2018 and Retail - Information Management Today

Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer

Security Affairs

SEPTEMBER 19, 2018

Magecart hackers have stolen customers’ credit card data from the computer hardware and consumer electronics retailer Newegg. The Magecart cybercrime group is back, this time the hackers have stolen customers’ credit card data from the computer hardware and consumer electronics retailer Newegg. Pierluigi Paganini.

Retail

Retail Computer and Electronics Data breaches Security

Retail giant Target open sources Merry Maker e-skimmer detection tool

Security Affairs

FEBRUARY 4, 2022

Retail giant Target is going to open-source an internal tool, dubbed Merry Maker , designed to detect e-skimming attacks. Retail giant Target announced the release in open-source of an internal tool, dubbed Merry Maker , designed to detect e-skimming attacks. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Retail

Retail Cybersecurity Security IT

Not So Fast: Retailer Shein Fined $1.9M for Breach Cover-Up

Data Breach Today

OCTOBER 14, 2022

million by the New York state attorney general for multiple failings tied to a massive 2018 data breach, including substandard password security as well as failing to alert users or force password resets in a timely manner.

Retail

Retail Passwords Data breaches Personal data

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Not So Fast: Retailer Shein Fined $1.9M for Breach Coverup

Data Breach Today

OCTOBER 14, 2022

million by New York state's attorney general for multiple failings tied to a massive 2018 data breach, including substandard password security, as well as failing to alert users or force password resets in a timely manner.

Retail

Retail Passwords Data breaches Personal data

Market volume of illegal online sales of alcohol exceeded 30 million USD in 2018 in Russia

Security Affairs

DECEMBER 27, 2018

Security firm Group-IB has estimated that the market volume of illegal online sales of alcohol in Russia exceeded 30 million USD in 2018, i.e. almost 5.8 Such schemes are used by both resellers who sell alcohol online bought from major retailers as well as fraudsters who sell counterfeit products. The intoxicating Internet.

Marketing

Marketing Sales Search queries Manufacturing

RansomEXX ransomware leaks files stolen from Italian luxury brand Zegna

Security Affairs

AUGUST 6, 2021

As of 2018, Ermenegildo Zegna operated 480 retail stores (267 of which company-owned) across the world. The revenge of the company was €1.159 billion as 2018. The RansomEXX gang has been active since 2018 under the name Defray, in June 2020 the group rebranded as RansomEXX.

Ransomware

Ransomware Archiving Retail Manufacturing

Crooks claim to have stolen 20k customer records from Superdrug cosmetics retailer

Security Affairs

AUGUST 22, 2018

Hackers claim to have stolen the personal details of almost 20,000 Superdrug customers who shopped online at the cosmetics retailer. The British Superdrug is the last victim of a security breach, hackers claim to have stolen the personal details of almost 20,000 people who shopped online at the cosmetics retailer. Pierluigi Paganini.

Retail

Retail Data breaches Passwords Access

Russian TA505 threat actor target financial entities worldwide

Security Affairs

APRIL 18, 2019

“CyberInt researchers have been tracking various activities following the spear-phishing campaign targeting large US-based retailers detected in December 2018.” In December 2018 also targeted large US retailers and organizations in the food and beverage industry with spear-phishing attacks.

Retail

Retail Phishing Ransomware Access

MyPillow and Amerisleep are the latest victims of Magecart gangs

Security Affairs

MARCH 20, 2019

Security experts at riskIQ revealed today that another two organizations were victims of Magecart crime gang, the bedding retailers MyPillow and Amerisleep. Security experts at RiskIQ announced that the two bedding retailers MyPillow and Amerisleep were victims of the Magecart cybercrime gang.

Retail

Retail Security IT

Experts report a rampant growth in the number of malicious, lookalike domains

Security Affairs

NOVEMBER 18, 2019

Cyber security firm Venafi announced it has uncovered lookalike domains with valid TLS certificates that appear to target major retailers. The number is doubled compared to last year, the study revealed that less than 19,890 certificates have been issued for legitimate retail domains. retailers with over 49,500 typosquatted domains.

