2018, Retail and Security - Information Management Today

Retail giant Target open sources Merry Maker e-skimmer detection tool

Security Affairs

FEBRUARY 4, 2022

Retail giant Target is going to open-source an internal tool, dubbed Merry Maker , designed to detect e-skimming attacks. Retail giant Target announced the release in open-source of an internal tool, dubbed Merry Maker , designed to detect e-skimming attacks. ” concludes Target. Pierluigi Paganini.

Retail

Retail Cybersecurity Security IT

Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer

Security Affairs

SEPTEMBER 19, 2018

Magecart hackers have stolen customers’ credit card data from the computer hardware and consumer electronics retailer Newegg. The Magecart cybercrime group is back, this time the hackers have stolen customers’ credit card data from the computer hardware and consumer electronics retailer Newegg. Pierluigi Paganini.

Retail

Retail Computer and Electronics Data breaches Security

Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks

Security Affairs

AUGUST 9, 2021

The Australian Cyber Security Centre (ACSC) warns of a surge of LockBit 2.0 The Australian Cyber Security Centre (ACSC) warns of an escalation in LockBit 2.0 Experts warn of active exploitation of the CVE-2018-13379 , a security bug heavily exploited by LockBit to breach networks. ransomware. in Australia since 2020.

Ransomware

Ransomware Security Retail Manufacturing

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Not So Fast: Retailer Shein Fined $1.9M for Breach Cover-Up

Data Breach Today

OCTOBER 14, 2022

million by the New York state attorney general for multiple failings tied to a massive 2018 data breach, including substandard password security as well as failing to alert users or force password resets in a timely manner.

Retail

Retail Passwords Data breaches Personal data

Not So Fast: Retailer Shein Fined $1.9M for Breach Coverup

Data Breach Today

OCTOBER 14, 2022

million by New York state's attorney general for multiple failings tied to a massive 2018 data breach, including substandard password security, as well as failing to alert users or force password resets in a timely manner.

Retail

Retail Passwords Data breaches Personal data

Bodybuilding.com forces password reset after a security breach

Security Affairs

APRIL 23, 2019

Bad news for fitness and bodybuilding passionates, the popular online retailer Bodybuilding.com announced that hackers have broken into its systems. The popular online retailer website Bodybuilding.com announced last week that hackers have broken into its systems. ” reads the announcement published on the website.

Passwords

Passwords Security Retail Personal data

Market volume of illegal online sales of alcohol exceeded 30 million USD in 2018 in Russia

Security Affairs

DECEMBER 27, 2018

Security firm Group-IB has estimated that the market volume of illegal online sales of alcohol in Russia exceeded 30 million USD in 2018, i.e. almost 5.8 Such schemes are used by both resellers who sell alcohol online bought from major retailers as well as fraudsters who sell counterfeit products. The intoxicating Internet.

Marketing

Marketing Sales Search queries Manufacturing

MyPillow and Amerisleep are the latest victims of Magecart gangs

Security Affairs

MARCH 20, 2019

Security experts at riskIQ revealed today that another two organizations were victims of Magecart crime gang, the bedding retailers MyPillow and Amerisleep. Security experts at RiskIQ announced that the two bedding retailers MyPillow and Amerisleep were victims of the Magecart cybercrime gang. Pierluigi Paganini.

Retail

Retail Security IT

Experts report a rampant growth in the number of malicious, lookalike domains

Security Affairs

NOVEMBER 18, 2019

Cyber security firm Venafi announced it has uncovered lookalike domains with valid TLS certificates that appear to target major retailers. is a private cybersecurity company that develops software to secure and protect cryptographic keys and digital certificates. retailers with over 49,500 typosquatted domains.

Retail

Retail Encryption Phishing Authentication

Former Microsoft worker sentenced to nine years in prison for stealing $10+ million

Security Affairs

NOVEMBER 11, 2020

Kvashuk is a Ukrainian citizen living in Renton, Washngton, was responsible for helping test Microsoft’s online retail sales platform. The man was involved in the testing of Microsoft’s online retail sales platform and abused testing access to steal “currency stored value” (CSV) such as digital gift cards. million in restitution.

