Retail

Retail

Automated Magecart campaign infects 962 online stores

A July 4 Magecart card-skimming attack successfully infiltrated 962 online stores in what researchers are calling the largest 24-hour automated Magecart campaign to date. Researchers from Sanguine Security Labs who detected the attack reported it via Twitter, and uploaded the JavaScript-based skimmer code to GitHub. Sanguine Security researcher Willem de Groot told BleepingComputer that the campaign…

Inconvenience stores: Thieves steal $500K from users of 7-Eleven Japan’s new payment app

Convenience chain 7-Eleven Japan has suspended a brand new mobile cashless payment service after an authorized third party accessed approximately 900 user accounts and made fraudulent charges totally 55 million yen, or roughly $500,000 dollars. The service, 7pay, reportedly had only been launched three days earlier, and allows participating customers to automatically charge purchased goods…

POS malware swipes payment info from Checkers and Rally’s restaurants

Just over 100 Checkers and Rally’s fast food joints and their customers were victimized by a long-running point-of-sale malware campaign that stole payment card information from purchases taking place as far back as December 2015, Checkers Drive-In Restaurants announced in an online breach notification yesterday. The Tampa, Florida-based drive-thru chain said that approximately 15 percent…

Magecart POS skimmer adds iframe injection technique

A new online POS skimmer used by one of the Magecart groups has been spotted injecting an iframe into retailer websites that asks for payment card information. Malwarebytes came across the new technique being used on a Magento powered e-commerce platform. Unlike other skimming methods, which search for the active payment form on the page…

Hackers access, steal info from 460K Uniqlo Japan online accounts

Hackers stole data, including partial credit card numbers, on 460,000 Uniqlo Japan online customers in an incident that took place between April 23 and May 10. “We deeply apologize to our customers and pledge to prevent this from happening again,” according to a statement from Fast Retailing Co., the parent of Uniqlo and GU Japan, which…

Magecart hackers force turnover, steal data from Atlanta Hawks’ online shop

Cybercriminals using Magecart card-skimming code attacked the online store of the NBA’s Atlanta Hawks, stealing customers names, addresses and payment card numbers. The Sanguine Labs team at Sanguine Security identified the offending code on the store’s checkout page on Saturday April 20, according to a post on the security company’s website. But research from RiskIQ…

Unauthorized party muscles its way into Bodybuilding.com’s systems

Fitness retailer Bodybuilding.com last Friday disclosed that an unauthorized party used a phishing scam to gain access to systems containing its customer data. According to an FAQ page posted on its website, the Boise, Idaho-based retailer discovered the breach incident in February 2019, roughly seven months after the phishing email was received in July 2018.…

Chipotle

Chipotle customers stewing over payment card hack

Chipotle is receiving some negative customer reviews, but not over its food. Instead, some customers are saying on Twitter and Reddit that their payment card information has been hacked and is being used to make fraudulent purchases at the Mexican food chain. Chipotle denies a breach has taken place, although company officials did admit to…

Despite arrests, FIN7 launched 2018 attack campaigns featuring new malware

Even after several alleged members were arrested last year, FIN7 continues to show signs of life, as evidenced by the recent discovery of an administration panel tool called “Astra” and two new malware samples used in campaigns by the cybercriminal group in 2018. Researchers from Flashpoint who uncovered the threat observed Astra-related activity from May…

Researchers catch whiff of previously unknown POS sniffers and scrapers

Researchers in the last 48 hours have released a trio of reports, each of which details a newly discovered point-of-sale (POS) malware program that skims or scrapes payment card information from e-commerce websites or in-store checkout terminals. At least two of these three new threats, GMO and DMSniff, have already been observed actively attacking enterprises,…

Next post in Security News