Retail

Retail Encryption Phishing Authentication

Former Microsoft worker sentenced to nine years in prison for stealing $10+ million

Security Affairs

NOVEMBER 11, 2020

Kvashuk is a Ukrainian citizen living in Renton, Washngton, was responsible for helping test Microsoft’s online retail sales platform. The man was involved in the testing of Microsoft’s online retail sales platform and abused testing access to steal “currency stored value” (CSV) such as digital gift cards. million in restitution.

Retail

Retail Sales Access IT

JD Sports Details Data Breach Affecting 10 Million Customers

Data Breach Today

JANUARY 30, 2023

Exposed: Online Customer Details, But Not Complete Payment Card Data JD Sports, a sports fashion retailer with global operations, says personal details pertaining to about 10 million online customers of JD Sports and its Size?,

Data breaches

Data breaches Retail IT

SHEIN Data breach affected 6.42 million users

Security Affairs

SEPTEMBER 25, 2018

Another fashion retailer suffered a data breach, the victim is SHEIN that announces the security breach affected 6.42 The retailer hired a forensic cybersecurity firm as well as an international law firm to investigate the security breach. million customers. ” reads the data breach notification.

Data breaches

Data breaches Retail Passwords Cybersecurity

Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks

Security Affairs

AUGUST 9, 2021

Most of the attacks have been reported in July, the organizations hit by the ransomware gang operate in professional services, construction, manufacturing, retail, and food industries. Experts warn of active exploitation of the CVE-2018-13379 , a security bug heavily exploited by LockBit to breach networks. in Australia since 2020.

Ransomware

Ransomware Security Retail Manufacturing

4 Industries That Have to Fight the Hardest Against Cyberattacks

Security Affairs

DECEMBER 4, 2018

In November 2018, a ransomware attack forced two hospitals to send ambulances elsewhere and only accept walk-up patients to the emergency rooms. The retail industry is cyclical, so certain times of the year — including the holiday season or when kids go back to school — are particularly busy. happened at retail establishments.

Retail

Retail Cybersecurity Data breaches Risk

Four important questions that AI can help retailers answer

OpenText Information Management

FEBRUARY 13, 2018

In my previous blog, I looked at how quickly Artificial Intelligence (AI) is rapidly becoming a part of the retail experience. Industry analysts agree that 2018 will be the year that AI brings top and bottom line benefits to innovative companies. So, where can AI most help retailers?

Retail

Retail Artificial Intelligence Customer Experience Analytics

Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison

Security Affairs

SEPTEMBER 22, 2018

The man pleaded guilty to the same Bondars’s charges in March 2018. Scan4you service allows its customers to develop malicious codes that were used to steal millions of payment cards from retail stores across the world, it has been estimated that overall losses account for $20.5 billion. .

Retail

Retail IT Security

Card-Not-Present Fraud Growth: No End in Sight?

Data Breach Today

JANUARY 7, 2019

Card-not-present fraud will cost retailers worldwide $130 billion between 2018 and 2023, a new report from Juniper Research predicts. Steffen Sorrell, author of the study, explains the reasons behind this growth projection and describes what can be done to improve the fight against fraud.

Retail

Fortinet warns of a spike in attacks against TBK DVR devices

Security Affairs

MAY 2, 2023

Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK DVR devices. The CVE-2018-9995 flaw is due to an error when handling a maliciously crafted HTTP cookie. ” reads the advisory published by Fortinet. in MVPower CCTV DVR models.

Authentication

Authentication Retail Education Marketing

JD Sports discloses a data breach impacting 10 million customers

Security Affairs

JANUARY 30, 2023

Sports fashion retail JD Sports discloses a data breach that explosed data of about 10M customers who placed orders between 2018 and 2020. UK sports fashion chain JD Sports disclosed a data breach that exposed customer data from orders placed between November 2018 and October 2020. Millets, Blacks, Scotts and MilletSport.”