Retail

Retail Sales Access IT

Russian TA505 threat actor target financial entities worldwide

Security Affairs

APRIL 18, 2019

Security experts at CyberInt uncovered a new campaign of a Russian financially motivated threat actor tracked as TA505. “CyberInt researchers have been tracking various activities following the spear-phishing campaign targeting large US-based retailers detected in December 2018.”

Retail

Retail Phishing Ransomware Access

Crooks claim to have stolen 20k customer records from Superdrug cosmetics retailer

Security Affairs

AUGUST 22, 2018

Hackers claim to have stolen the personal details of almost 20,000 Superdrug customers who shopped online at the cosmetics retailer. The British Superdrug is the last victim of a security breach, hackers claim to have stolen the personal details of almost 20,000 people who shopped online at the cosmetics retailer.

Retail

Retail Data breaches Passwords Access

Security Affairs newsletter Round 245

Security Affairs

DECEMBER 22, 2019

The best news of the week with Security Affairs. Online Retailer LightInTheBox exposes unsecured DB containing 1.3TB of web server logs. Negative opinion of Italy security committee Copasir on Huawei, ZTE 5G solutions. Watch out, hackers are targeting CVE-2018-0296 Cisco fixed in 2018. Pierluigi Paganini.

Security

Security Ransomware Passwords Data breaches

SHEIN Data breach affected 6.42 million users

Security Affairs

SEPTEMBER 25, 2018

Another fashion retailer suffered a data breach, the victim is SHEIN that announces the security breach affected 6.42 The retailer hired a forensic cybersecurity firm as well as an international law firm to investigate the security breach. Security Affairs – hacking, data breach ). million customers.

Data breaches

Data breaches Retail Passwords Cybersecurity

Security Affairs newsletter Round 181 – News of the week

Security Affairs

SEPTEMBER 23, 2018

The best news of the week with Security Affairs. Evolution of threat landscape for IoT devices – H1 2018. Adobe issued a critical out-of-band patch to address CVE-2018-12848 Acrobat flaw. Magecart cybercrime group stole customers credit cards from Newegg electronics retailer. Security Affairs – Newsletter ).

Security

Security Computer and Electronics Mining Data breaches

Australia banned Huawei from 5G network due to security concerns

Security Affairs

AUGUST 25, 2018

Chinese-owned telecommunications firm Huawei has been banned from Australia’s 5G network due to security concerns. Has safely & securely delivered wireless technology in Aust for close to 15 yrs. — Huawei Australia (@HuaweiOZ) August 22, 2018. Huawei Australia defined the decision disappointing.

Security

Security Military Manufacturing Retail

Fortinet warns of a spike in attacks against TBK DVR devices

Security Affairs

MAY 2, 2023

Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK DVR devices. The CVE-2018-9995 flaw is due to an error when handling a maliciously crafted HTTP cookie. At this time, the vendor has yet to release security patches to address the flaw.

Authentication

Authentication Retail Education Marketing

JD Sports discloses a data breach impacting 10 million customers

Security Affairs

JANUARY 30, 2023

Sports fashion retail JD Sports discloses a data breach that explosed data of about 10M customers who placed orders between 2018 and 2020. UK sports fashion chain JD Sports disclosed a data breach that exposed customer data from orders placed between November 2018 and October 2020. Millets, Blacks, Scotts and MilletSport.”

Data breaches

Data breaches e-Delivery Passwords Retail

Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison

Security Affairs

SEPTEMBER 22, 2018

The man pleaded guilty to the same Bondars’s charges in March 2018. Scan4you service allows its customers to develop malicious codes that were used to steal millions of payment cards from retail stores across the world, it has been estimated that overall losses account for $20.5 billion. . Pierluigi Paganini.

