Retail

Retail

Despite arrests, FIN7 launched 2018 attack campaigns featuring new malware

By

Even after several alleged members were arrested last year, FIN7 continues to show signs of life, as evidenced by the recent discovery of an administration panel tool called “Astra” and two new malware samples used in campaigns by the cybercriminal group in 2018. Researchers from Flashpoint who uncovered the threat observed Astra-related activity from May…

Researchers catch whiff of previously unknown POS sniffers and scrapers

By

Researchers in the last 48 hours have released a trio of reports, each of which details a newly discovered point-of-sale (POS) malware program that skims or scrapes payment card information from e-commerce websites or in-store checkout terminals. At least two of these three new threats, GMO and DMSniff, have already been observed actively attacking enterprises,…

Fin6 using FrameworkPOS scraping malware in POS attacks

By

The threat group Fin6 has been connected to a string of point-of-sale attacks against VMWare Horizon thin clients. The security firm Morphisec Labs reported the attacks have been taking place for eight to 10 weeks with a particular spike on Feb. 6 that saw numerous attempted downloads of the Cobalt Strike backdoor. Morphisec has tentatively connected…

Credential stuffing attack focuses on glasses retailer Warby Parker

By

Warby Parker on Thursday disclosed that roughly 198,000 of its customers may have been affected by a credential stuffing attack targeting the eyeglass retail chain. According to a company press release, an unknown cybercriminal actor has been attempting to access Warby Parker customer accounts by leveraging usernames and passwords that were previously stolen from other…

OnlineClothesShopping

Holiday cyber scams abound warns FBI

At the busiest online shopping time of the year, cybercriminals are becoming increasingly aggressive and creative in their ways to fool consumers out of their money as they busily, and perhaps a bit naively, go about buying holiday gifts online. The array of current scams include fraudulent auction sales, reshipping merchandise purchased with a stolen…

$30 RAT, WinSpy, involved in two phishing campaigns

Dozens of companies impersonated in evolving ‘Three Questions Quiz’ scam

By

There’s no question about it: the “Three Questions Quiz” is a scam, regardless of which legitimate brand it’s attempting to imitate. Indeed, a new blog post from Akamai Technologies identifies 78 unique brands impersonated over the past year by this well-established online phishing scheme, in which victims are tricked into giving away personal information to…

Proposed law would outlaw ‘Grinch bots’ that snatch up toys for resale

By

Far beyond Whoville, in the U.S., our nation,The House and the Senate introduced legislation.The bill makes illegal the use of “Grinch bots”To buy up all the toys, disappointing young tots. Okay, enough with the Suessing… On Nov. 16, House Rep. Paul Tonko D, N.Y., submitted H. R. 7160, aka the “Stopping Grinch Bots Act of 2018.”…

Amazon Logo

Amazon website glitch exposes customer data

By

Amazon customer service reportedly sent an unknown number of customers an email today, warning that a technical error on its website had exposed their data. Details on incident are scant, as Amazon’s disclosure was rather vague in details, according to several outlets that covered the development. “Hello, We’re contacting you to let you know that…

The many faces of Magecart: Report profiles groups behind card-skimming threat

By

Magecart, the e-commerce payment card-skimming threat that has recently victimized Ticketmaster, British Airways, Newegg and other notable companies, is primarily comprised of six major active cybercriminal groups, according to a new joint research report. All of these groups use a version the same skimmer toolset, but they rely on different strategies and in some cases have…

Next post in Cybercrime