Data breaches

Data breaches e-Delivery Passwords Retail

FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads

Security Affairs

SEPTEMBER 4, 2021

As a California-based provider of POS technology for the retail and hospitality sector, a successful infection would allow the group to obtain payment card data and later sell the information on online marketplaces.” “ The threat actors employed a variation of a JavaScript backdoor used by the FIN7 group since at least 2018. .

Retail

Retail Sales Phishing IT

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

“In November 2018, TA505 , a prolific actor that has been at the forefront of this trend, began distributing a new backdoor we named “ServHelper”. ” The TA505 group was first spotted by Proofpoint back 2017, it has been active at least since 2015 and targets organizations in financial and retail industries. DOC , PUB, and.

IT

IT Financial Services Ransomware Retail

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

The FBI reported that US citizens have lost more than $68 million to SIM swapping attacks in 2021, the number of complaints since 2018 and associated losses have increased almost fivefold. Authenticate calls from third party authorized retailers requesting. Authenticate calls from third party authorized retailers requesting.

Passwords

Passwords Authentication Retail Education

CGI Client Global Insights: A look at top retail banking trends and priorities

CGI

MARCH 3, 2020

CGI Client Global Insights: A look at top retail banking trends and priorities. Many retail banks have invested in their “plumbing”- implementing digital technologies to deliver the products, services and experiences their customers demand - but many are still running their businesses just as they did before.

Retail

Retail Digital transformation Customer Experience GDPR

Bodybuilding.com forces password reset after a security breach

Security Affairs

APRIL 23, 2019

Bad news for fitness and bodybuilding passionates, the popular online retailer Bodybuilding.com announced that hackers have broken into its systems. The popular online retailer website Bodybuilding.com announced last week that hackers have broken into its systems.

Passwords

Passwords Security Retail Personal data

Jared, Kay Jewelers Parent Fixes Data Leak

Krebs on Security

DECEMBER 3, 2018

The parent firm of bling retailers Jared and Kay Jewelers has fixed a bug in the Web sites of both companies that exposed the order information for all of their online customers. Data exposures like these are some of the most common yet preventable for online retailers.

Retail

Retail Phishing Information Security IT

The Cost of Dealing With a Cybersecurity Attack in These 4 Industries

Security Affairs

AUGUST 21, 2019

As people have growing opportunities to shop online, the chances for hackers to carry out lucrative cyberattacks in the retail sector also go up. Statistics from 2016 showed that the average cost per compromised retail record was $172. People are becoming less tolerant of retailers that have widescale data breaches.

Cybersecurity

Cybersecurity Retail Manufacturing Data breaches

Hacker who reported a flaw in Hungarian Magyar Telekom faces up to 8-years in jail

Security Affairs

FEBRUARY 3, 2019

According to the local media, in April 2018 the hacker found a serious security vulnerability in the website of the telco company, he exploited the issue to penetrate the telecommunications network. Now the hacker is facing up to 8 years in prison. ” reported the Napi. hu website.

Retail

Retail Risk Access Security

New Areas Ripe for Exploitation in 2018

Data Breach Today

JANUARY 9, 2018

Also featured: an analysis of the recent news of the Meltdown and Spectre microprocessor flaws and the POS malware attack on retailer Forever 21. Dave DeWalt, former CEO of McAfee and FireEye, identifies the next generation of cybersecurity threats in the latest edition of the ISMG Security Report.

Retail

Retail Cybersecurity Security

FIN11 gang started deploying ransomware to monetize its operations

Security Affairs

OCTOBER 18, 2020

“The group’s shifting monetization methods—from point-of-sale (POS) malware in 2018, to ransomware in 2019, and hybrid extortion in 2020—is part of a larger trend in which criminal actors have increasingly focused on post-compromise ransomware deployment and data theft extortion.” ” reads the analysis published by FireEye.