Retail

Retail IT Security

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

With this, they deceived the employees of phone stores to obtain duplicate SIM cards and, in this way, have access to the bank’s security confirmation messages. In this way they could operate in online banking and access bank accounts to empty them after receiving security confirmation messages from the banks.”

Passwords

Passwords Authentication Access Retail

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

The FBI reported that US citizens have lost more than $68 million to SIM swapping attacks in 2021, the number of complaints since 2018 and associated losses have increased almost fivefold. Set strict security protocols enabling employees to effectively verify customer credentials before changing their numbers to a new device.

Passwords

Passwords Authentication Retail Education

FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads

Security Affairs

SEPTEMBER 4, 2021

As a California-based provider of POS technology for the retail and hospitality sector, a successful infection would allow the group to obtain payment card data and later sell the information on online marketplaces.” “ The threat actors employed a variation of a JavaScript backdoor used by the FIN7 group since at least 2018. .

Retail

Retail Sales Phishing IT

A Chief Security Concern for Executive Teams

Krebs on Security

DECEMBER 18, 2018

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. banks) would have this role in their executive leadership team.

Security

Security Marketing Cybersecurity Data breaches

Hacker who reported a flaw in Hungarian Magyar Telekom faces up to 8-years in jail

Security Affairs

FEBRUARY 3, 2019

According to the local media, in April 2018 the hacker found a serious security vulnerability in the website of the telco company, he exploited the issue to penetrate the telecommunications network. The post Hacker who reported a flaw in Hungarian Magyar Telekom faces up to 8-years in jail appeared first on Security Affairs.

Retail

Retail Risk Access Security

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. “In November 2018, TA505 , a prolific actor that has been at the forefront of this trend, began distributing a new backdoor we named “ServHelper”.

IT

IT Financial Services Ransomware Retail

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. ” reads the report published by Crowdstrike. Pierluigi Paganini.

Access

Access Financial Services Retail Insurance

The Cost of Dealing With a Cybersecurity Attack in These 4 Industries

Security Affairs

AUGUST 21, 2019

In addition to the monetary costs associated with things like lost productivity and improving network security to reduce the likelihood of future incidents, affected companies have to deal with the costs tied to reduced customer trust and damaged reputations. People are becoming less tolerant of retailers that have widescale data breaches.

Cybersecurity

Cybersecurity Retail Manufacturing Data breaches

Jared, Kay Jewelers Parent Fixes Data Leak

Krebs on Security

DECEMBER 3, 2018

The parent firm of bling retailers Jared and Kay Jewelers has fixed a bug in the Web sites of both companies that exposed the order information for all of their online customers. Data exposures like these are some of the most common yet preventable for online retailers.

Retail

Retail Phishing Information Security IT

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain. ” reads the report published by Human Security. The only way to remove the threat is to wipe the smartphone and reinstall the OS.

e-Discovery

e-Discovery Retail Manufacturing Security

FIN11 gang started deploying ransomware to monetize its operations

Security Affairs

OCTOBER 18, 2020

“The group’s shifting monetization methods—from point-of-sale (POS) malware in 2018, to ransomware in 2019, and hybrid extortion in 2020—is part of a larger trend in which criminal actors have increasingly focused on post-compromise ransomware deployment and data theft extortion.” ” reads the analysis published by FireEye.

Ransomware

Ransomware IT Healthcare Phishing

SEC Charges Shopin Founder with fraud over unregistered $42M ICO

Security Affairs

DECEMBER 13, 2019

The US Securities and Exchange Commission (SEC) has charged the founder of Shopin , Eran Eyal, for allegedly running $42 million scam ICO. “Retail investors considering an investment in a digital asset that meets the definition of a security must be afforded the same truthful disclosures as in any traditional securities offering.”

