what needs to be done to mitigate them? This short video breaks down the numbers relating to the UK-specific cyber attacks and data breaches of 2017. increase on the 2017 cost of $3.62

Retail

Retail Data breaches GDPR Compliance

Fashion retailer Forever 21 data breach impacted +500,000 individuals

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Webinars

Trending Sources

MyPillow and Amerisleep are the latest victims of Magecart gangs

Webinars

Google: Security Keys Neutralized Employee Phishing

The Cost of Dealing With a Cybersecurity Attack in These 4 Industries

Researcher leaked a dataset of over 7,000,000 transactions scraped from the Venmo public API

TA547 targets German organizations with Rhadamanthys malware

Russian TA505 threat actor target financial entities worldwide

Android devices shipped with backdoored firmware as part of the BADBOX network

A Chief Security Concern for Executive Teams

FIN8 Hacking Group is back with an improved version of the ShellTea Backdoor

China-based Fangxiao group behind a long-running phishing campaign

Hackers stole $60 Million worth of cryptocurrencies from Japanese Zaif exchange

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Wipro Intruders Targeted Other Major IT Firms

Oracle critical patch advisory addresses 284 flaws, 33 critical

TA544 group behind a spike in Ursnif malware campaigns targeting Italy

Retailers increase cyber security spending, but attacks continue to rise

Akamai Report: Credential stuffing attacks are a growing threat

Fortinet warns of a spike in attacks against TBK DVR devices

Hundreds of C-level executives credentials available for $100 to $1500 per account

Russians Shut Down Huge Card Fraud Ring

Secret Service: Theft Rings Turn to Fuze Cards

Norton 360 Now Comes With a Cryptominer

Wawa Breach May Have Compromised More Than 30 Million Payment Cards

Breach at Cloud Solution Provider PCM Inc.

IRS Will Soon Require Selfies for Online Access

Dixons Carphone Data Breach discovered in June affected 10 Million customers

Americans lost $770 million from social media fraud in 2021, FTC reports

Who’s Behind the NetWire Remote Access Trojan?

Lotsy group targets Italian and Spanish-speaking users

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

DoppelPaymer, a fork of BitPaymer Ransomware, appeared in the threat landscape

Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months

Online market for counterfeit goods in Russia has reached $1,5 billion

Hackers stole card details from BriansClub carding site

Group-IB presents its annual report on global threats to stability in cyberspace

ATMitch: New Evidence Spotted In The Wild

FBI Warns of ‘Unlimited’ ATM Cashout Blitz

The Rise of “Bulletproof” Residential Networks

Market volume of illegal online sales of alcohol exceeded 30 million USD in 2018 in Russia

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

How data breaches are affecting the retail industry

Stay Connected