Ransomware

Ransomware IT Healthcare Phishing

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

The FBI reported that US citizens have lost more than $68 million to SIM swapping attacks in 2021, the number of complaints since 2018 and associated losses have increased almost fivefold. Authenticate calls from third party authorized retailers requesting. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Passwords

Passwords Authentication Access Retail

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The flaw also affected the Financial Services Analytical Applications Infrastructure, the Fusion Middleware MapViewer, and four three Oracle Retail components. The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper.

Financial Services

Financial Services Libraries Mining Retail

Digital Transformation In Retail: The Retail Apocalypse

erwin

FEBRUARY 21, 2019

Much like the hospitality industry , digital transformation in retail has been a huge driver of change. One important fact is getting lost among all of the talk of “the retail apocalypse” and myriad stories about increasingly empty shopping malls: there’s a lot of money to be made in retail.

Digital transformation

Digital transformation Retail e-Delivery Customer Experience

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Security Affairs

OCTOBER 3, 2018

Government assesses that HIDDEN COBRA actors will continue to use FASTCash tactics to target retail payment systems vulnerable to remote exploitation.” In another incident in 2018, HIDDEN COBRA actors enabled cash to be simultaneously withdrawn from ATMs in 23 different countries.” ” states the report.

Retail

Retail Libraries Government Phishing

Researcher leaked a dataset of over 7,000,000 transactions scraped from the Venmo public API

Security Affairs

JUNE 18, 2019

Public data includes names, dates, pictures and messages sent, Hang Do Thi Duc was able to track a profile for some of them, such as two users identified with the monikers ‘The Cannabis Retailer’ and the ‘The cord dealer.’ He decided to publish the dataset to warn Venmo users of publicly availability of their data.

Retail

Retail Privacy Access Security

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

” PIONEER KITTEN hackers to date have focused their attacks against entities in North American and Israeli, while targeted sectors include technology, government, defense, healthcare, aviation, media, academic, engineering, consulting and professional services, chemical, manufacturing, financial services, insurance, and retail. .

Access

Access Financial Services Retail Insurance

SEC Charges Shopin Founder with fraud over unregistered $42M ICO

Security Affairs

DECEMBER 13, 2019

Eyal launched an Initial Coin Offerings (ICOs) to raise funding to create universal shopper profiles, maintained on the blockchain , that would track customer purchase histories across online retailers and recommend products based on the collected data. The problem is that SEC believes that Shopin never created a functional platform.

Retail

Retail Blockchain Security IT

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

Compared to its predecessors, the sixth “Hi-Tech Crime Trends” report is the first to contain chapters devoted to the main industries attacked and covers the period from H2 2018 to H1 2019, as compared to the period from H2 2017 to H1 2018. As for 2019, it has become the year of covert military operations in cyberspace. million to 43.8

IT

IT Military Cybersecurity Phishing

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Human Security identified a supply chain of a Chinese manufacturer that was compromised to backdoor the firmware of several products delivered to resellers, physical retail stores and e-commerce warehouses. Products containing the malicious backdoor have been found on public school networks throughout the United States.

e-Discovery

e-Discovery Retail Manufacturing Security

TicketClub Italy Database Offered in Dark Web

Security Affairs

JULY 21, 2021

May 2018 – Ticketfly , the indie-focused ticketing service that was purchased by Eventbrite, had also suffered a cyber attack. According to Saraj Pant, cyber threat intelligence analyst with Resecurity, Los-Angeles -based cybersecurity company, it is not the first time such resources have been attacked by cybercriminals. .

Data breaches

Data breaches Sales Retail Phishing

DoppelPaymer, a fork of BitPaymer Ransomware, appeared in the threat landscape

Security Affairs

JULY 15, 2019

Cybercrime gang tracked as TA505 has been active since 2014 and focusing on Retail and Banking industries. Later versions did not include the above info, instead, the variant appeared in the threat landscape since July 2018 only included two emails to negotiate the ransom and to contact to receive the instructions for the payment.