Retail

Retail Blockchain Security IT

Security Affairs newsletter Round 177 – News of the week

Security Affairs

AUGUST 26, 2018

The best news of the week with Security Affairs. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . · Australia banned Huawei from 5G network due to security concerns. · The restaurant chain Cheddars Scratch Kitchen has suffered a payment card breach. Security Affairs – Newsletter ).

Security

Security Retail Data breaches Paper

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Security Affairs

OCTOBER 3, 2018

Government assesses that HIDDEN COBRA actors will continue to use FASTCash tactics to target retail payment systems vulnerable to remote exploitation.” In another incident in 2018, HIDDEN COBRA actors enabled cash to be simultaneously withdrawn from ATMs in 23 different countries.” ” states the report.

Retail

Retail Libraries Government Phishing

Researcher leaked a dataset of over 7,000,000 transactions scraped from the Venmo public API

Security Affairs

JUNE 18, 2019

In August 2016, security expert Martin Vigo devised a method to abuse an optional SMS-based feature that allowed users to authorize payments by replying to an SMS message with a provided 6-digit code. The post Researcher leaked a dataset of over 7,000,000 transactions scraped from the Venmo public API appeared first on Security Affairs.

Retail

Retail Privacy Access Security

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The flaw also affected the Financial Services Analytical Applications Infrastructure, the Fusion Middleware MapViewer, and four three Oracle Retail components. The post Oracle critical patch advisory addresses 284 flaws, 33 critical appeared first on Security Affairs. Pierluigi Paganini.

Financial Services

Financial Services Libraries Mining Retail

New Areas Ripe for Exploitation in 2018

Data Breach Today

JANUARY 9, 2018

Dave DeWalt, former CEO of McAfee and FireEye, identifies the next generation of cybersecurity threats in the latest edition of the ISMG Security Report. Also featured: an analysis of the recent news of the Meltdown and Spectre microprocessor flaws and the POS malware attack on retailer Forever 21.

Retail

Retail Cybersecurity Security

Hackers are sending receipts with anti-work messages to businesses’ printers

Security Affairs

DECEMBER 6, 2021

Imagine you are working your s**t retail job when this comes out of your register. In 2018, TheHackerGiraffe used the Printer Exploitation Toolkit (PRET) to hijack +50k vulnerable printers to Promote PewDiePie YouTube Channel. ” reported METRO. R/antiwork pic.twitter.com/N6SAJ9ogq5 — M?GEbit ARE YOU BEING UNDERPAID?

Retail

Retail Cybersecurity Security IT

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

Compared to its predecessors, the sixth “Hi-Tech Crime Trends” report is the first to contain chapters devoted to the main industries attacked and covers the period from H2 2018 to H1 2019, as compared to the period from H2 2017 to H1 2018. As for 2019, it has become the year of covert military operations in cyberspace.

IT

IT Military Cybersecurity Phishing

TicketClub Italy Database Offered in Dark Web

Security Affairs

JULY 21, 2021

May 2018 – Ticketfly , the indie-focused ticketing service that was purchased by Eventbrite, had also suffered a cyber attack. The post TicketClub Italy Database Offered in Dark Web appeared first on Security Affairs. Ticketfly was defaced by an attacker and was subsequently taken offline. Same year – Ticketmaster ’s U.K.

Data breaches

Data breaches Sales Retail Phishing

Retailers increase cyber security spending, but attacks continue to rise

IT Governance

APRIL 3, 2019

The UK’s biggest retailers are spending more than ever on cyber security but are continuing to see an alarming rise in cyber attacks and data breaches due to the ever-evolving threat landscape, a report has found. Are retailers investing wisely? What are the biggest threats? Where can you start?

Retail

Retail Security Data breaches Government

Akamai Report: Credential stuffing attacks are a growing threat

Security Affairs

SEPTEMBER 25, 2018

According to Akamai report titled “[state of the internet] / security CREDENTIAL STUFFING ATTACKS “ the credential stuffing attacks are a growing threat and often underestimated. Security Affairs – credential stuffing, hacking ). The experts detected 8.3 billion per month. Pierluigi Paganini.