Ransomware

Ransomware Encryption Agriculture Retail

Hackers are sending receipts with anti-work messages to businesses’ printers

Security Affairs

DECEMBER 6, 2021

Imagine you are working your s**t retail job when this comes out of your register. In 2018, TheHackerGiraffe used the Printer Exploitation Toolkit (PRET) to hijack +50k vulnerable printers to Promote PewDiePie YouTube Channel. ” reported METRO. R/antiwork pic.twitter.com/N6SAJ9ogq5 — M?GEbit ARE YOU BEING UNDERPAID?

Retail

Retail Cybersecurity Security IT

Security Affairs newsletter Round 245

Security Affairs

DECEMBER 22, 2019

Online Retailer LightInTheBox exposes unsecured DB containing 1.3TB of web server logs. Watch out, hackers are targeting CVE-2018-0296 Cisco fixed in 2018. A study reveals the list of worst passwords of 2019. A WhatsApp bug could have allowed crashing of all group members. Unveiling JsOutProx: A New Enterprise Grade Implant.

Security

Security Ransomware Passwords Data breaches

Security Affairs newsletter Round 181 – News of the week

Security Affairs

SEPTEMBER 23, 2018

Evolution of threat landscape for IoT devices – H1 2018. Adobe issued a critical out-of-band patch to address CVE-2018-12848 Acrobat flaw. Magecart cybercrime group stole customers credit cards from Newegg electronics retailer. Flaw in Western Digital My Cloud exposes the content to hackers. Sustes Malware: CPU for Monero.

Computer and Electronics

Computer and Electronics Security Mining Data breaches

Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer

Retail giant Target open sources Merry Maker e-skimmer detection tool

Webinars

Trending Sources

Not So Fast: Retailer Shein Fined $1.9M for Breach Cover-Up

Webinars

Not So Fast: Retailer Shein Fined $1.9M for Breach Coverup

Market volume of illegal online sales of alcohol exceeded 30 million USD in 2018 in Russia

RansomEXX ransomware leaks files stolen from Italian luxury brand Zegna

Crooks claim to have stolen 20k customer records from Superdrug cosmetics retailer

Russian TA505 threat actor target financial entities worldwide

MyPillow and Amerisleep are the latest victims of Magecart gangs

Experts report a rampant growth in the number of malicious, lookalike domains

Former Microsoft worker sentenced to nine years in prison for stealing $10+ million

JD Sports Details Data Breach Affecting 10 Million Customers

SHEIN Data breach affected 6.42 million users

Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks

4 Industries That Have to Fight the Hardest Against Cyberattacks

Four important questions that AI can help retailers answer

Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison

Card-Not-Present Fraud Growth: No End in Sight?

Fortinet warns of a spike in attacks against TBK DVR devices

JD Sports discloses a data breach impacting 10 million customers

FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

CGI Client Global Insights: A look at top retail banking trends and priorities

Bodybuilding.com forces password reset after a security breach

Jared, Kay Jewelers Parent Fixes Data Leak

The Cost of Dealing With a Cybersecurity Attack in These 4 Industries

Hacker who reported a flaw in Hungarian Magyar Telekom faces up to 8-years in jail

New Areas Ripe for Exploitation in 2018

FIN11 gang started deploying ransomware to monetize its operations

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Oracle critical patch advisory addresses 284 flaws, 33 critical

Digital Transformation In Retail: The Retail Apocalypse

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Researcher leaked a dataset of over 7,000,000 transactions scraped from the Venmo public API

Iran-linked APT group Pioneer Kitten sells access to hacked networks

SEC Charges Shopin Founder with fraud over unregistered $42M ICO

Group-IB presents its annual report on global threats to stability in cyberspace

Android devices shipped with backdoored firmware as part of the BADBOX network

TicketClub Italy Database Offered in Dark Web

DoppelPaymer, a fork of BitPaymer Ransomware, appeared in the threat landscape

Hackers are sending receipts with anti-work messages to businesses’ printers

Security Affairs newsletter Round 245

Security Affairs newsletter Round 181 – News of the week

Stay Connected