Passwords

Passwords Data breaches Financial Services Retail

Wipro Intruders Targeted Other Major IT Firms

Krebs on Security

APRIL 18, 2019

According to records maintained by Farsight Security , that address is home to a number of other likely phishing domains: securemail.pcm.com.internal-message[.]app. microsoftonline-secure-login[.]com. microsoftonline-secure-login[.]com. microsoftonline-secure-login[.]com. microsoftonline-secure-login[.]com.

IT

IT Retail Phishing Access

DoppelPaymer, a fork of BitPaymer Ransomware, appeared in the threat landscape

Security Affairs

JULY 15, 2019

Cybercrime gang tracked as TA505 has been active since 2014 and focusing on Retail and Banking industries. Later versions did not include the above info, instead, the variant appeared in the threat landscape since July 2018 only included two emails to negotiate the ransom and to contact to receive the instructions for the payment.

Ransomware

Ransomware Encryption Agriculture Retail

Elon Musk BITCOIN Twitter scam, a simple and profitable fraud for crooks

Security Affairs

NOVEMBER 12, 2018

UK retailer Matalan, US publisher Pantheon Books, and official government Twitter accounts such as the Ministry of Transportation of Colombia and the National Disaster Management Authority of India.) iht Coign BSc (Hons) (@abztrdr) November 5, 2018. Security Affairs – Elon Musk scam, Bitcoin). tweet: [link].

Retail

Retail Government Security

Retail giant Target open sources Merry Maker e-skimmer detection tool

Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer

Webinars

Trending Sources

Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks

Webinars

Not So Fast: Retailer Shein Fined $1.9M for Breach Cover-Up

Not So Fast: Retailer Shein Fined $1.9M for Breach Coverup

Bodybuilding.com forces password reset after a security breach

Market volume of illegal online sales of alcohol exceeded 30 million USD in 2018 in Russia

MyPillow and Amerisleep are the latest victims of Magecart gangs

Experts report a rampant growth in the number of malicious, lookalike domains

Former Microsoft worker sentenced to nine years in prison for stealing $10+ million

Russian TA505 threat actor target financial entities worldwide

Crooks claim to have stolen 20k customer records from Superdrug cosmetics retailer

Security Affairs newsletter Round 245

SHEIN Data breach affected 6.42 million users

Security Affairs newsletter Round 181 – News of the week

Australia banned Huawei from 5G network due to security concerns

Fortinet warns of a spike in attacks against TBK DVR devices

JD Sports discloses a data breach impacting 10 million customers

Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads

A Chief Security Concern for Executive Teams

Hacker who reported a flaw in Hungarian Magyar Telekom faces up to 8-years in jail

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Iran-linked APT group Pioneer Kitten sells access to hacked networks

The Cost of Dealing With a Cybersecurity Attack in These 4 Industries

Jared, Kay Jewelers Parent Fixes Data Leak

Android devices shipped with backdoored firmware as part of the BADBOX network

FIN11 gang started deploying ransomware to monetize its operations

SEC Charges Shopin Founder with fraud over unregistered $42M ICO

Security Affairs newsletter Round 177 – News of the week

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Researcher leaked a dataset of over 7,000,000 transactions scraped from the Venmo public API

Oracle critical patch advisory addresses 284 flaws, 33 critical

New Areas Ripe for Exploitation in 2018

Hackers are sending receipts with anti-work messages to businesses’ printers

Group-IB presents its annual report on global threats to stability in cyberspace

TicketClub Italy Database Offered in Dark Web

Retailers increase cyber security spending, but attacks continue to rise

Akamai Report: Credential stuffing attacks are a growing threat

Wipro Intruders Targeted Other Major IT Firms

DoppelPaymer, a fork of BitPaymer Ransomware, appeared in the threat landscape

Elon Musk BITCOIN Twitter scam, a simple and profitable fraud for crooks

Stay Connected